Today we released seven security bulletins addressing 66 unique CVE’s. Two bulletins have a maximum severity rating of Critical while the other five have a maximum severity rating of Important. This table is designed to help you prioritize the deployment of updates appropriately for your environment.
| Bulletin | Most likely attack vector | Max Bulletin Severity | Max XI | Likely first 30 days impact | Platform mitigations and key notes |
|---|---|---|---|---|---|
| MS14-035 (Internet Explorer) | Victim browses to a malicious webpage. | Critical | 1 | Likely to see reliable exploits developed within next 30 days. | CVE count (59) is result of focusing on in-the-wild exploits last month. These are the May + June fixes for issues not under active attack. |
| MS14-034 (Word 2007) | Victim opens malicious Office document. | Important | 1 | Likely to see reliable exploits developed within next 30 days. | Issue addressed in embedded font parsing. Reachable via either doc or docx. Word 2010 and later not affected. |
| MS14-036 (GDI+) | Victim open malicious graphics file or malicious PowerPoint document | Critical | 1 | Likely to see reliable exploits developed within next 30 days. | Issue addressed is in EMF+ record type parsing, an area we have not seen real-world attackers pursue recently. (Hence, table lists Word security update ahead of GDI+ update.) |
| MS14-033 (MSXML) | Victim browses to a malicious webpage or opens a malicious document, inadvertently sending local path name of downloaded file to attacker. Path name by default includes the user’s login name. | Important | 3 | Less likely to see widespread usage of information disclosure vulnerabilities. | Information disclosure only. |
| MS14-030 (Terminal Services) | Attacker acting as man-in-the-middle at the start of a Remote Desktop session may be able to read information from or tamper with RDP session. | Important | n/a | Less likely to see widespread usage of vulnerabilities enabling tampering. | Terminal Services NLA feature mitigates this vulnerability. |
| MS14-031 (TCP) | Attacker initiates large number of connections with malformed TCP options. Each connection temporarily consumes non-paged pool memory longer than it should, leading to resource exhaustion. | Important | 3 | Less likely to see widespread usage of vulnerability allowing resource exhaustion denial-of-service only. | Attacker must control TCP Options fields. Attacker would be unable to cause denial-of-service for systems behind network infrastructure that overwrites the TCP Options field. |
| MS14-032 (Lync Server XSS) | Victim clicks on a specially-crafted malicious link to an established Lync meeting. Attacker can take action in context of Lync Server service that victim would normally have access to take. | Important | 3 | Less likely to see widespread usage of this vulnerability. | XSS style vulnerability. |
- Jonathan Ness, MSRC engineering team