MS14-039: Description of the security update for Windows on-screen keyboard: July 8, 2014

Introduction

This security update resolves a vulnerability in Windows that could allow elevation of privilege if an attacker uses a vulnerability in a low-integrity process to execute the on-screen keyboard (OSK) and upload a specially crafted program to the target system.

Summary

Microsoft has released security bulletin MS14-039. To learn more about this security bulletin:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals:
TechNet Security Support and Troubleshooting

Help protect your Windows-based computer from viruses and malware: Virus and Security Solution Center

Local support according to your country:
International Support

More Information

Known issues with this security update

Known issue 1

  • After you install this security update on a Windows 7-based or Windows Vista-based tablet, the Tablet PC Input Panel keyboard cannot be moved with a stylus or touch input. (However, it can be moved with a mouse.)

    Note The Windows on-screen keyboard (osk.exe) is not affected by this issue.

    Resolution To resolve this issue, apply the hotfix that is described in the following article in the Microsoft Knowledge Base:
    2984930 Tablet PC Input Panel cannot be moved after you install update 2973201 in Windows 7 or Windows Vista
    Or, install the following update that contains hotfix 2984930 and fixes many other issues:
    3000061 MS14-058: Vulnerability in kernel-mode driver could allow elevation of privilege: October 14, 2014

Known issue 2

  • After you install this update, the z-order of the windows is changed. (The z-order calls the SetWindowPos function together with the HWND_TOP parameter.) Therefore, the windows of certain applications may become invisible or may be incorrectly displayed behind other windows.

    Resolution
    To resolve this issue, install update 2998984. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
    2998984 You cannot dock MicroStation toolbars after you install update 2973201 in Windows
    Notes
    This issue also occurs after you install the following updates:
    • 2965768 Stop error 0x3B when an application changes the z-order of a window in Windows 7 SP1 and Windows Server 2008 R2 SP1
    • 2970228 Update to support the new currency symbol for the Russian ruble in Windows
    • 2975719 August 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2

FILE INFORMATION

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.


Windows Vista and Windows Server 2008 file information
Windows 7 and Windows Server 2008 R2 file information
Windows 8 and Windows Server 2012 file information
Windows 8.1 and Windows Server 2012 R2 file information
Properties

Article ID: 2973201 - Last Review: Oct 16, 2014 - Revision: 1

Windows RT 8.1, Windows 8.1, Windows 8.1 Enterprise, Windows 8.1 Pro, Windows Server 2012 R2 Datacenter, Windows Server 2012 R2 Essentials, Windows Server 2012 R2 Foundation, Windows Server 2012 R2 Standard, Windows RT, Windows 8, Windows 8 Enterprise, Windows 8 Pro, Windows Server 2012 Datacenter, Windows Server 2012 Datacenter, Windows Server 2012 Datacenter, Windows Server 2012 Datacenter, Windows Server 2012 Essentials, Windows Server 2012 Foundation, Windows Server 2012 Foundation, Windows Server 2012 Foundation, Windows Server 2012 Foundation, Windows Server 2012 Standard, Windows Server 2012 Standard, Windows Server 2012 Standard, Windows Server 2012 Standard, Windows 7 Service Pack 1, Windows 7 Enterprise, Windows 7 Professional, Windows 7 Ultimate, Windows 7 Home Premium, Windows 7 Home Basic, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Standard, Windows Server 2008 R2 Enterprise, Windows Server 2008 R2 Datacenter, Windows Server 2008 Service Pack 2, Windows Server 2008 for Itanium-Based Systems, Windows Server 2008 Datacenter, Windows Server 2008 Enterprise, Windows Server 2008 Standard, Windows Web Server 2008, Windows Vista Service Pack 2, Windows Vista Business, Windows Vista Enterprise, Windows Vista Home Basic, Windows Vista Home Premium, Windows Vista Starter, Windows Vista Ultimate, Windows Vista Enterprise 64-bit Edition, Windows Vista Home Basic 64-bit Edition, Windows Vista Home Premium 64-bit Edition, Windows Vista Ultimate 64-bit Edition, Windows Vista Business 64-bit Edition

Feedback