Patch Tuesday April 2014 - XP's last breath

Filed Under: Uncategorized

Patch TuesdayThere has been an unusual amount of drama leading up to Patch Tuesday April 2014. If you listen to the media you might believe we are on the precipice of an apocalypse, overreacting to nothing or anything in between.

The reality first and foremost is that it is just another important day to apply patches. Microsoft released four patches fixing 11 vulnerabilities in Windows, Internet Explorer, Microsoft Word and Microsoft Publisher.

Adobe also released a patch for Flash Player today addressing four vulnerabilities.

First I will cover off the two critical Microsoft patches. One fixes the recently discovered zero-day vulnerability targeting Microsoft Word 2010.

While MS14-017 fixes the flaw in Word 2003 through Word 2013 for Mac and Windows, the flaw is only known to have been exploitable in the Word for Windows 2010.

MS14-018 fixes six privately reported vulnerabilities in Internet Explorer versions 6 through 11. Although it is believed that criminals are not actively exploiting these flaws, any time there is an issue with your web browser you should address it promptly.

MS14-019 and MS14-020 fix important vulnerabilities in Windows and Publisher. The Windows bug is related to the loading of CMD.EXE by scripts and potentially poorly written applications. It is similar to DLL load order vulnerabilities we wrote about in 2010.

Adobe's fixes are critical, but nothing of particular to note. While they include a cross-site scripting, buffer overflow, security bypass and use-after-free vulnerability this isn't meant to be a test of your knowledge of vulnerabilities.

As always, Adobe fixes are available from http://get.adobe.com/flashplayer.

To learn more about what all these vulnerability terms and acronyms mean, why not listen to our Techknow podcast on vulnerabilities?

Listen now:

Listen later:

Download Sophos Techknow - Understanding Vulnerabilities [MP3]:

, , , , , , , , ,

You might like

2 Responses to Patch Tuesday April 2014 - XP's last breath

  1. LindaB · 198 days ago

    12 patches for Windows 7 and only 3 for XP. Bit of a damp squib fo XP users.

  2. Blake · 197 days ago

    If you have Office 2013 installed on Windows 7 expect 660MB.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.