Microsoft’s June 2014 Patch Tuesday Fixes Record Number Of Internet Explorer Vulnerabilities

Microsoft’s Patch Tuesday is here for this month. In this month Microsoft is fixing 66 vulnerabilities. These vulnerabilities affects Windows, Office, and Internet Explorer.

This month, vulnerabilities in Internet Explorer is making the headlines. Microsoft Patch Tuesday fixes 59 security issues in Internet Explorer using a single Cumulative Update out of the total 66 security issues it is fixing this month. 

Microsoft has rated two updates as critical. One of them is the Cumulative Update for Internet Explorer (MS14-035) and the other one is an update for Microsoft Windows and Microsoft Office (MS14-036).

Details of June 2014 Patch Tuesday

MS14-035: Cumulative Security Update for Internet Explorer (Critical). Requires Restart.

MS14-035 resolves two vulnerabilities disclosed publicly. The other fifty-seven vulnerabilities were disclosed privately.

According to Microsoft, “The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.”

MS14-036: Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (Critical) for Microsoft Windows, Microsoft Office, and Microsoft Lync. Requires Restart.

MS14-036 fixes two privately reported vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Lync.

Microsoft says, “the vulnerabilities could allow remote code execution if a user opens a specially crafted file or webpage. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”

MS14-034: Vulnerability in Microsoft Word Could Allow Remote Code Execution (Important) for Microsoft Office. May need a restart.

“The vulnerability could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Word. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.”

MS14-033: Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (Important) for Microsoft Windows. May need a restart.

“The vulnerability could allow information disclosure if a logged on user visits a specially crafted website that is designed to invoke Microsoft XML Core Services (MSXML) through Internet Explorer. In all cases, however, an attacker would have no way to force users to visit such websites. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or in an Instant Messenger request that takes users to the attacker’s website.”

MS14-032: Vulnerability in Microsoft Lync Server Could Allow Information Disclosure (Important) for Microsoft Lync Server. May need a restart.

“The vulnerability could allow information disclosure if a user tries to join a Lync meeting by clicking a specially crafted meeting URL.”

MS14-031: Vulnerability in TCP Protocol Could Allow Denial of Service (Important) for Microsoft Windows. Requires Restart.

“The vulnerability could allow denial of service if an attacker sends a sequence of specially crafted packets to the target system.”

MS14-030: Vulnerability in Remote Desktop Could Allow Tampering (Important) for Microsoft Windows. May require restart.

“The vulnerability could allow tampering if an attacker gains access to the same network segment as the targeted system during an active Remote Desktop Protocol (RDP) session, and then sends specially crafted RDP packets to the targeted system. By default, RDP is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.”

Download Microsoft Patch Tuesday June 2014 Updates

As you can see, this month’s Patch Tuesday is important. If you have any of the affected software installed, you should install today’s security updates as soon as possible.

As usual, Microsoft will issue the updates via Windows Update. Microsoft will release an ISO image for system administrators. This ISO image will have all the patches released today. It will help the system administrators manually deploy the security fixes.

Source: Microsoft Security TechCenter, Microsoft Security Response Center