Microsoft released five updates fixing 23 vulnerabilities in Windows, Internet Explorer and Silverlight. Among the vulnerabilities fixed is a zero-day bug in Internet Explorer 9 and 10 being exploited in the wild.
A Cumulative Update for Internet Explorer accounts for 18 of the 23 vulnerabilities. One of these is the zero-day vulnerability that Microsoft acknowledged recently.
Today is the next-to-last Patch Tuesday for Windows XP and Office 2003. The updates include fixes for four vulnerabilities in Windows XP, but none in Office. XP users will also have updates for Internet Explorer.
The five specific updates are:
- MS14-012: Cumulative Security Update for Internet Explorer (2925418)
- MS14-013: Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2929961)
- MS14-014: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2930275)
- MS14-015: Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (2934418)
- MS14-016: Vulnerability in Silverlight Could Allow Security Feature Bypass (2932677)
Microsoft has also released a large number of non-security updates for all versions of Windows.