Endpoint Protection

Microsoft Patch Tuesday – October 2014 

10-14-2014 04:37 PM

ms-tuesday-patch-key-concept-white-light 2.png

Hello, welcome to this month's blog on the Microsoft patch release. This month, the vendor is releasing eight bulletins covering a total of 24 vulnerabilities. Thirteen of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the October releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms14-oct

The following is a breakdown of the issues being addressed this month:

  1. MS14-056 Cumulative Security Update for Internet Explorer (2987107)

    Internet Explorer Elevation of Privilege Vulnerability (CVE-2014-4123) MS Rating: Important

    An elevation of privilege vulnerability exists within Internet Explorer. An attacker who successfully exploited this vulnerability could elevate privileges in affected versions of Internet Explorer. This vulnerability does not allow arbitrary code to be run. However, it could be exploited in conjunction with another vulnerability that could take advantage of the elevated privileges when running arbitrary code.

    Internet Explorer Elevation of Privilege Vulnerability (CVE-2014-4124) MS Rating: Important

    An elevation of privilege vulnerability exists within Internet Explorer. An attacker who successfully exploited this vulnerability could elevate privileges in affected versions of Internet Explorer. This vulnerability does not allow arbitrary code to be run. However, it could be exploited in conjunction with another vulnerability that could take advantage of the elevated privileges when running arbitrary code.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-4126) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-4127) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-4128) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-4129) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-4130) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-4132) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-4133) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-4134) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-4137) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-4138) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer ASLR Bypass Vulnerability (CVE-2014-4140) MS Rating: Important

    A security feature bypass vulnerability exists in Internet Explorer that could allow an attacker to bypass the Address Space Layout Randomization (ASLR) security feature, which helps protect users from a broad class of vulnerabilities. The security feature bypass by itself does not allow an arbitrary code execution. However, an attacker could use this ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, that could take advantage of the ASLR bypass to run arbitrary code.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-4141) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

  2. MS14-057 Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414)

    .NET ClickOnce Elevation of Privilege Vulnerability (CVE-2014-4073) MS Rating: Important

    An elevation of privilege vulnerability exists in Microsoft .NET Framework that could allow an attacker to elevate privileges on the targeted system.

    .NET Framework Remote Code Execution Vulnerability (CVE-2014-4121) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Microsoft .NET Framework improperly parses internationalized resource identifiers. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    .NET ASLR Vulnerability (CVE-2014-4122) MS Rating: Important

    A security feature bypass vulnerability exists in Microsoft .NET Framework that could allow an attacker to bypass the Address Space Layout Randomization (ASLR) security feature, which helps protect users from a broad class of vulnerabilities. The security feature bypass by itself does not an allow arbitrary code execution. However, an attacker could use this ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, that could take advantage of the ASLR bypass to run arbitrary code.

  3. MS14-058 Vulnerabilities in Kernel-Mode Driver Could Allow Remote Code Execution (3000061)

    Win32k.sys Elevation of Privilege Vulnerability (CVE-2014-4113) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

    TrueType Font Parsing Remote Code Execution Vulnerability (CVE-2014-4148) MS Rating: Critical

    A remote code execution vulnerability exists when the Windows kernel-mode driver improperly handles TrueType fonts. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

  4. MS14-059 Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass (2990942)

    MVC XSS Vulnerability (CVE-2014-4075) MS Rating: Important

    A cross-site scripting (XSS) vulnerability exists in ASP.NET MVC that could allow an attacker to inject a client-side script into the user's web browser. The script could spoof content, disclose information, or take any action that the user could take on the site on behalf of the targeted user.

  5. MS14-060 Vulnerability in Windows OLE Could Allow Remote Code Execution (3000869)

    Windows OLE Remote Code Execution Vulnerability (CVE-2014-4114) MS Rating: Important

    A vulnerability exists in Windows OLE that could allow a remote code execution if a user opens a file that contains a specially crafted OLE object. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If the current user is logged on with administrative user rights, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  6. MS14-061 Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434)

    Microsoft Word File Format Vulnerability (CVE-2014-4117) MS Rating: Important

    A remote code execution vulnerability exists in way that Microsoft Office software parses certain properties of Microsoft Word files. If an attacker is successful in exploiting this vulnerability, and if the current user is logged on with administrative user rights, the attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  7. MS14-062 Vulnerability in Message Queuing Service Could Allow Elevation of Privilege (2993254)

    MQAC Arbitrary Write Privilege Escalation Vulnerability (CVE-2014-4971) MS Rating: Important

    A vulnerability exists in the Microsoft Message Queuing (MSMQ) service that could allow an attacker to elevate privileges on the targeted system.

  8. MS14-063 Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege (2998579)

    Windows Disk Partition Driver Elevation of Privilege Vulnerability (CVE-2014-4115) MS Rating: Important

    An elevation of privilege vulnerability exists in the way the Windows FASTFAT system driver interacts with FAT32 disk partitions. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated privileges.

More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.