MS14-039: Description of the security update for Windows on-screen keyboard: July 8, 2014

Applies to: Windows RT 8.1Windows 8.1Windows 8.1 Enterprise More

Introduction


This security update resolves a vulnerability in Windows that could allow elevation of privilege if an attacker uses a vulnerability in a low-integrity process to execute the on-screen keyboard (OSK) and upload a specially crafted program to the target system.

Summary


Microsoft has released security bulletin MS14-039. To learn more about this security bulletin:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Support and Troubleshooting

Help protect your Windows-based computer from viruses and malware: Virus and Security Solution Center

Local support according to your country:
International Support

More Information


Known issues with this security update

Known issue 1

  • After you install this security update on a Windows 7-based or Windows Vista-based tablet, the Tablet PC Input Panel keyboard cannot be moved with a stylus or touch input. (However, it can be moved with a mouse.)

    Note The Windows on-screen keyboard (osk.exe) is not affected by this issue.

    Resolution To resolve this issue, apply the hotfix that is described in the following article in the Microsoft Knowledge Base:
    2984930 Tablet PC Input Panel cannot be moved after you install update 2973201 in Windows 7 or Windows Vista
    Or, install the following update that contains hotfix 2984930 and fixes many other issues:
    3000061 MS14-058: Vulnerability in kernel-mode driver could allow elevation of privilege: October 14, 2014

Known issue 2

  • After you install this update, the z-order of the windows is changed. (The z-order calls the SetWindowPos function together with the HWND_TOP parameter.) Therefore, the windows of certain applications may become invisible or may be incorrectly displayed behind other windows.

    Resolution
    To resolve this issue, install update 2998984. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
    2998984 You cannot dock MicroStation toolbars after you install update 2973201 in Windows
    Notes
    This issue also occurs after you install the following updates:
    • 2965768 Stop error 0x3B when an application changes the z-order of a window in Windows 7 SP1 and Windows Server 2008 R2 SP1
    • 2970228 Update to support the new currency symbol for the Russian ruble in Windows
    • 2975719 August 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2

FILE INFORMATION


The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.