Last updated at Fri, 21 Jul 2017 20:41:19 GMT
2014 is off to a light start with Microsoft, as January was a very quiet month for patches. There were only four advisories released this afternoon.
For the first time in quite a while, there is not a cumulative IE roll up patch. I believe that this means the IE team was finally allowed to take a vacation after the grueling year they had in 2013. However, I certainly expect them back in February.
The second bulletin, MS14-002, addresses the somewhat awaited kernel elevation of privilege issues known as CVE-2013-5065, which was reported and disclosed back in November with some limited exploitation in the wild. The issue only affects Windows XP and 2003 systems, but if you are running those I would consider this something to patch quickly.
The third bulletin is another elevation of privilege issue affecting Windows 7 and 2008, so if you dodged a bullet with CVE-2013-5065, you are still impacted by this one. You won't be able to get out of it this month.
The fourth bulletin is a denial of service in the seldom seen Microsoft Dynamics product. This is about as marginal a concern as you can get to in terms of MS advisories.
It's a pretty easy prioritization this month, patch MS14-002 if it applies to you, then 001 and 003 if it also applies. If you are worried about 002 and not 003, you are likely going to have some problems come April when support ends for Windows XP. Patch the DoS in MS Dynamics when you are really bored sometime… no, just kidding. If you have Dynamics in your environment, don't overlook this patch. It's the type of system where downtime can have a material cost to your business.
