Microsoft Security Bulletin MS14-012 – Critical


This security update resolves sixteen privately reported and two publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10 and Internet Explorer 11 on Windows clients, Moderate for Internet Explorer 6, Internet Explorer 7 on Windows servers, and Important for Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 on Windows servers. For more information, see the full bulletin.

Recommendation. Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

Security Update for Flash Player (2938527)

On March 11th, a security update for Adobe Flash Player in Internet Explorer 10 and 11 on supported editions of Windows 8, Windows 8.1 and Windows Server 2012 and Windows Server 2012 R2 is also available. The details of the vulnerabilities are documented in Adobe security bulletin APSB14-08. This update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash binaries contained within Internet Explorer 10 and Internet Explorer 11. For more information, see the advisory.

Most customers have automatic updating enabled and will not need to take any action because this update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

— Wilson Guo, Program Manager, Internet Explorer

Comments (6)

  1. other language blogs says:

    Translation of the following report, and when is it?

    I need your help earlier.

    It has stopped with the report of "Modern IE."

  2. Ian McCoy says:

    Please take the following into consideration.

    Missing shortcut:

    While holding the Ctrl button, if you press browser's back or forward button it should open the corresponding (previous or next) page in new tab. This behavior is present in Firefox, Chrome and Safari.

    Incomplete implementation:

    While holding the Ctrl button if you press 0 (zero) on qwerty keyboard, the zoomed page is reverted to normal. But if the 0 is pressed on numpad, the shortcut doesn't work.

  3. hhh says:

    Firefox, Safari And Internet Explorer(Version 11etc) Are All Broken At Pwn2Own

    http://www.techweekeurope.co.uk/…/firefox-safari-ie-pwn2own-hacks-141407

  4. __hAl__ says:

    @hhh

    Chrome was also hacked twice at pwn2own even though they patched chrome the day before the competition…

  5. Dia Vandy says:

    Update fail, error: 80070057

  6. FLEET COMMANDER says:

    ░░░░░███████ ]▄▄▄▄▄▄▄▄ { give us MathML, APNG and WEBGLv1.0.3 support }

    ▂▄▅██████████▅▄▃▂

    Il███████████████████].

    ◥⊙▲⊙▲⊙▲⊙▲⊙▲⊙▲⊙◤..