-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reference: CERT-EU Security Advisory 2014-030

Title: Multiple vulnerabilities in Microsoft products

Version history:
11.03.2014 Initial publication

Summary
=======
Microsoft released five bulletins [1] to address 23 unique CVEs in Microsoft Windows, Internet Explorer and Silverlight. The update for Internet Explorer addresses the issue first described in Security Advisory 2934088 [2], and is hence the most important.

Additionally, of notice is the MS14-014, which provides an update to address a security feature bypass in Silverlight. The issue wasn�t publicly known and it isn�t under active attack, however it can impact your security in ways that aren�t always obvious. Specifically, the update removes an avenue attackers could use to bypass ASLR protections. Fixes like this one increase the cost of exploitation to an attacker, who must now find a different way to make their code execution exploit reliable [3].

Vulnerable systems
==================
Microsoft Windows XP
Microsoft Windows Server 2003
Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Windows 8 and Windows 8.1
Windows Server 2012
Windows Server 2012 R2
Windows RT
Windows RT 8.1
Microsoft Silverlight

What can you do?
================
Microsoft recommends that customers apply the update at the earliest
opportunity using update management software, or by checking for updates
using the Microsoft Update service.

What to tell your users?
========================
N/A

More information
================
[1] http://technet.microsoft.com/en-us/security/bulletin/ms14-mar
[2] http://technet.microsoft.com/en-us/security/advisory/2934088
[3] http://blogs.technet.com/b/msrc/archive/2014/03/11/the-march-2014-security-updates.aspx

Best regards,
CERT-EU Team (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383
Privacy Statement:
http://cert.europa.eu/cert/plainedition/en/cert_privacy.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJTHx2vAAoJEPpzpNLI8SVo1NAP/jykOz5FNuQgaOot1kuu7DNg
DAUb7Vc6G4rADdWs/8/9o4RPqYVYD1nceaiyvY0BOfkb0GHmmslrqzjPl110UYLn
kEKvrwGdLnAcwG9tQDr0jSlBNKT4xHbEoyW6AMfFSL2ZPvlpbs91yRXqCjuFg4oS
ws0r11PAW9FF6Ot+Wc5fGDfrNrj7Z2TrAoHvOgQjxNW0sWq0nz+aNC64v+HEI4fu
s2+WZ/bW93LQtXRMiyiC2TThvkCj+eHRckZcKw9T6Yygku55HTB4ZvzSzqNXYnvJ
H06WzkPIiL+oBwzKzrszW8uQKg1WMmRor562WSGpzu1viCve23VNWWs+/88lWYbX
JcYcHtAHGDmCIi86+3Uz/NmsPyEZv2WqJCe1J+16s2Q7q9Bx7M3oozAJhjztV5pC
56CMeUpUrh9wDqZxHK9KDuypT0/Y3Vej+r08zBqKQJ55Acvo41Dp+oRJSz+uKZ4e
qQkKPnraNogsK+TYiZSfn+zRl8x8uoW9wTsqxNydTZFDCx7UAU9XywlibdOEnjZy
xMEy4GW3Y3dc9PC+YXv0eZFPUpiixPZKRTZQEG0XZXdsStVZShzvDEW/b5KgNQm/
z1tpTxI5DcJHA3lIXHlVaJNP5Ciy2uAgybWPVKj6iaueDVC1qCZ2XKvImbkzVXbo
sEAw8t3gI2eHrFKsTQBF
=KdH0
-----END PGP SIGNATURE-----