Microsoft Releases 14 Critical Security Updates, Patches Zero-Day Vulnerabilities
Microsoft has released a batch of 14 security bulletins this month, addressing a range of vulnerabilities in its software and applications. The updates include fixes for critical issues and a zero-day vulnerability that has been exploited in the wild.
Among the most pressing issues, bulletin MS14-064 tackles a current 0-day vulnerability (CVE-2014-6352) in the Windows OLE packager for Vista and newer versions. This vulnerability can be exploited by sending malicious PowerPoint files to targets for code execution. Another critical bulletin, MS14-065, addresses 17 vulnerabilities in Internet Explorer, with the most severe allowing attackers to gain control over targeted machines via malicious webpages.
Earlier this year, Microsoft 365 released security updates in November 2014, including a fix for a zero-day vulnerability in the Microsoft OLE packaging for Windows Vista and older versions. This month, bulletin MS14-069 fixes a Remote Code Execution (RCE) vulnerability in Microsoft Word 2007, exploitable through malicious documents sent to targets. Additionally, bulletin MS14-078 fixes a vulnerability (CVE-2014-4077) in a Windows component for Japanese input, exploitable in conjunction with another vulnerability through mal-formatted Adobe PDF documents.
Microsoft has also addressed several server vulnerabilities this month. Bulletin MS14-073 patches issues in Microsoft SharePoint, while MS14-076 fixes problems in IIS. Notably, Microsoft has held back one critical Windows vulnerability and an Exchange patch due to last-minute stability issues, which will be released next month. Lastly, Microsoft ranks bulletin MS14-066 highly, addressing multiple vulnerabilities in the Windows Schannel encryption component used for SSL and TLS connections.
In total, Microsoft has released 14 bulletins this month, addressing a wide range of vulnerabilities in its software and applications. Users are advised to apply these updates promptly to protect against potential security threats.
Read also:
- First Barge in 2025 Arrives at Onitsha River Port, Sparking Economic Hopes
- Tony Hawk's Memorabilia Auction Raises Record $1.2M for Skatepark Project
- Customs Raid in Germany's Hotel Industry Finds 12 Illegally Present Workers
- Trade Disputes Escalate: Trump Imposes Tariffs, India Retaliates; threatened boycott ranges from McDonald's, Coca-Cola to iPhones
