Microsoft Security Bulletins For May 2014 overview
Welcome to this month's overview of security bulletins and updates for Microsoft Windows, Office, and other Microsoft products.
This is the first month after end of support for the popular Windows XP operating system. Microsoft did release a patch for Windows XP after end of support to address a security issue in Internet Explorer, but made it clear that this was an exemption rather than something that XP users should get used to.
The company will reveal a total of eight security bulletins this month addressing vulnerabilities in Microsoft Windows, Office, Internet Explorer, Microsoft Server Software, Productivity Software and the Microsoft's Net Framework.
Two of the bulletins have received the highest severity rating of critical, while the remaining six one of important.
Below you find all relevant information about those updates and additional updates that Microsoft released since April's Patch Day.
Executive Summary
- A total of eight security bulletins are released that address 13 vulnerabilities across all products.
- Affected products include the Windows operating system, Office and server software.
- Two bulletins have received the highest severity rating of critical.
- The top deployment priorities are MS14-024, MS14-025 and MS14-029.
Video Summary
Not yet released.
Operating System Distribution
All desktop-based Windows operating systems are affected by the same vulnerabilities. All are affected by one critical and three important bulletins.
The exception here is Windows RT which is only affected by one critical and two important bulletins.
On the server side of things, we see a similar picture. All server-based operating systems with the exception of Windows Server 2003 are affected by five bulletins of which four are rated important. Windows Server 2003 is only affected by three bulletins of which two have received the important rating.
Add one additional critical bulletin to all desktop operating systems and one additional moderate bulletin to all server operating systems for the out of band MS14-021 release.
- Windows Vista: 1 critical, 3 important
- Windows 7:Â Â 1 critical, 3 important
- Windows 8:Â 1 critical, 3 important
- Windows 8.1: 1 critical, 3 important
- Windows RT: 1 critical, 2 important
- Windows RT 8.1:Â 1 critical, 2 important
- Windows Server 2003: 2 important, 1 moderate
- Windows Server 2008: 4 important, 1 moderate
- Windows Server 2008 R2: 4 important, 1 moderate
- Windows Server 2012: 4 important, 1 moderate
- Windows Server 2012 R2: 4 important, 1 moderate
- Server Core installation: 3 important
Other Microsoft Product Distribution
Two bulletins affect all Office products, and all are affected by two bulletins rated important. The same is true for all affected SharePoint Server and Office Web Apps products, only that they are affected by one critical bulletin each.
- Microsoft Office 2007: 2 important
- Microsoft Office 2010: 2 important
- Microsoft Office 2013: 2 important
- Microsoft Office 2013 RT: 2 important
- Microsoft SharePoint Server 2007: 1 critical
- Microsoft SharePoint Server 2010: 1 critical
- Microsoft SharePoint Server 2013: 1 critical
- Microsoft Office Web Apps 2010: 1 critical
- Microsoft Office Web Apps 2013: 1 critical
- SharePoint Server 2013 Client Components SDK: 1 critical
- Microsoft SharePoint Designer 2007 - 2013: 1 critical
Deployment Guide
Microsoft publishes an official deployment guide each month that suggests a deployment priority for all bulletins it released in that month.
It is by no means mandatory to follow the guide, but since bulletin severity levels, known exploits and attacks, are taken into account, it is usually the way to go as the most severe issues will get patched as soon as possible.
Not yet released. Microsoft recommends to concentrate on MS14-024, MS14-025 and MS14-029 first.
Security Bulletins
The following bulletins have been released in May 2014. Use the links to open the bulletins on Microsoft's website.
- MS14-021Â - (Released out-of-band on May 1, 2014) -Â Security Update for Internet Explorer (2965111) - Critical - Remote Code Execution
- MS14-029 - Security Update for Internet Explorer (2962482) - Critical - Remote Code Execution
- MS14-022 -Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2952166) - Critical- Remote Code Execution
- MS14-023 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2961037) - Important - Remote Code Execution
- MS14-025 - Vulnerability in Group Policy Preferences Could Allow Elevation of Privilege (2962486) - Important - Elevation of Privileges
- MS14-026 -Vulnerability in .NET Framework Could Allow Elevation of Privilege (2958732) - - Important - Elevation of Privileges
- MS14-027 -Vulnerability in Windows Shell Handler Could Allow Elevation of Privilege (2962488) - - Important - Elevation of Privileges
- MS14-028 -Vulnerability in iSCSI Could Allow Denial of Service (2962485) - Important - Denial of Service
- MS14-024 -Vulnerability in a Microsoft Common Control Could Allow Security Feature Bypass (2961033) - Important -Â Security Feature Bypass
Security related updates
Microsoft has released security updates to existing bulletins or products as well. You find those listed in this section.
- Security Update for Windows 8.1 and Windows RT 8.1 (KB2962140)
- Security Update for Windows 8.1 and Windows RT 8.1 (KB2964757) without KB2919355
- MS14-018: Security Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2919355)
- MS14-021: Security Update for Internet Explorer (KB2964358)
- MS14-021: Security Update for Internet Explorer (KB2964444)
- Security Update for Internet Explorer Flash Player for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, and Windows Server 2012 (KB2961887)
- MS14-018: Security Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2919355)
Security Advisories
Microsoft has released the following security advisories.
- Security Advisory 2871997 update for Windows 8 and windows Server 2012.
- Security Advisory 2960358 disables Rivest Cipher 4 in Transport Layer Security (TLS).
- Security Advisory 2962824 revokes digital signature for a specific UEFI module.
- Security Advisory 2755801 updates Adobe Flash Player in Internet Explorer.
Non-security related updates
This list highlights non-security related updates for various Microsoft products.
Update for Windows Server 2008 R2 x64 Edition (KB2852386)
Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2920540)
Update for Windows 8.1 (KB2932074)
Update for Windows 8.1 and Windows 7 (KB2932354)
Update for Windows Server 2008 R2 (KB2934950)
Update for Windows Server 2008 R2 (KB2934953)
Update for Windows Server 2012 Essentials (KB2934957)
Update for Windows 8 and Windows RT (KB2938459)
Update for Windows 8.1, Windows RT 8.1, Windows 8, and Windows RT (KB2939153)
Update for Windows 8.1 and Windows Server 2012 R2 (KB2950153)
Update for .NET Native on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2954879)
Update for Windows 8, Windows RT, and Windows Server 2012 (KB2955163)
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2955164)
Update for Windows 8, Windows RT, and Windows Server 2012 (KB2956037)
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2956575)
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2958262)
Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2958263)
Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2958265)
Update for Windows 8.1 and Windows Server 2012 R2 (KB2965065)
Windows Malicious Software Removal Tool - May 2014 (KB890830)/Windows Malicious Software Removal Tool - May 2014 (KB890830) - Internet Explorer Version
System Update Readiness Tool for Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista (KB947821) [May 2014]
Update for Windows 8 (KB2802618)
Internet Explorer 11 for Windows 7 and Windows Server 2008 R2 (KB2841134)
Update for Windows 8, Windows RT, and Windows Server 2012 (KB2934016)
Update for Windows 8 and Windows RT (KB2957026)
Update for Windows 7 (KB2952664)
Internet Explorer 11 for Windows 7 and Windows Server 2008 R2 (KB2841134)
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2959977)
Update for Windows 7 (KB2952664)
Update for Windows 8 and Windows RT (KB2957026)
Update for Windows Server 2012 R2 (KB2919394)
Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2928680)
How to download and install the May 2014 security updates
You do not need to do anything if you have configured your Windows system to update automatically. If you have not changed update related settings, that is how this month's updates will be delivered to the PC system.
It is recommended that you check for updates manually to reduce the time it takes for the system to pick up the updates. To do so, tap on the Windows-key, enter Windows Update, and select the entry from the results. Here you need to click on the check for updates option to run a manual scan for updates.
Alternatives include downloading all security patches from Microsoft's Download Center either individually or as monthly security ISO images. Check out this page linking to all previously released security ISO images.
Check out our in-depth Windows update guide that explains everything in detail.
Additional information
- Microsoft Security Response Center blog on the 2014 Bulletin Release
- Microsoft Security Bulletin Summary for May 2014
- List of software updates for Microsoft products 2014
Are these articles AI generated?
Now the duplicates are more obvious.
This is below AI generated crap. It is copy of Microsoft Help website article without any relevant supporting text. Anyway you can find this information on many pages.
Yes, but why post the exact same article under a different title twice on the same day (19 march 2023), by two different writers?
1.) Excel Keyboard Shortcuts by Trevor Monteiro.
2.) 70+ Excel Keyboard Shortcuts for Windows by Priyanka Monteiro
Why oh why?
Yeah. Tell me more about “Priyanka Monteiro”. I’m dying to know. Indian-Portuguese bot ?
Probably they will announce that the taskbar will be placed at top, right or left, at your will.
Special event by they is a special crap for us.
If it’s Microsoft, don’t buy it.
Better brands at better prices elsewhere.
All new articles have zero count comments. :S
WTF? So, If I add one photo to 5 albums, will it count 5x on my storage?
It does not make any sense… on google photos, we can add photo to multiple albums, and it does not generate any additional space usage
I have O365 until end of this year, mostly for onedrive and probably will jump into google one
Photo storage must be kept free because customers chose gadgets just for photos and photos only.
What a nonsense. Does it mean that albums are de facto folders with copies of our pictures?
Sounds exactly like the poor coding Microsoft is known for in non-critical areas i.e. non Windows Core/Office Core.
I imagine a manager gave an employee the task to create the album feature with hardly any time so they just copied the folder feature with some cosmetic changes.
And now that they discovered what poor management results in do they go back and do the album feature properly?
Nope, just charge the customer twice.
Sounds like a go-getter that needs to be promoted for increasing sales and managing underlings “efficiently”, said the next layer of middle management.
When will those comments get fixed? Was every editor here replaced by AI and no one even works on this site?
Instead of a software company, Microsoft is now a fraud company.
For me this is proof that Microsoft has a back-door option into all accounts in their cloud.
quote “…… as the MSA key allowed the hacker group access to virtually any cloud account at Microsoft…..”
unquote
so this MSA key which is available to MS officers can give access to all accounts in MS cloud.This is the backdoor that MS has into the cloud accounts. Lucky I never got any relevant files of mine in their (MS) cloud.
>”Now You: what is your theory?”
That someone handed an employee a briefcase full of cash and the employee allowed them access to all their accounts and systems.
Anything that requires 5-10 different coincidences to happen is highly unlikely. Occam’s razor.
Good reason to never login to your precious machine with a Microsoft a/c a.k.a. as the cloud.
The GAFAM are always very careless about our software automatically sending to them telemetry and crash dumps in our backs. It’s a reminder not to send them anything when it’s possible to opt out, and not to opt in, considering what they may contain. And there is irony in this carelessness biting them back, even if in that case they show that they are much more cautious when it’s their own data that is at stake.