Welcome to this month's overview of security bulletins and updates for Microsoft Windows, Office, and other Microsoft products.
This is the first month after end of support for the popular Windows XP operating system. Microsoft did release a patch for Windows XP after end of support to address a security issue in Internet Explorer, but made it clear that this was an exemption rather than something that XP users should get used to.
The company will reveal a total of eight security bulletins this month addressing vulnerabilities in Microsoft Windows, Office, Internet Explorer, Microsoft Server Software, Productivity Software and the Microsoft's Net Framework.
Two of the bulletins have received the highest severity rating of critical, while the remaining six one of important.
Below you find all relevant information about those updates and additional updates that Microsoft released since April's Patch Day.
Executive Summary
Video Summary
Not yet released.
Operating System Distribution
All desktop-based Windows operating systems are affected by the same vulnerabilities. All are affected by one critical and three important bulletins.
The exception here is Windows RT which is only affected by one critical and two important bulletins.
On the server side of things, we see a similar picture. All server-based operating systems with the exception of Windows Server 2003 are affected by five bulletins of which four are rated important. Windows Server 2003 is only affected by three bulletins of which two have received the important rating.
Add one additional critical bulletin to all desktop operating systems and one additional moderate bulletin to all server operating systems for the out of band MS14-021 release.
Other Microsoft Product Distribution
Two bulletins affect all Office products, and all are affected by two bulletins rated important. The same is true for all affected SharePoint Server and Office Web Apps products, only that they are affected by one critical bulletin each.
Deployment Guide
Microsoft publishes an official deployment guide each month that suggests a deployment priority for all bulletins it released in that month.
It is by no means mandatory to follow the guide, but since bulletin severity levels, known exploits and attacks, are taken into account, it is usually the way to go as the most severe issues will get patched as soon as possible.
Not yet released. Microsoft recommends to concentrate on MS14-024, MS14-025 and MS14-029 first.
Security Bulletins
The following bulletins have been released in May 2014. Use the links to open the bulletins on Microsoft's website.
Security related updates
Microsoft has released security updates to existing bulletins or products as well. You find those listed in this section.
Security Advisories
Microsoft has released the following security advisories.
Non-security related updates
This list highlights non-security related updates for various Microsoft products.
Update for Windows Server 2008 R2 x64 Edition (KB2852386)
Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2920540)
Update for Windows 8.1 (KB2932074)
Update for Windows 8.1 and Windows 7 (KB2932354)
Update for Windows Server 2008 R2 (KB2934950)
Update for Windows Server 2008 R2 (KB2934953)
Update for Windows Server 2012 Essentials (KB2934957)
Update for Windows 8 and Windows RT (KB2938459)
Update for Windows 8.1, Windows RT 8.1, Windows 8, and Windows RT (KB2939153)
Update for Windows 8.1 and Windows Server 2012 R2 (KB2950153)
Update for .NET Native on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2954879)
Update for Windows 8, Windows RT, and Windows Server 2012 (KB2955163)
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2955164)
Update for Windows 8, Windows RT, and Windows Server 2012 (KB2956037)
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2956575)
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2958262)
Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2958263)
Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2958265)
Update for Windows 8.1 and Windows Server 2012 R2 (KB2965065)
Windows Malicious Software Removal Tool - May 2014 (KB890830)/Windows Malicious Software Removal Tool - May 2014 (KB890830) - Internet Explorer Version
System Update Readiness Tool for Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista (KB947821) [May 2014]
Update for Windows 8 (KB2802618)
Internet Explorer 11 for Windows 7 and Windows Server 2008 R2 (KB2841134)
Update for Windows 8, Windows RT, and Windows Server 2012 (KB2934016)
Update for Windows 8 and Windows RT (KB2957026)
Update for Windows 7 (KB2952664)
Internet Explorer 11 for Windows 7 and Windows Server 2008 R2 (KB2841134)
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2959977)
Update for Windows 7 (KB2952664)
Update for Windows 8 and Windows RT (KB2957026)
Update for Windows Server 2012 R2 (KB2919394)
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2928680)
How to download and install the May 2014 security updates
You do not need to do anything if you have configured your Windows system to update automatically. If you have not changed update related settings, that is how this month's updates will be delivered to the PC system.
It is recommended that you check for updates manually to reduce the time it takes for the system to pick up the updates. To do so, tap on the Windows-key, enter Windows Update, and select the entry from the results. Here you need to click on the check for updates option to run a manual scan for updates.
Alternatives include downloading all security patches from Microsoft's Download Center either individually or as monthly security ISO images. Check out this page linking to all previously released security ISO images.
Check out our in-depth Windows update guide that explains everything in detail.
Additional information
Please click on the following link to open the newsletter signup page: Ghacks Newsletter Sign up
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.
Thanks.
Dear Microsoft
Please can you release the Knowledge Base articles the same time you release the updates so people don’t just get the “Oops! The page you are looking for may have a new location, or is no longer available.” error message.
Sincerely
EVERYONE!
I’m using an XP laptop and just received an automatic update offer for the MS Malicious Software Removal Tool! I have always refused to install this tool because the privacy policy is akin to the NSA’s. Maybe that’s why Microsoft offered this update, and not the others. Or they believe people on XP don’t have third-party security software installed? Anyway, support for XP is not ended. Or something.
The Malicious Software Removal Tool (MSRT) will be updated and available monthly for XP users until June 2015 (the same date as Microsoft Security Essentials definitions updates for XP).
As far as I know, that tool only reports to Microsoft if an infection is found, and you can disable that with a registry setting.
Microsoft just offered Security Update CAPICOM (KB931906) on my XP. So they ARE still offering XP updates. This update may be related to MS Security Essentials, not sure. I don’t have Security Essentials installed on my computer. I haven’t been able to find out very much about this update, but I’ll install it since it sounds like a very serious threat could occur. I don’t know why Microsoft would offer this update to computers that don’t have Security Essentials installed, if this update is for it.
The Malicious Software Removal Tool’s agreement says something about Microsoft being able to watch your computer anytime after the tool is run without your knowledge. See it in the license agreement that maybe no one really reads.
Well according to this page, it has been released in 2007: https://www.microsoft.com/en-us/download/details.aspx?id=3207
Yes, and also it’s for Service Pack 2. I have SP3. Crazy – 2007?!