Microsoft released five updates for a total of 23 CVEs for the March Patch Tuesday. Two patches are rated critical and the remaining bulletins are rated Important. Russ Ernst, director, product management at Lumension, provides more information on this month’s updates. Click through for more information on the March Patch Tuesday updates, provided by Russ […]
Microsoft released five updates for a total of 23 CVEs for the March Patch Tuesday. Two patches are rated critical and the remaining bulletins are rated Important. Russ Ernst, director, product management at Lumension, provides more information on this month’s updates.
Click through for more information on the March Patch Tuesday updates, provided by Russ Ernst, director, product management, Lumension.
MS14-012: Critical
Not surprisingly, the first on the list, MS14-012, is another cumulative update to all versions of Internet Explorer. It fixes 18 CVEs, including the IE Zero Day we saw last month that Microsoft addressed with the release of security advisory 2934088 on February 19. Anymore, it’s cause for pause when we don’t see an IE update in Microsoft’s Patch Tuesday; it’s a popular browser and a favorite among attackers. Internet Explorer accounted for 27 percent of all Microsoft vulnerabilities last year, making it the most targeted Microsoft application. While updating IE, make sure you also include the Flash Player update from Adobe released on February 20.
MS14-013: Critical
MS14-013 is the second critical bulletin this month. Addressing CVE 2014-0301, this vulnerability could allow a remote code execution in DirectShow for all supported versions of Windows. The attack method requires a user to click on a specially crafted JPEG file in IE, although there are no known active attacks.
MS14-014: Important
MS14-014 is an important rated bulletin for a security feature bypass in Silverlight for both Windows and Mac; there are no known active attacks at this time. Since this is a heterogeneous vulnerability, make sure your desktop team has their Macs in the update queue. Silverlight is no longer under development by Microsoft but the company has said they will support it through October 2021.
MS14-015: Important
CVE 2014-0323 and CVE 2014-0300 are both addressed with MS14-015. They are for vulnerabilities in Windows Kernel Mode Driver that could allow a remote code execution.
MS14-016: Important
The final bulletin for this Patch Tuesday is MS14-016. It covers one CVE for a vulnerability in Security Account Manager Remote Protocol that could allow a security feature bypass. In this instance, an attacker could lock out a user account if they have account name using return status codes and brute force to break the password.
The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
