The remaining “Critical” bulletin is MS14-013. If exploited, this vulnerability could allow attackers remote code execution in the application programming interface DirectShow via specially crafted image files. MS14-014, meanwhile, addresses a security concern for Microsoft Silverlight for both Windows and Mac users. Though Silverlight is no longer being developed by Microsoft, support for this program will continue until October 2021.
Two vulnerabilities, CVE-2014-0300 and CVE-2014-0323, are addressed by the bulletin MS14-015. If exploited, these could allow attackers to execute a malicious application, provided they have a valid logged-in session. MS14-016 fixes the vulnerability that could allow attackers a security feature bypass if they make multiple attempts to match passwords to a user account.
This month’s Patch Tuesday marks the looming end-of-support for Windows XP. Come April, Windows XP will no longer receive security patches for their computers, making them vulnerable to all sorts of attacks. We recommend that users to update their OS to newer versions of Windows to continue to receive protection via security patches.
Adobe has also released updates in time for Patch Tuesday, with security updates for Adobe Flash Player.
We encourage users to apply these updates as soon as possible. Additional information may also be found in the Trend Micro Threat Encyclopedia page. Appropriate rules for Trend Micro Deep Security have also been created and are available for use by system administrators.