Internet Explorer new zero day vulnerability

Microsoft Releases April 2014 Security Bulletins.
Below you’ll find all the latest information on these updates.

1.Bulletin ID: MS14-017
Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Affected Software: Microsoft Office,
Microsoft Office Services,
Microsoft Office Web Apps

Bulletin Executive Summary:

Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2949660)

This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft Office. The most severe of these vulnerabilities could allow remote code execution if a specially crafted file is opened or previewed in an affected version of Microsoft Office software. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

2.Bulletin ID: MS14-018
Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Affected Software: Microsoft Windows,
Internet Explorer

Bulletin Executive Summary:

Cumulative Security Update for Internet Explorer (2950467) 

This security update resolves six privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

3.Bulletin ID: MS14-019
Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Affected Software: Microsoft Windows

Bulletin Executive Summary:

Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2922229)

This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user runs specially crafted .bat and .cmd files from a trusted or semi-trusted network location. An attacker would have no way to force users to visit the network location or run the specially crafted files. Instead, an attacker would have to convince users to take such action. For example, an attacker could trick users into clicking a link that takes them to the location of the attacker’s specially crafted files and subsequently convince them to run them.

4.Bulletin ID: MS14-020
Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Affected Software: Microsoft Office

Bulletin Executive Summary:

Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (2950145)

This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted file in an affected version of Microsoft Publisher. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Follow us on Google+Twitter or Facebook