Microsoft Security Bulletins For April 2014 overview

Martin Brinkmann
Apr 8, 2014
Updated • Apr 8, 2014
Microsoft, Windows Updates
|
5

Welcome to this month's Security Bulletins summary. The guide provides you with all information about this month's security updates for client and server Windows operating systems.

This month is special for two reasons. It is the last patch day for Windows XP, which Microsoft will stop supporting with public updates after today.

Microsoft makes available a feature update for Windows 8.1 which improves the operating system's mouse and keyboard usability. We have covered it before, check it out if you are interested in this one.

A total of four bulletins are released this month. Two have received the highest vulnerability rating of critical, while the other two a rating of important, the second highest rating.

Software affected by the updates include Microsoft Windows, Internet Explorer and Microsoft Office.

You find a summary of all important information about the security bulletins released by Microsoft this week.

Executive Summary

  • Four bulletins are released by Microsoft this month that address 11 vulnerabilities across all products.
  • The products affected by these vulnerabilities are Microsoft Windows, Internet Explorer and Microsoft Office.
  • Two bulletins are rated critical, the other two important.
  • Top deployment priority are the two critical bulletins MS14-017 and MS14-018.

Video Summary

Operating System Distribution

All client-based Windows operating systems share the same bulletin vulnerability distribution. Each system is affected by one critical and one important bulletin.

Considering that this is the last public patch day for Windows XP, we will remove the operating system from next month on.

The server-based Windows systems share the same vulnerability profile as well. Each system is affected by one important and one moderate bulletin.

  • Windows XP:  1 critical, 1 important
  • Windows Vista: 1 critical, 1 important
  • Windows 7:   1 critical, 1 important
  • Windows 8:  1 critical, 1 important
  • Windows 8.1: 1 critical, 1 important
  • Windows RT: 1 critical, 1 important
  • Windows RT 8.1:  1 critical, 1 important
  • Windows Server 2003: 1 important, 1 moderate
  • Windows Server 2008: 1 important, 1 moderate
  • Windows Server 2008 R2: 1 important, 1 moderate
  • Windows Server 2012: 1 important, 1 moderate
  • Windows Server 2012 R2: 1 important, 1 moderate

Other Microsoft Product Distribution

Two bulletins affect Microsoft Office software. Most products, with the exception of Office 2003 and Office 2007, are affected by one critical bulletin. The two mentioned programs are affected by one important bulletin in addition.

  • Microsoft Office 2003: 1 critical, 1 important
  • Microsoft Office 2007: 1 critical, 1 important
  • Microsoft Office 2010: 1 critical
  • Microsoft Office 2013: 1 critical
  • Microsoft Office for Mac: 1 critical
  • Other Office software: 1 critical
  • Microsoft SharePoint Server 2010: 1 critical
  • Microsoft SharePoint Server 2013: 1 critical
  • Microsoft Office Web Apps 2010: 1 critical
  • Microsoft Office Web Apps 2013: 1 critical

Deployment Guide

Microsoft releases a deployment priority each month to act as a guide for system and network administrators. The suggestion uses information such as a bulletins severity, exploits that already target it, and product to determine the bulletins that should be deployed with priority.

deployment priority april 2014 windows update

  • Tier 1 updates: Ms14-017 Word Critical and MS14-018 Internet Explorer Critical.
  • Tier 2 updates: MS14-020 Publisher Important.
  • Tier 3 updates: Ms14-019 File Handling Important.

Security Bulletins

  • MS14-017 - Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2949660) - Critical - Remote Code Execution
  • MS14-018 - Cumulative Security Update for Internet Explorer (2950467) - Critical - Remote Code Execution
  • MS14-019 - Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2922229) - Important - Remote Code Execution
  • MS14-020 - Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (2950145) - Important - Remote Code Execution

Non-security related updates

  • Update for Windows 7 and Windows Server 2008 R2 (KB2800095)
  • Update for Windows 7 and Windows Server 2008 R2 (KB2908783)
  • Update Rollup for Microsoft Windows MultiPoint Server 2011 (KB2927581)
  • Rules Update for RRAS Best Practice Analyzer for Windows Server 2012 R2 (KB2928193)
  • Update for Windows 7 and Windows Server 2008 R2 (KB2928562)
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2933809)
  • Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2933810)
  • Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2933811)
  • Update for Windows 8, Windows RT, and Windows Server 2012 (KB2934016)
  • Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2936897)
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2939087)
  • Dynamic Update for Windows 8.1 and Windows Server 2012 R2 (KB2953600)
  • Windows Malicious Software Removal Tool - April 2014 (KB890830)/Windows Malicious Software Removal Tool - April 2014 (KB890830) - Internet Explorer Version
  • Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2890139)
  • Update for Windows 8.1 and Windows RT 8.1 (KB2895219)
  • Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2895233)
  • Update for Windows 8.1 (KB2895586)
  • Update for Windows 8.1 (KB2895592)
  • Update for Windows 8.1 (KB2895614)
  • Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2897942)
  • Update for Windows RT 8.1 (KB2903601)
  • Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2913253)
  • Update for Windows 8, Windows RT, and Windows Server 2012 (KB2928678)
  • Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2930294)
  • Dynamic Update for Windows 8 and Windows Server 2012 (KB2939103)

How to download and install the April 2014 security updates

windows updates april 2014

The updates are as usual available via Windows Update. This is usually the way they are deployed on most home systems as Windows Update is configured to automatically download and install security updates.

The updates are available already. You may want to check for updates manually as it may take a while before Windows checks for updates again.

To do so, press the Windows-key and enter "windows updates" and select that option to run a manual update check.

You can download all updates from Microsoft's Download Center as well. The company will release a security ISO containing this month's patches as well which you can download. It takes some time before it gets released though.

If you need more information, check out our Windows Update guide which covers everything there is to know about updating Windows.

Additional information

Summary
Article Name
Microsoft Security Bulletins For April 2014 overview
Description
A summary of April's security patches released by Microsoft for Windows, Office and other company products.
Author
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Some Dude said on March 19, 2023 at 11:42 am
    Reply

    Are these articles AI generated?

    Now the duplicates are more obvious.

    1. boris said on March 19, 2023 at 11:48 pm
      Reply

      This is below AI generated crap. It is copy of Microsoft Help website article without any relevant supporting text. Anyway you can find this information on many pages.

  2. Paul(us) said on March 20, 2023 at 1:32 am
    Reply

    Yes, but why post the exact same article under a different title twice on the same day (19 march 2023), by two different writers?
    1.) Excel Keyboard Shortcuts by Trevor Monteiro.
    2.) 70+ Excel Keyboard Shortcuts for Windows by Priyanka Monteiro

    Why oh why?

    1. Clairvaux said on September 6, 2023 at 11:30 am
      Reply

      Yeah. Tell me more about “Priyanka Monteiro”. I’m dying to know. Indian-Portuguese bot ?

  3. John G. said on August 18, 2023 at 4:36 pm
    Reply

    Probably they will announce that the taskbar will be placed at top, right or left, at your will.

    Special event by they is a special crap for us.

  4. yanta said on August 18, 2023 at 11:59 pm
    Reply

    If it’s Microsoft, don’t buy it.
    Better brands at better prices elsewhere.

  5. John G. said on August 20, 2023 at 4:22 am
    Reply

    All new articles have zero count comments. :S

  6. Anonymous said on September 5, 2023 at 7:48 am
    Reply

    WTF? So, If I add one photo to 5 albums, will it count 5x on my storage?
    It does not make any sense… on google photos, we can add photo to multiple albums, and it does not generate any additional space usage

    I have O365 until end of this year, mostly for onedrive and probably will jump into google one

  7. St Albans Digital Printing Inc said on September 5, 2023 at 11:53 am
    Reply

    Photo storage must be kept free because customers chose gadgets just for photos and photos only.

  8. Anonymous said on September 5, 2023 at 12:47 pm
    Reply

    What a nonsense. Does it mean that albums are de facto folders with copies of our pictures?

    1. GG said on September 6, 2023 at 8:24 am
      Reply

      Sounds exactly like the poor coding Microsoft is known for in non-critical areas i.e. non Windows Core/Office Core.

      I imagine a manager gave an employee the task to create the album feature with hardly any time so they just copied the folder feature with some cosmetic changes.

      And now that they discovered what poor management results in do they go back and do the album feature properly?

      Nope, just charge the customer twice.

      Sounds like a go-getter that needs to be promoted for increasing sales and managing underlings “efficiently”, said the next layer of middle management.

  9. d3x said on September 5, 2023 at 7:33 pm
    Reply

    When will those comments get fixed? Was every editor here replaced by AI and no one even works on this site?

  10. Scroogled said on September 5, 2023 at 10:47 pm
    Reply

    Instead of a software company, Microsoft is now a fraud company.

  11. ard said on September 7, 2023 at 4:59 pm
    Reply

    For me this is proof that Microsoft has a back-door option into all accounts in their cloud.
    quote “…… as the MSA key allowed the hacker group access to virtually any cloud account at Microsoft…..”
    unquote

    so this MSA key which is available to MS officers can give access to all accounts in MS cloud.This is the backdoor that MS has into the cloud accounts. Lucky I never got any relevant files of mine in their (MS) cloud.

  12. Andy Prough said on September 7, 2023 at 6:52 pm
    Reply

    >”Now You: what is your theory?”

    That someone handed an employee a briefcase full of cash and the employee allowed them access to all their accounts and systems.

    Anything that requires 5-10 different coincidences to happen is highly unlikely. Occam’s razor.

  13. TelV said on September 8, 2023 at 12:04 pm
    Reply

    Good reason to never login to your precious machine with a Microsoft a/c a.k.a. as the cloud.

  14. Anonymous said on September 18, 2023 at 1:23 pm
    Reply

    The GAFAM are always very careless about our software automatically sending to them telemetry and crash dumps in our backs. It’s a reminder not to send them anything when it’s possible to opt out, and not to opt in, considering what they may contain. And there is irony in this carelessness biting them back, even if in that case they show that they are much more cautious when it’s their own data that is at stake.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.