Microsoft Security Bulletins For May 2014 overview

Martin Brinkmann
May 13, 2014
Updated • Jul 8, 2014
Microsoft, Windows Updates
|
7

Welcome to this month's overview of security bulletins and updates for Microsoft Windows, Office, and other Microsoft products.

This is the first month after end of support for the popular Windows XP operating system. Microsoft did release a patch for Windows XP after end of support to address a security issue in Internet Explorer, but made it clear that this was an exemption rather than something that XP users should get used to.

The company will reveal a total of eight security bulletins this month addressing vulnerabilities in Microsoft Windows, Office, Internet Explorer, Microsoft Server Software, Productivity Software and the Microsoft's Net Framework.

Two of the bulletins have received the highest severity rating of critical, while the remaining six one of important.

Below you find all relevant information about those updates and additional updates that Microsoft released since April's Patch Day.

Executive Summary

  • A total of eight security bulletins are released that address 13 vulnerabilities across all products.
  • Affected products include the Windows operating system, Office and server software.
  • Two bulletins have received the highest severity rating of critical.
  • The top deployment priorities are MS14-024, MS14-025 and MS14-029.

Video Summary

Not yet released.

Operating System Distribution

All desktop-based Windows operating systems are affected by the same vulnerabilities. All are affected by one critical and three important bulletins.

The exception here is Windows RT which is only affected by one critical and two important bulletins.

On the server side of things, we see a similar picture. All server-based operating systems with the exception of Windows Server 2003 are affected by five bulletins of which four are rated important. Windows Server 2003 is only affected by three bulletins of which two have received the important rating.

Add one additional critical bulletin to all desktop operating systems and one additional moderate bulletin to all server operating systems for the out of band MS14-021 release.

  • Windows Vista: 1 critical, 3 important
  • Windows 7:   1 critical, 3 important
  • Windows 8:  1 critical, 3 important
  • Windows 8.1: 1 critical, 3 important
  • Windows RT: 1 critical, 2 important
  • Windows RT 8.1:  1 critical, 2 important
  • Windows Server 2003: 2 important, 1 moderate
  • Windows Server 2008: 4 important, 1 moderate
  • Windows Server 2008 R2: 4 important, 1 moderate
  • Windows Server 2012: 4 important, 1 moderate
  • Windows Server 2012 R2: 4 important, 1 moderate
  • Server Core installation: 3 important

Other Microsoft Product Distribution

Two bulletins affect all Office products, and all are affected by two bulletins rated important. The same is true for all affected SharePoint Server and Office Web Apps products, only that they are affected by one critical bulletin each.

  • Microsoft Office 2007: 2 important
  • Microsoft Office 2010: 2 important
  • Microsoft Office 2013: 2 important
  • Microsoft Office 2013 RT: 2 important
  • Microsoft SharePoint Server 2007: 1 critical
  • Microsoft SharePoint Server 2010: 1 critical
  • Microsoft SharePoint Server 2013: 1 critical
  • Microsoft Office Web Apps 2010: 1 critical
  • Microsoft Office Web Apps 2013: 1 critical
  • SharePoint Server 2013 Client Components SDK: 1 critical
  • Microsoft SharePoint Designer 2007 - 2013: 1 critical

Deployment Guide

Microsoft publishes an official deployment guide each month that suggests a deployment priority for all bulletins it released in that month.

It is by no means mandatory to follow the guide, but since bulletin severity levels, known exploits and attacks, are taken into account, it is usually the way to go as the most severe issues will get patched as soon as possible.

Not yet released. Microsoft recommends to concentrate on MS14-024, MS14-025 and MS14-029 first.

Security Bulletins

The following bulletins have been released in May 2014. Use the links to open the bulletins on Microsoft's website.

  • MS14-021  - (Released out-of-band on May 1, 2014) -  Security Update for Internet Explorer (2965111) - Critical - Remote Code Execution
  • MS14-029 - Security Update for Internet Explorer (2962482) - Critical - Remote Code Execution
  • MS14-022 -Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2952166) - Critical- Remote Code Execution
  • MS14-023 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2961037) - Important - Remote Code Execution
  • MS14-025 - Vulnerability in Group Policy Preferences Could Allow Elevation of Privilege (2962486) - Important - Elevation of Privileges
  • MS14-026 -Vulnerability in .NET Framework Could Allow Elevation of Privilege (2958732) - - Important - Elevation of Privileges
  • MS14-027 -Vulnerability in Windows Shell Handler Could Allow Elevation of Privilege (2962488) - - Important - Elevation of Privileges
  • MS14-028 -Vulnerability in iSCSI Could Allow Denial of Service (2962485) - Important - Denial of Service
  • MS14-024 -Vulnerability in a Microsoft Common Control Could Allow Security Feature Bypass (2961033) - Important -  Security Feature Bypass

Security related updates

Microsoft has released security updates to existing bulletins or products as well. You find those listed in this section.

  • Security Update for Windows 8.1 and Windows RT 8.1 (KB2962140)
  • Security Update for Windows 8.1 and Windows RT 8.1 (KB2964757) without KB2919355
  • MS14-018: Security Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2919355)
  • MS14-021: Security Update for Internet Explorer (KB2964358)
  • MS14-021: Security Update for Internet Explorer (KB2964444)
  • Security Update for Internet Explorer Flash Player for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, and Windows Server 2012 (KB2961887)
  • MS14-018: Security Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2919355)

Security Advisories

Microsoft has released the following security advisories.

Non-security related updates

This list highlights non-security related updates for various Microsoft products.

Update for Windows Server 2008 R2 x64 Edition (KB2852386)
Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2920540)
Update for Windows 8.1 (KB2932074)
Update for Windows 8.1 and Windows 7 (KB2932354)
Update for Windows Server 2008 R2 (KB2934950)
Update for Windows Server 2008 R2 (KB2934953)
Update for Windows Server 2012 Essentials (KB2934957)
Update for Windows 8 and Windows RT (KB2938459)
Update for Windows 8.1, Windows RT 8.1, Windows 8, and Windows RT (KB2939153)
Update for Windows 8.1 and Windows Server 2012 R2 (KB2950153)
Update for .NET Native on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2954879)
Update for Windows 8, Windows RT, and Windows Server 2012 (KB2955163)
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2955164)
Update for Windows 8, Windows RT, and Windows Server 2012 (KB2956037)
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2956575)
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2958262)
Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2958263)
Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2958265)
Update for Windows 8.1 and Windows Server 2012 R2 (KB2965065)
Windows Malicious Software Removal Tool - May 2014 (KB890830)/Windows Malicious Software Removal Tool - May 2014 (KB890830) - Internet Explorer Version
System Update Readiness Tool for Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista (KB947821) [May 2014]
Update for Windows 8 (KB2802618)
Internet Explorer 11 for Windows 7 and Windows Server 2008 R2 (KB2841134)
Update for Windows 8, Windows RT, and Windows Server 2012 (KB2934016)
Update for Windows 8 and Windows RT (KB2957026)
Update for Windows 7 (KB2952664)
Internet Explorer 11 for Windows 7 and Windows Server 2008 R2 (KB2841134)
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2959977)
Update for Windows 7 (KB2952664)
Update for Windows 8 and Windows RT (KB2957026)
Update for Windows Server 2012 R2 (KB2919394)
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2928680)

How to download and install the May 2014 security updates

windows updates may 2014

You do not need to do anything if you have configured your Windows system to update automatically. If you have not changed update related settings, that is how this month's updates will be delivered to the PC system.

It is recommended that you check for updates manually to reduce the time it takes for the system to pick up the updates. To do so, tap on the Windows-key, enter Windows Update, and select the entry from the results. Here you need to click on the check for updates option to run a manual scan for updates.

Alternatives include downloading all security patches from Microsoft's Download Center either individually or as monthly security ISO images. Check out this page linking to all previously released security ISO images.

Check out our in-depth Windows update guide that explains everything in detail.

Additional information

Summary
Microsoft Security Bulletins For May 2014 overview
Article Name
Microsoft Security Bulletins For May 2014 overview
Description
The security update overview for May 2014 for Microsoft Windows and other Microsoft products.
Author
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Some Dude said on March 19, 2023 at 11:42 am
    Reply

    Are these articles AI generated?

    Now the duplicates are more obvious.

    1. boris said on March 19, 2023 at 11:48 pm
      Reply

      This is below AI generated crap. It is copy of Microsoft Help website article without any relevant supporting text. Anyway you can find this information on many pages.

  2. Paul(us) said on March 20, 2023 at 1:32 am
    Reply

    Yes, but why post the exact same article under a different title twice on the same day (19 march 2023), by two different writers?
    1.) Excel Keyboard Shortcuts by Trevor Monteiro.
    2.) 70+ Excel Keyboard Shortcuts for Windows by Priyanka Monteiro

    Why oh why?

    1. Clairvaux said on September 6, 2023 at 11:30 am
      Reply

      Yeah. Tell me more about “Priyanka Monteiro”. I’m dying to know. Indian-Portuguese bot ?

  3. John G. said on August 18, 2023 at 4:36 pm
    Reply

    Probably they will announce that the taskbar will be placed at top, right or left, at your will.

    Special event by they is a special crap for us.

  4. yanta said on August 18, 2023 at 11:59 pm
    Reply

    If it’s Microsoft, don’t buy it.
    Better brands at better prices elsewhere.

  5. John G. said on August 20, 2023 at 4:22 am
    Reply

    All new articles have zero count comments. :S

  6. Anonymous said on September 5, 2023 at 7:48 am
    Reply

    WTF? So, If I add one photo to 5 albums, will it count 5x on my storage?
    It does not make any sense… on google photos, we can add photo to multiple albums, and it does not generate any additional space usage

    I have O365 until end of this year, mostly for onedrive and probably will jump into google one

  7. St Albans Digital Printing Inc said on September 5, 2023 at 11:53 am
    Reply

    Photo storage must be kept free because customers chose gadgets just for photos and photos only.

  8. Anonymous said on September 5, 2023 at 12:47 pm
    Reply

    What a nonsense. Does it mean that albums are de facto folders with copies of our pictures?

    1. GG said on September 6, 2023 at 8:24 am
      Reply

      Sounds exactly like the poor coding Microsoft is known for in non-critical areas i.e. non Windows Core/Office Core.

      I imagine a manager gave an employee the task to create the album feature with hardly any time so they just copied the folder feature with some cosmetic changes.

      And now that they discovered what poor management results in do they go back and do the album feature properly?

      Nope, just charge the customer twice.

      Sounds like a go-getter that needs to be promoted for increasing sales and managing underlings “efficiently”, said the next layer of middle management.

  9. d3x said on September 5, 2023 at 7:33 pm
    Reply

    When will those comments get fixed? Was every editor here replaced by AI and no one even works on this site?

  10. Scroogled said on September 5, 2023 at 10:47 pm
    Reply

    Instead of a software company, Microsoft is now a fraud company.

  11. ard said on September 7, 2023 at 4:59 pm
    Reply

    For me this is proof that Microsoft has a back-door option into all accounts in their cloud.
    quote “…… as the MSA key allowed the hacker group access to virtually any cloud account at Microsoft…..”
    unquote

    so this MSA key which is available to MS officers can give access to all accounts in MS cloud.This is the backdoor that MS has into the cloud accounts. Lucky I never got any relevant files of mine in their (MS) cloud.

  12. Andy Prough said on September 7, 2023 at 6:52 pm
    Reply

    >”Now You: what is your theory?”

    That someone handed an employee a briefcase full of cash and the employee allowed them access to all their accounts and systems.

    Anything that requires 5-10 different coincidences to happen is highly unlikely. Occam’s razor.

  13. TelV said on September 8, 2023 at 12:04 pm
    Reply

    Good reason to never login to your precious machine with a Microsoft a/c a.k.a. as the cloud.

  14. Anonymous said on September 18, 2023 at 1:23 pm
    Reply

    The GAFAM are always very careless about our software automatically sending to them telemetry and crash dumps in our backs. It’s a reminder not to send them anything when it’s possible to opt out, and not to opt in, considering what they may contain. And there is irony in this carelessness biting them back, even if in that case they show that they are much more cautious when it’s their own data that is at stake.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.