Microsoft Security Bulletins For January 2014 overview

Here’s 2014’s first batch of Microsoft Security updates … and a possible explanation as to why your PC rebooted itself last night.

Welcome to the overview of Microsoft’s January 2014 patch Tuesday. Microsoft has released a total of four bulletins on the first patch day of the year 2014, all of which have received the maximum severity rating of important. A severity rating of important is the second-highest possible rating after critical. It means that at least one Microsoft product has received the severity rating, while others may have received the same rating, a lower rating, or none at all if they are not affected by the vulnerability.

The information below provide you with everything there is to know about the security patches and non-security patches that Microsoft has released this month, or after the last patch day.

We list the operating system and Office distribution so that you can easily look up the products that matter to you, provide you with a deployment guide, link to all security and non-security updates on the Microsoft website, and describe the various ways they can be downloaded and installed.

Operating System Distribution

Only two bulletins address issues in Microsoft server or client operating systems. Several operating systems, Windows Vista and all Windows 8 versions on the client side, and Windows Server 2008, Windows Server 2012 and Windows Server 2012 R2 on the server side are not affected at all this month.

All remaining operating systems, Windows XP and Windows 7 on the client side, and Windows Server 2003 and Windows Server 2008 R2 on the server side are affected by one of the bulletins only.

  • Windows XP:  1 important
  • Windows Vista: not affected
  • Windows 7:  1 important
  • Windows 8:  not affected
  • Windows 8.1: not affected
  • Windows RT: not affected
  • Windows RT 8.1:  not affected
  • Windows Server 2003: 1 important
  • Windows Server 2008: not affected
  • Windows Server 2008 R2: 1 important
  • Windows Server 2012: not affected
  • Windows Server 2012 R2: not affected

Office Distribution

One of the remaining two bulletins impacts all Microsoft Office versions. It is interesting to note that it affects them all in the same way.

Each Office version has received the same severity rating of important.

  • Microsoft Office 2003: 1 important
  • Microsoft Office 2007: 1 important
  • Microsoft Office 2010: 1 important
  • Microsoft Office 2013: 1 important
  • Microsoft SharePoint Server 2010: 1 important
  • Microsoft SharePoint Server 2013: 1 important
  • Microsoft Office Web Apps 2010: 1 important
  • Microsoft Office Web Apps 2013: 1 important

Deployment Guide

deployment-priority-guide-january-2014

Microsoft releases a deployment guide each month that system administrators can use as a guideline for deployment.

The top priority this month is the MS14-002 vulnerability in Windows Kernel that could allow an elevation or privileges.

The company suggests the following deployment priority for this month’s bulletins.

  • Tier 1 updates: MS14-002 Kernel
  • Tier 2 updates: MS14-001 Word, MS14-003 KMD
  • Tier 3 updates: MS14-004 Dynamics AX

Security Bulletins

  • MS14-001 Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605)
  • MS14-002 – Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2914368)
  • MS14-003 Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2913602)
  • MS14-004Vulnerability in Microsoft Dynamics AX Could Allow Denial of Service (2880826)

Other security-related information

  • Windows Malicious Software Removal Tool – January 2014 (KB890830)/Windows Malicious Software Removal Tool – January 2014 (KB890830) – Internet Explorer Version
  • Microsoft security advisory: Improperly issued digital certificates could allow spoofing – (KB2917500) – Security Update for Windows 8.1, Windows 8, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP
  • Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (revised) – (KB2755801)
  • Re-release of MS13-081 for systems where the initial update failed on (MS13-081)

Non-security related updates

  • Update for Windows 8.1, Windows RT 8.1, Windows 8, and Windows RT (KB2894853)
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2904440)
  • Windows RT, Windows 8, and Windows Server 2012 update rollup: January 2014 –  (KB2911101) – Update for Windows 8, Windows RT, and Windows Server 2012
  • Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 update rollup: January 2014 – (KB2911106) – Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2913270)
  • Update for Windows 7 and Windows Server 2008 R2 (KB2913431)
  • Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2914220)
  • Update for Windows 8, Windows RT, and Windows Server 2012 (KB2917499)
  • Screen turns black when it rotates from portrait orientation to landscape orientation in Windows – (KB2917993) – Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2
  • Description of Windows SharePoint Services 3.0 SP3 and of Windows SharePoint Services 3.0 Language Pack SP3 – (KB2526305) – Windows SharePoint Services 3.0 Service Pack 3 x64 Edition
  • Windows RT, Windows 8, and Windows Server 2012 update rollup: December 2013 – (KB2903938) – Update for Windows 8, Windows RT, and Windows Server 2012
  • Surface 2 prompts you for the BitLocker recovery key when you restart the device – (KB2921482) –  Update for Windows RT 8.1
  • AV_NULL_IP_BTHUSB!USBD_CreateHandle” Stop error on a Windows 8.1-based computer that has certain MediaTek drivers installed – (KB2917488) – Dynamic Update for Windows 8.1
  • Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 update rollup: November 2013 – (KB2887595) – Update for Windows 8.1
  • Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 update rollup: December 2013 – (KB2903939) – Update for Windows 8.1

How to download and install the December 2013 security updates

All security-related updates are available via Microsoft’s Windows Update service which means that the updates will be delivered automatically to most home users.

Users who have blocked the automatic update feature can download the latest security updates and regular updates from Microsoft’s Download Center website instead.

A DVD image containing all security updates of the month will also be made available soon.

It may make sense to download updates from Microsoft if they need to be deployed on multiple systems as it will save bandwidth in the progress.

It is alternatively possible to use third-party download tools to download all patches for Windows and other Microsoft products.

Additional information

Link to Original Content

Tags: , , , ,

Comments are closed.