Zero-Day 2014- Úvod  Graf  Katalog Zranitelností  OWASP  Webové útoky (103)  Vulnerebility  Web Vul.  Top 50 in years  CVE Defination  ATT&CK Matrix for Enterprise


2020  2019  2018  2017  2016  2015  2014  2013  2012  2011  2010  2009


Microsoft Patch Tuesday – December 2014
ms-tuesday-patch-key-concept-colored-light.png

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing seven bulletins covering a total of 24 vulnerabilities. Thirteen of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the December releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms14-dec

The following is a breakdown of the issues being addressed this month:

MS14-075 Vulnerabilities in Microsoft Exchange Server Could Allow Security Feature Bypass (3009712)

Outlook Web Access Token Spoofing Vulnerability (CVE-2014-6319) MS Rating: Moderate

A token spoofing vulnerability exists in Exchange Server when Microsoft Outlook Web Access (OWA) fails to properly validate a request token.

OWA XSS Vulnerability (CVE-2014-6325) MS Rating: Important

An elevation of privilege vulnerability exists when Microsoft Exchange Server does not properly validate input. An attacker who successfully exploited this vulnerability could run script in the context of the current user.

OWA XSS Vulnerability (CVE-2014-6326) MS Rating: Important

An elevation of privilege vulnerability exists when Microsoft Exchange Server does not properly validate input. An attacker who successfully exploited this vulnerability could run script in the context of the current user.

Exchange URL Redirection Vulnerability (CVE-2014-6336) MS Rating: Important

A spoofing vulnerability exists in Microsoft Exchange when Microsoft Outlook Web Access (OWA) fails to properly validate redirection tokens.

MS14-080 Cumulative Security Update for Internet Explorer (3008923)

Internet Explorer Memory Corruption Vulnerability (CVE-2014-6327) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-6329) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-6330) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-6366) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-6369) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-6373) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-6374) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-6375) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-6376) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-8966) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

XSS Filter Bypass Vulnerability in Internet Explorer (CVE-2014-6328) MS Rating: Important

An XSS filter bypass vulnerability exists in the way Internet Explorer disables an HTML attribute in otherwise appropriately filtered HTTP response data. This vulnerability could allow initially disabled scripts to run in the wrong security context, leading to information disclosure.

XSS Filter Bypass Vulnerability in Internet Explorer (CVE-2014-6365) MS Rating: Important

An XSS filter bypass vulnerability exists in the way Internet Explorer disables an HTML attribute in otherwise appropriately filtered HTTP response data. This vulnerability could allow initially disabled scripts to run in the wrong security context, leading to information disclosure.

Internet Explorer ASLR Bypass Vulnerability (CVE-2014-6368) MS Rating: Important

A security feature bypass vulnerability exists when Internet Explorer does not use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. This vulnerability could allow an attacker to bypass the Address Space Layout Randomization (ASLR) security feature.

VBScript Memory Corruption Vulnerability (CVE-2014-6363) MS Rating: Critical

A remote code execution vulnerability exists in the way that the VBScript engine, when rendered in Internet Explorer, handles objects in memory. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

MS14-081 Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow (3017301)

Index Remote Code Execution Vulnerability (CVE-2014-6356) MS Rating: Critical

A remote code execution vulnerability exists in the way that Microsoft Word does not properly handle objects in memory while parsing specially crafted Office files. System memory may be corrupted in such a way that an attacker could execute arbitrary code.

Use After Free Word Remote Code Execution Vulnerability (CVE-2014-6357) MS Rating: Critical

A remote code execution vulnerability exists in the way that Microsoft Word does not properly handle objects in memory while parsing specially crafted Office files. System memory may be corrupted in such a way that an attacker could execute arbitrary code.

MS14-082 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3017349)

Microsoft Office Component Use After Free Vulnerability (CVE-2014-6364) MS Rating: Important

A remote code execution vulnerability exists in the context of the current user that is caused when Microsoft Word does not properly handle objects in memory while parsing specially crafted Office files.

MS14-083 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (3017347)

Global Free Remote Code Execution in Excel Vulnerability (CVE-2014-6360) MS Rating: Important

A remote code execution vulnerability exists in the way that Microsoft Excel does not properly handle objects in memory while parsing specially crafted Office files. System memory may be corrupted in such a way that an attacker could execute arbitrary code.

Excel Invalid Pointer Remote Code Execution Vulnerability (CVE-2014-6361) MS Rating: Important

A remote code execution vulnerability exists in the way that Microsoft Excel does not properly handle objects in memory while parsing specially crafted Office files. System memory may be corrupted in such a way that an attacker could execute arbitrary code.

MS14-084 Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3016711)

VBScript Memory Corruption Vulnerability (CVE-2014-6363) MS Rating: Critical

A remote code execution vulnerability exists in the way that the VBScript engine, when rendered in Internet Explorer, handles objects in memory. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

MS14-085 Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3013126)

Information Disclosure Vulnerability (CVE-2014-6355) MS Rating: Important

An information disclosure vulnerability exists in the Microsoft Graphics Component that could allow an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. The vulnerability is caused when the Microsoft Graphics Component improperly handles the decoding of JPEG images in memory. An attacker could use this information disclosure vulnerability to gain information about the system that could then be combined with other attacks to compromise the system.


Microsoft Patch Tuesday – November 2014
ms-tuesday-patch-key-concept-white-light 2_0.png

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing fourteen bulletins covering a total of 33 vulnerabilities. Fourteen of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the November releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms14-nov

The following is a breakdown of the issues being addressed this month:

MS14-064 Vulnerabilities in Windows OLE Could Allow Remote Code Execution (3011443)

Windows OLE Automation Array Remote Code Execution Vulnerability (CVE-2014-6332) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.

Windows OLE Remote Code Execution Vulnerability (CVE-2014-6352) MS Rating: Important

A remote code execution vulnerability exists in the context of the current user that is caused when a user downloads, or receives, and then opens a specially crafted Microsoft Office file that contains OLE objects.

MS14-065 Cumulative Security Update for Internet Explorer (3003057)

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4143) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-6337) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-6341) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-6342) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-6343) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-6344) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-6347) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-6348) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-6351) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-6353) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Elevation of Privilege Vulnerability (CVE-2014-6349) MS Rating: Important

An elevation of privilege vulnerability exists when Internet Explorer does not properly validate permissions under specific conditions. An attacker who successfully exploited this vulnerability could run scripts run with elevated privileges.

Internet Explorer Elevation of Privilege Vulnerability (CVE-2014-6350) MS Rating: Important

An elevation of privilege vulnerability exists when Internet Explorer does not properly validate permissions under specific conditions. An attacker who successfully exploited this vulnerability could run scripts run with elevated privileges.

Internet Explorer Cross-domain Information Disclosure Vulnerability (CVE-2014-6340) MS Rating: Important

An information disclosure vulnerability exists when Internet Explorer does not properly enforce cross-domain policies. An attacker could exploit this issue to gain access to information in another domain or Internet Explorer zone.

Internet Explorer Cross-domain Information Disclosure Vulnerability (CVE-2014-6345) MS Rating: Important

An information disclosure vulnerability exists when Internet Explorer does not properly enforce cross-domain policies. An attacker could exploit this issue to gain access to information in another domain or Internet Explorer zone.

Internet Explorer Cross-domain Information Disclosure Vulnerability (CVE-2014-6346) MS Rating: Important

An information disclosure vulnerability exists when Internet Explorer does not properly enforce cross-domain policies. An attacker could exploit this issue to gain access to information in another domain or Internet Explorer zone.

Internet Explorer Clipboard Information Disclosure Vulnerability (CVE-2014-6323) MS Rating: Important

An information disclosure vulnerability exists when Internet Explorer does not properly restrict access to the clipboard of a user who visits a website. The vulnerability could allow data stored on the Windows clipboard to be accessed by a malicious site. An attacker could collect information from the clipboard of a user if that user visits the malicious site.

Internet Explorer ASLR Bypass Vulnerability (CVE-2014-6339) MS Rating: Important

A security feature bypass vulnerability exists when Internet Explorer does not use the Address Space Layout Randomization (ASLR) security feature, which could allow an attacker to more reliably predict the memory offsets of specific instructions in a given call stack.

MS14-066 Vulnerability in Schannel Could Allow Remote Code Execution (2992611)

Microsoft Schannel Remote Code Execution Vulnerability (CVE-2014-6321) MS Rating: Critical

A remote code execution vulnerability exists in the Secure Channel (Schannel) security package due to the improper processing of specially crafted packets.

MS14-067 Vulnerability in XML Core Services Could Allow Remote Code Execution (2993958)

MSXML Remote Code Execution Vulnerability (CVE-2014-4118) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft XML Core Services (MSXML) improperly parses XML content, which can corrupt the system state in such a way as to allow an attacker to run arbitrary code. The vulnerability could allow a remote code execution if a user opens a specially crafted file or webpage.

MS14-069 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3009710)

Microsoft Office Double Delete Remote Code Execution Vulnerability (CVE-2014-6333) MS Rating: Important

A remote code execution vulnerability exists in the context of the current user that is caused when Microsoft Word does not properly handle objects in memory while parsing specially crafted Office files.

Microsoft Office Bad Index Remote Code Execution Vulnerability (CVE-2014-6334) MS Rating: Important

A remote code execution vulnerability exists in the context of the current user that is caused when Microsoft Word improperly handles objects in memory while parsing specially crafted Office files. This could corrupt system memory in such a way as to allow an attacker to execute arbitrary code.

Microsoft Office Invalid Pointer Remote Code Execution Vulnerability (CVE-2014-6335) MS Rating: Important

A remote code execution vulnerability exists in the context of the local user that is caused when Microsoft Word improperly handles objects in memory while parsing specially crafted Office files. This could corrupt system memory in such a way as to allow an attacker to execute arbitrary code.

MS14-070 Vulnerability in TCP/IP Could Allow Elevation of Privilege (2989935)

TCP/IP Elevation of Privilege Vulnerability (CVE-2014-4076) MS Rating: Important

An elevation of privilege vulnerability exists in the Windows TCP/IP stack (tcpip.sys, tcpip6.sys) that is caused when the Windows TCP/IP stack fails to properly handle objects in memory during IOCTL processing.

MS14-071 Vulnerability in Windows Audio Service Could Allow Elevation of Privilege (3005607)

Windows Audio Service Vulnerability (CVE-2014-6322) MS Rating: Important

An elevation of privilege vulnerability exists in the Windows audio service component that could be exploited through Internet Explorer. The vulnerability is caused when Internet Explorer does not properly validate permissions under specific conditions, potentially allowing script to be run with elevated privileges.

MS14-072 Vulnerability in .NET Framework Could Allow Elevation of Privilege (3005210)

TypeFilterLevel Vulnerability (CVE-2014-4149) MS Rating: Important

An elevation of privilege vulnerability exists in the way that .NET Framework handles TypeFilterLevel checks for some malformed objects.

MS14-073 Vulnerability in Microsoft SharePoint Foundation Could Allow Elevation of Privilege (3000431)

SharePoint Elevation of Privilege Vulnerability (CVE-2014-4116) MS Rating: Important

An elevation of privilege vulnerability exists when SharePoint Server does not properly sanitize page content in SharePoint lists. An authenticated attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user.

MS14-074 Vulnerability in Remote Desktop Protocol could allow Security Feature Bypass (3003743)

Remote Desktop Protocol (RDP) Failure to Audit Vulnerability (CVE-2014-6318) MS Rating: Important

A security feature bypass vulnerability exists in Remote Desktop Protocol (RDP) when RDP does not properly log failed logon attempts. The vulnerability could allow an attacker to bypass the audit logon security feature. The security feature bypass by itself does not allow an arbitrary code execution. However, an attacker could use this bypass vulnerability in conjunction with another vulnerability.

MS14-076 Vulnerability in Internet Information Services (IIS) Could Allow Security Feature Bypass (2982998)

IIS Security Feature Bypass Vulnerability (CVE-2014-4078) MS Rating: Important

A security feature bypass vulnerability exists in Internet Information Services (IIS) that is caused when incoming web requests are not properly compared against the 'IP and domain restriction' filtering list.

MS14-077 Vulnerability in Active Directory Federation Services could allow Information Disclosure (3003381)

Active Directory Federation Services Information Disclosure Vulnerability (CVE-2014-6331) MS Rating: Important

An information disclosure vulnerability exists when Active Directory Federation Services (AD FS) fails to properly log off a user. The vulnerability could allow an unintentional information disclosure.

MS14-078 Vulnerability in IME (Japanese) Could Allow Elevation of Privilege (2992719)

Microsoft IME (Japanese) Elevation of Privilege Vulnerability (CVE-2014-4077) MS Rating: Moderate

An elevation of privilege vulnerability exists in Microsoft IME for Japanese that is caused when a vulnerable sandboxed application uses Microsoft IME (Japanese).

MS14-079 Vulnerability in Kernel-Mode Driver Could Allow Denial of Service (3002885)

Denial of Service in Windows Kernel Mode Driver Vulnerability (CVE-2014-6317) MS Rating: Moderate

A denial of service vulnerability exists in the Windows kernel-mode driver that is caused by the improper handling of TrueType font objects in memory.


Microsoft Patch Tuesday – October 2014
ms-tuesday-patch-key-concept-white-light 2.png

Hello, welcome to this month's blog on the Microsoft patch release. This month, the vendor is releasing eight bulletins covering a total of 24 vulnerabilities. Thirteen of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the October releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms14-oct

The following is a breakdown of the issues being addressed this month:

MS14-056 Cumulative Security Update for Internet Explorer (2987107)

Internet Explorer Elevation of Privilege Vulnerability (CVE-2014-4123) MS Rating: Important

An elevation of privilege vulnerability exists within Internet Explorer. An attacker who successfully exploited this vulnerability could elevate privileges in affected versions of Internet Explorer. This vulnerability does not allow arbitrary code to be run. However, it could be exploited in conjunction with another vulnerability that could take advantage of the elevated privileges when running arbitrary code.

Internet Explorer Elevation of Privilege Vulnerability (CVE-2014-4124) MS Rating: Important

An elevation of privilege vulnerability exists within Internet Explorer. An attacker who successfully exploited this vulnerability could elevate privileges in affected versions of Internet Explorer. This vulnerability does not allow arbitrary code to be run. However, it could be exploited in conjunction with another vulnerability that could take advantage of the elevated privileges when running arbitrary code.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4126) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4127) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4128) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4129) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4130) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4132) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4133) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4134) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4137) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4138) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer ASLR Bypass Vulnerability (CVE-2014-4140) MS Rating: Important

A security feature bypass vulnerability exists in Internet Explorer that could allow an attacker to bypass the Address Space Layout Randomization (ASLR) security feature, which helps protect users from a broad class of vulnerabilities. The security feature bypass by itself does not allow an arbitrary code execution. However, an attacker could use this ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, that could take advantage of the ASLR bypass to run arbitrary code.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4141) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

MS14-057 Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414)

.NET ClickOnce Elevation of Privilege Vulnerability (CVE-2014-4073) MS Rating: Important

An elevation of privilege vulnerability exists in Microsoft .NET Framework that could allow an attacker to elevate privileges on the targeted system.

.NET Framework Remote Code Execution Vulnerability (CVE-2014-4121) MS Rating: Critical

A remote code execution vulnerability exists in the way that Microsoft .NET Framework improperly parses internationalized resource identifiers. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

.NET ASLR Vulnerability (CVE-2014-4122) MS Rating: Important

A security feature bypass vulnerability exists in Microsoft .NET Framework that could allow an attacker to bypass the Address Space Layout Randomization (ASLR) security feature, which helps protect users from a broad class of vulnerabilities. The security feature bypass by itself does not an allow arbitrary code execution. However, an attacker could use this ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, that could take advantage of the ASLR bypass to run arbitrary code.

MS14-058 Vulnerabilities in Kernel-Mode Driver Could Allow Remote Code Execution (3000061)

Win32k.sys Elevation of Privilege Vulnerability (CVE-2014-4113) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

TrueType Font Parsing Remote Code Execution Vulnerability (CVE-2014-4148) MS Rating: Critical

A remote code execution vulnerability exists when the Windows kernel-mode driver improperly handles TrueType fonts. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

MS14-059 Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass (2990942)

MVC XSS Vulnerability (CVE-2014-4075) MS Rating: Important

A cross-site scripting (XSS) vulnerability exists in ASP.NET MVC that could allow an attacker to inject a client-side script into the user's web browser. The script could spoof content, disclose information, or take any action that the user could take on the site on behalf of the targeted user.

MS14-060 Vulnerability in Windows OLE Could Allow Remote Code Execution (3000869)

Windows OLE Remote Code Execution Vulnerability (CVE-2014-4114) MS Rating: Important

A vulnerability exists in Windows OLE that could allow a remote code execution if a user opens a file that contains a specially crafted OLE object. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If the current user is logged on with administrative user rights, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS14-061 Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434)

Microsoft Word File Format Vulnerability (CVE-2014-4117) MS Rating: Important

A remote code execution vulnerability exists in way that Microsoft Office software parses certain properties of Microsoft Word files. If an attacker is successful in exploiting this vulnerability, and if the current user is logged on with administrative user rights, the attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS14-062 Vulnerability in Message Queuing Service Could Allow Elevation of Privilege (2993254)

MQAC Arbitrary Write Privilege Escalation Vulnerability (CVE-2014-4971) MS Rating: Important

A vulnerability exists in the Microsoft Message Queuing (MSMQ) service that could allow an attacker to elevate privileges on the targeted system.

MS14-063 Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege (2998579)

Windows Disk Partition Driver Elevation of Privilege Vulnerability (CVE-2014-4115) MS Rating: Important

An elevation of privilege vulnerability exists in the way the Windows FASTFAT system driver interacts with FAT32 disk partitions. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated privileges.


Microsoft Patch Tuesday – September 2014
ms-tuesday-patch-key-concept-white-light.png

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing four bulletins covering a total of 42 vulnerabilities. Thirty-six of this month's issues are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the September releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms14-sep

The following is a breakdown of the issues being addressed this month:

MS14-052 Cumulative Security Update for Internet Explorer (2977629)

Internet Explorer Resource Information Disclosure Vulnerability (CVE-2013-7331) MS Rating: Important

An information disclosure vulnerability exists in Internet Explorer which allows resources loaded into memory to be queried. This vulnerability could allow an attacker to detect anti-malware applications in use on a target and use the information to avoid detection.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2799) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4059) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4065) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4079) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4080) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4081) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4082) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4083) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4084) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4085) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4086) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4087) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4088) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4089) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4090) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4091) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4092) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4093) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4094) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4095) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4096) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4097) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4098) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4099) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4100) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4101) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4102) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4103) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4104) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4105) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4106) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4107) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4108) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4109) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4110) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4111) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

MS14-053 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2990931)

.NET Framework Denial of Service Vulnerability (CVE-2014-4072) MS Rating: Important

A denial of service vulnerability exists in the way that the Microsoft .NET Framework handles specially crafted requests, causing a hash collision. An attacker who successfully exploited this vulnerability could send a small number of specially crafted requests to a .NET server, causing performance to degrade significantly enough to cause a denial of service condition.

MS14-054 Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (2988948)

Task Scheduler Vulnerability (CVE-2014-4074) MS Rating: Important

An elevation of privilege vulnerability exists in how Windows Task Scheduler improperly conducts integrity checks on tasks. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user right.

MS14-055 Vulnerabilities in Microsoft Lync Server Could Allow Denial of Service (2990928)

Lync Denial of Service Vulnerability (CVE-2014-4068) MS Rating: Important

A denial of service vulnerability exists in Lync Server. An attacker who successfully exploited this vulnerability could cause the affected system to stop responding.

Lync XSS Information Disclosure Vulnerability (CVE-2014-4070) MS Rating: Important

A reflected cross-site scripting (XSS) vulnerability which could result in an information disclosure exists when Lync Server fails to properly sanitize specially crafted content. An attacker who successfully exploited this vulnerability could potentially execute scripts in the user’s browser to obtain information from web sessions.

Lync Denial of Service Vulnerability (CVE-2014-4071) MS Rating: Important

A denial of service vulnerability exists in Lync Server. An attacker who successfully exploited this vulnerability could cause the affected system to stop responding.


Microsoft Patch Tuesday – August 2014
Welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing nine bulletins covering a total of 37 vulnerabilities. Twenty-eight of this month's issues are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the August releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms14-aug

The following issues are addressed this month:

MS14-043 Vulnerability in Windows Media Center Could Allow Remote Code Execution (2978742)

CSyncBasePlayer Use After Free Vulnerability (CVE-2014-4060) MS Rating: Critical

A remote code execution vulnerability exists in Windows Media Center, which could be exploited by convincing a user to open a specially crafted Microsoft Office file.

MS14-044 Vulnerabilities in SQL Server Could Allow Elevation of Privilege (2984340)

Microsoft SQL Server Stack Overrun Vulnerability (CVE-2014-4061) MS Rating: Important

A denial of service vulnerability exists in SQL Server. An attacker who successfully exploited this vulnerability could cause the server to stop responding until a manual reboot is initiated.

SQL Master Data Services XSS Vulnerability (CVE-2014-1820) MS Rating: Important

An XSS vulnerability exists in SQL Master Data Services (MDS) that could allow an attacker to inject a client-side script into the user's instance of Internet Explorer. The script could spoof content, disclose information, or take any action that the user could take on the site on behalf of the targeted user.

MS14-045 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2984615)

Win32k Elevation of Privilege Vulnerability (CVE-2014-0318) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles window handle thread-owned objects. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

Font Double-Fetch Vulnerability (CVE-2014-1819) MS Rating: Important

An elevation of privilege vulnerability exists in the way that the affected component handles objects from specially crafted font files. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated privileges.

Windows Kernel Pool Allocation Vulnerability (CVE-2014-4064) MS Rating: Important

An information disclosure vulnerability exists in the way Windows kernel memory is managed. An attacker who successfully exploited this vulnerability could use it to disclose memory addresses or other sensitive kernel information.

MS14-046 Vulnerability in .NET Framework Could Allow Security Feature Bypass (2984625)

.NET ASLR Vulnerability (CVE-2014-4062) MS Rating: Important

A security feature bypass vulnerability exists in the Microsoft .NET Framework that could allow an attacker to bypass the Address Space Layout Randomization (ASLR) security feature, which helps protect users from a broad class of vulnerabilities. The security feature bypass by itself does not allow arbitrary code execution, however an attacker could use this ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, that could take advantage of the ASLR bypass to run arbitrary code.

MS14-047 Vulnerability in LRPC Could Allow Security Feature Bypass (2978668)

LRPC ASLR Bypass Vulnerability (CVE-2014-0316) MS Rating: Important

A security feature bypass vulnerability exists in Microsoft Remote Procedure Call (LRPC). An LRPC server may leak the message it receives from the client if the message is a specific type and has a data view attached (not expected for messages of this type). RPC considers this an error and returns, but does not free the message. This allows the client to fill up the address space of the server with such messages.

MS14-048 Vulnerability in OneNote Could Allow Remote Code Execution (2977201)

OneNote Remote Code Execution Vulnerability (CVE-2014-2815) MS Rating: Important

A remote code execution vulnerability exists in the way that Microsoft OneNote parses specially crafted files. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS14-049 Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (2962490)

Windows Installer Repair Vulnerability (CVE-2014-1814) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows Installer service improperly handles the repair of a previously installed application. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

MS14-050 Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege (2977202)

SharePoint Page Content Vulnerability (CVE-2014-2816) MS Rating: Important

An elevation of privilege vulnerability exists in SharePoint Server. An authenticated attacker who successfully exploited this vulnerability could use a specially crafted application to run arbitrary code in the security context of the logged-on user.

MS14-051 Cumulative Security Update for Internet Explorer (2976627)

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2774) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2784) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2796) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2808) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2810) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2811) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Elevation of Privilege Vulnerability (CVE-2014-2817) MS Rating: Important

An elevation of privilege vulnerability exists in Internet Explorer. An attacker who successfully exploited this vulnerability could elevate privileges in affected versions of Internet Explorer.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2818) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Elevation of Privilege Vulnerability (CVE-2014-2819) MS Rating: Important

An elevation of privilege vulnerability exists in Internet Explorer. An attacker who successfully exploited this vulnerability could elevate privileges in affected versions of Internet Explorer.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2820) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2821) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2822) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2823) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2824) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2825) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2826) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2827) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4050) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4051) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4052) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4055) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4056) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4057) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4058) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4063) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-4067) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.


Microsoft Patch Tuesday – July 2014
Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing six bulletins covering a total of 29 vulnerabilities. Twenty-four of this month's issues are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the July releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms14-jul

The following is a breakdown of the issues being addressed this month:

MS14-037 Cumulative Security Update for Internet Explorer (2975687)

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1763) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1765) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2785) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2786) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2787) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2788) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2789) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2790) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2791) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2792) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2794) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2795) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2797) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2798) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2800) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2801) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2802) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2803) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2804) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2806) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2807) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2809) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2813) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Extended Validation (EV) Certificate Security Feature Bypass Vulnerability (CVE-2014-2783) MS Rating: Moderate

A security feature bypass vulnerability exists in Internet Explorer because Extended Validation (EV) SSL Certificate Guidelines, which disallow the use of wildcard certificates, are not properly enforced. An attacker could bypass EV SSL Certificate Guidelines by using a wildcard certificate. EV SSL certificates issued by Certificate Authorities (CA) in compliance with Extended Validation (EV) SSL Certificate Guidelines cannot be used to exploit this vulnerability.

MS14-038 Vulnerability in Windows Journal Could Allow Remote Code Execution (2975689)

Remote Code Execution Vulnerability in Windows Journal (CVE-2014-1824) MS Rating: Critical

A remote code execution vulnerability exists in the way that Windows Journal parses specially crafted files. The vulnerability could lead to a remote code execution if a user opens a specially crafted Journal file. If a user is logged on with administrative rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS14-039 Vulnerability in On-Screen Keyboard Could Allow Elevation of Privilege (2975685)

Elevation of Privilege Vulnerability in On-Screen Keyboard (CVE-2014-2781) MS Rating: Important

A vulnerability exists in the On-Screen Keyboard that could allow a local elevation of privilege.

MS14-040 Vulnerability in Ancillary Function Driver (AFD) Could Allow Elevation of Privilege (2975684)

Ancillary Function Driver Elevation of Privilege Vulnerability (CVE-2014-1767) MS Rating: Important

A vulnerability exists in the Ancillary Function Driver (AFD) that could allow an elevation of privilege. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS14-041 Vulnerability in DirectShow Could Allow Elevation of Privilege (2975681)

Elevation of Privilege Vulnerability in DirectShow (CVE-2014-2780) MS Rating: Important

A vulnerability exists in DirectShow that could allow an elevation of privilege.

MS14-042 Vulnerability in Microsoft Service Bus Could Allow Denial of Service (2972621)

Service Bus Denial of Service Vulnerability (CVE-2014-2814) MS Rating: Moderate

A denial of service vulnerability exists in Microsoft Service Bus for Windows Server. An authenticated attacker who successfully exploited the vulnerability could cause the Service Bus to stop responding to incoming AMQP messages.


Microsoft Patch Tuesday – June 2014
Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing seven bulletins covering a total of 66 vulnerabilities. Fifty-five of this month's issues are rated �Critical�.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the June releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms14-jun

The following is a breakdown of the issues being addressed this month:

MS14-030 Vulnerability in Remote Desktop Could Allow Tampering (2969259)

RDP MAC Vulnerability (CVE-2014-0296) MS Rating: Important

A tampering vulnerability exists in the Remote Desktop Protocol. The vulnerability may allow an attacker to modify the traffic content of an active RDP session.

MS14-031 Vulnerability in TCP Protocol Could Allow Denial of Service (2962478)

TCP Denial of Service Vulnerability (CVE-2014-1811) MS Rating: Important

A denial of service vulnerability exists in the Windows TCP/IP networking protocol. An attacker who successfully exploited this vulnerability could cause the affected system to stop responding.

MS14-032 Vulnerability in Microsoft Lync Could Allow Information Disclosure (2969258)

Lync Server Content Sanitization Vulnerability (CVE-2014-1823) MS Rating: Important

An information disclosure vulnerability exists when Lync Server fails to properly sanitize specially crafted content. An attacker who successfully exploited this vulnerability could potentially execute scripts in the user’s browser to obtain information from web sessions.

MS14-033 Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2966061)

MSXML Entity URI Vulnerability (CVE-2014-1816) MS Rating: Important

An information disclosure vulnerability exists in the way that Microsoft Windows parses XML content. The vulnerability may allow an attacker to access information not otherwise allowed.

MS14-034 Vulnerability in Microsoft Word Could Allow Remote Code Execution (2969261)

Embedded Font Vulnerability (CVE-2014-2778) MS Rating: Important

A remote code execution vulnerability exists in the way that affected Microsoft Office software parses specially crafted files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS14-035 Cumulative Security Update for Internet Explorer (2969262)

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0282) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1762) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1766) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1769) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1770) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1772) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1773) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1774) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1775) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1779) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1780) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1781) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1782) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1783) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1784) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1785) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1786) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1788) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1789) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1790) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1791) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1792) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1794) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1795) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1796) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1797) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1799) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1800) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1802) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1803) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1804) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1805) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2753) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2754) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2755) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2756) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2757) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2758) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2759) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2760) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2761) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2763) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2764) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2765) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2766) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2767) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2768) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2769) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2770) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2771) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2772) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2773) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2775) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-2776) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

TLS Server Certificate Renegotiation Vulnerability (CVE-2014-1771) MS Rating: Important

An information disclosure vulnerability exists in the way that Internet Explorer handles the negotiation of certificates in a TLS session. An attacker who successfully exploited this vulnerability could hijack a mutually authenticated TLS connection between Internet Explorer and an arbitrary target server.

Internet Explorer Elevation of Privilege Vulnerability (CVE-2014-1764) MS Rating: Important

An elevation of privilege vulnerability exists within Internet Explorer. An attacker who successfully exploited this vulnerability could elevate privileges in affected versions of Internet Explorer. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with another vulnerability (e.g., a remote code execution vulnerability) that could take advantage of the elevated privileges when running arbitrary code.

Internet Explorer Elevation of Privilege Vulnerability (CVE-2014-1778) MS Rating: Important

An elevation of privilege vulnerability exists within Internet Explorer. An attacker who successfully exploited this vulnerability could elevate privileges in affected versions of Internet Explorer. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with another vulnerability (e.g., a remote code execution vulnerability) that could take advantage of the elevated privileges when running arbitrary code.

Internet Explorer Elevation of Privilege Vulnerability (CVE-2014-2777) MS Rating: Important

An elevation of privilege vulnerability exists within Internet Explorer. An attacker who successfully exploited this vulnerability could elevate privileges in affected versions of Internet Explorer. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with another vulnerability (e.g., a remote code execution vulnerability) that could take advantage of the elevated privileges when running arbitrary code.

Internet Explorer Information Disclosure Vulnerability (CVE-2014-1777) MS Rating: Important

An information disclosure vulnerability exists within Internet Explorer during validation of local file installation.

MS14-036 Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code (2967487)

Unicode Scripts Processor Vulnerability (CVE-2014-1817) MS Rating: Critical

A remote code execution vulnerability exists in the way that affected components handle specially crafted font files. The vulnerability could allow a remote code execution if a user opens a specially crafted file or webpage. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

GDI+ Image Parsing Vulnerability (CVE-2014-1818) MS Rating: Important

A remote code execution vulnerability exists in the way that GDI+ handles validation of specially crafted images. The vulnerability could allow a remote code execution if a user opens a specially crafted image. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.


Microsoft Patch Tuesday – May 2014
Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing eight bulletins covering a total of 13 vulnerabilities. Three of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the May releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms14-may

The following is a breakdown of the issues being addressed this month:

MS14-022 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2952166)

SharePoint Page Content Vulnerabilities (CVE-2014-0251) MS Rating: Important

Multiple remote code execution vulnerabilities exist in Microsoft SharePoint Server. An authenticated attacker who successfully exploited any of these related vulnerabilities could run arbitrary code in the security context of the W3WP service account.

SharePoint XSS Vulnerability (CVE-2014-1754) MS Rating: Critical

An elevation of privilege vulnerability exists in Microsoft SharePoint Server. An attacker who successfully exploited this vulnerability could allow an attacker to perform cross-site scripting attacks and run script in the security context of the logged-on user.

Web Applications Page Content Vulnerability (CVE-2014-1813) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Web Applications. An authenticated attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the W3WP service account.

MS14-023 Vulnerability in Microsoft Office Could Allow Remote Code Execution (2961037)

Microsoft Office Chinese Grammar Checking Vulnerability (CVE-2014-1756) MS Rating: Important

A remote code execution vulnerability exists in the way that the affected Microsoft Office software handles the loading of dynamic-link library (.dll) files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Token Reuse Vulnerability (CVE-2014-1808) MS Rating: Important

An information disclosure vulnerability exists when the affected Microsoft Office software does not properly handle a specially crafted response while attempting to open an Office file hosted on the malicious website. An attacker who successfully exploited this vulnerability could ascertain access tokens used to authenticate the current user on a targeted Microsoft online service.

MS14-024 Vulnerability in a Microsoft Common Control Could Allow Security Feature Bypass (2961033)

MSCOMCTL ASLR Vulnerability (CVE-2014-1809) MS Rating: Important

A security feature bypass vulnerability exists because the MSCOMCTL common controls library used by Microsoft Office software does not properly implement Address Space Layout Randomization (ASLR). The vulnerability could allow an attacker to bypass the ASLR security feature, which helps protect users from a broad class of vulnerabilities. The security feature bypass by itself does not allow an arbitrary code execution. However, an attacker could use this ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability that could take advantage of the ASLR bypass to run arbitrary code.

MS14-025 Vulnerability in Group Policy Preferences Could Allow Elevation of Privilege (2962486)

Group Policy Preferences Password Elevation of Privilege Vulnerability (CVE-2014-1812) MS Rating: Important

An elevation of privilege vulnerability exists in the way that Active Directory distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploited the vulnerability could decrypt the passwords and use them to elevate privileges on the domain.

MS14-026 Vulnerability in .NET Framework Could Allow Elevation of Privilege (2958732)

TypeFilterLevel Vulnerability (CVE-2014-1806) MS Rating: Important

An elevation of privilege vulnerability exists in the way that the .NET Framework handles TypeFilterLevel checks for some malformed objects.

MS14-027 Vulnerability in Windows Shell Handler Could Allow Elevation of Privilege (2962488)

Windows Shell File Association Vulnerability (CVE-2014-1807) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows Shell improperly handles file associations. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the Local System account. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

MS14-028 Vulnerability in iSCSI Could Allow Denial of Service (2962485)

iSCSI Target Remote Denial of Service Vulnerability (CVE-2014-0255) MS Rating: Important

A denial of service vulnerability exists in the way that affected operating systems handle iSCSI packets. An attacker who successfully exploited the vulnerability could cause the affected service or services to stop responding.

iSCSI Target Remote Denial of Service Vulnerability (CVE-2014-0256) MS Rating: Important

A denial of service vulnerability exists in the way that affected operating systems handle iSCSI connections. An attacker who successfully exploited the vulnerability could cause the affected service or services to stop responding.

MS14-029 Security Security Update for Internet Explorer (2962482)

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0310) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1815) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.


Microsoft Patch Tuesday – April 2014
Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing four bulletins covering a total of 11 vulnerabilities. Seven of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the April releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms14-apr

The following is a breakdown of the issues being addressed this month:

MS14-017 Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2949660)

Microsoft Office File Format Converter Vulnerability (CVE-2014-1757) MS Rating: Important

A remote code execution vulnerability exists in the way that affected Microsoft Office software converts specially crafted files. An attacker who successfully exploited this vulnerability could run arbitrary code as the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Microsoft Word Stack Overflow Vulnerability (CVE-2014-1758) MS Rating: Important

A remote code execution vulnerability exists in the way that Microsoft Word parses specially crafted files. An attacker who successfully exploited this vulnerability could run arbitrary code as the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Word RTF Memory Corruption Vulnerability (CVE-2014-1761) MS Rating: Critical

A remote code execution vulnerability exists in the way that Microsoft Word parses specially crafted files. An attacker who successfully exploited this vulnerability could run arbitrary code as the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS14-018 Cumulative Security Update for Internet Explorer (2950467)

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0235) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1751) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1752) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1753) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1755) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-1760) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

MS14-019 Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2922229)

Windows File Handling Vulnerability (CVE-2014-0315) MS Rating: Important

A remote code execution vulnerability exists in the way that Microsoft Windows processes .bat and .cmd files that are run from an external network. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS14-020 Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (2950145)

Arbitrary Pointer Dereference Vulnerability (CVE-2014-1759) MS Rating: Important

A remote code execution vulnerability exists in the way that Microsoft Publisher parses specially crafted files. An attacker who successfully exploited this vulnerability could run arbitrary code as the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.


Microsoft Patch Tuesday – March 2014
Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing five bulletins covering a total of 23 vulnerabilities. Nineteen of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the March releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms14-mar

The following is a breakdown of the issues being addressed this month:

MS14-012 Cumulative Security Update for Internet Explorer (2925418)

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0297) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0298) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0299) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0302) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0303) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0304) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0305) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0306) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0307) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0308) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0309) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0311) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0312) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0313) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0314) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0321) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0322) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0324) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

MS14-013 Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2929961)

DirectShow Memory Corruption Vulnerability (CVE-2014-0301) MS Rating: Critical

A remote code execution vulnerability exists in the way that Microsoft DirectShow parses specially crafted JPEG image files. The vulnerability could allow a remote code execution if a user opens a specially crafted image file. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS14-014 Vulnerability in Silverlight Could Allow Security Feature Bypass (2932677)

Silverlight DEP/ASLR Bypass Vulnerability (CVE-2014-0319) MS Rating: Important

A security feature vulnerability exists in Silverlight due to the improper implementation of Data Execution Protection (DEP) and Address Space Layout Randomization (ASLR). The vulnerability could allow an attacker to bypass the DEP/ASLR security feature, most likely during, or in the course of exploiting a remote code execution vulnerability.

MS14-015 Vulnerabilities in Windows Kernel Mode Driver Could Allow Elevation of Privilege (2930275)

Win32k Elevation of Privilege Vulnerability (CVE-2014-0300) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and read arbitrary amounts of kernel memory.

Win32k Information Disclosure Vulnerability (CVE-2014-0323) MS Rating: Important

An information disclosure vulnerability exists in the way that the Windows kernel-mode driver improperly handles objects in memory.

MS14-016 Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (2934418)

SAMR Security Feature Bypass Vulnerability (CVE-2014-0317) MS Rating: Important

A security feature bypass vulnerability exists when the Security Account Manager Remote (SAMR) protocol incorrectly validates the user lockout state.


Microsoft Patch Tuesday – February 2014
Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing seven bulletins covering a total of thirty-one vulnerabilities. Twenty-five of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the February releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms14-feb

The following is a breakdown of the issues being addressed this month:

MS14-010 Cumulative Security Update for Internet Explorer (2909921)

Internet Explorer Elevation of Privilege Vulnerability (CVE-2014-0268) MS Rating: Important

An elevation of privilege vulnerability exists within Internet Explorer during the validation of a local file installation and during the secure creation of registry keys.

VBScript Memory Corruption Vulnerability (CVE-2014-0271) MS Rating: Critical

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Internet Explorer Cross Domain Information Disclosure Vulnerability (CVE-2014-0293) MS Rating: Important

An information disclosure vulnerability exists in Internet Explorer that could allow an attacker to gain access to information in another domain or Internet Explorer zone. An attacker could exploit the vulnerability by constructing a specially crafted webpage that could allow an information disclosure if a user viewed the webpage. An attacker who successfully exploited this vulnerability could view content from another domain or Internet Explorer zone.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0267) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0269) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0270) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0272) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0273) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0274) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0275) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0276) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0277) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0278) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0279) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0280) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0281) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0283) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0284) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0285) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0286) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0287) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0288) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0289) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2014-0290) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

MS14-011 Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390)

VBScript Memory Corruption Vulnerability (CVE-2014-0271) MS Rating: Critical

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS14-007 Vulnerability in Direct2D Could Allow Remote Code Execution (2912390)

Microsoft Graphics Component Memory Corruption Vulnerability (CVE-2014-0263) MS Rating: Critical

A remote code execution vulnerability exists in the way that affected Windows components handle specially crafted 2D geometric figures. The vulnerability could allow a remote code execution if a user views files containing such specially crafted figures using Internet Explorer. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

MS14-008 Vulnerability in Microsoft Forefront Protection for Exchange Could Allow Remote Code Execution (2927022)

RCE Vulnerability (CVE-2014-0294) MS Rating: Critical

A remote code execution vulnerability exists in Forefront Protection for Exchange. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the configured service account.

MS14-009 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2916607)

POST Request DoS Vulnerability (CVE-2014-0253) MS Rating: Important

A denial of service vulnerability exists in Microsoft ASP.NET that could allow an attacker to cause an ASP.NET server to become unresponsive.

Type Traversal Vulnerability (CVE-2014-0257) MS Rating: Important

An elevation of privilege vulnerability exists in the Microsoft.NET Framework that could allow an attacker to elevate privileges on the targeted system.

VSAVB7RT ASLR Vulnerability (CVE-2014-0295) MS Rating: Important

A security feature bypass exists in a .NET Framework component that does not properly implement Address Space Layout Randomization (ASLR). The vulnerability could allow an attacker to bypass the ASLR security feature, after which the attacker could load additional malicious code in the process in an attempt to exploit another vulnerability.

MS14-005 Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2916036)

MSXML Information Disclosure Vulnerability (CVE-2014-0266) MS Rating: Important

An information-disclosure vulnerability exists that could allow an attacker to read files on the local file system of a user or read content of web domains where a user is currently authenticated to when the user views specially crafted web content that is designed to invoke MSXML through Internet Explorer.

MS14-006 Vulnerability in IPv6 Could Allow Denial of Service (2904659)

TCP/IP Version 6 (IPv6) Denial of Service Vulnerability (CVE-2014-0254) MS Rating: Important

A denial of service vulnerability exists in Windows in the IPv6 implementation of TCP/IP. An attacker who successfully exploited this vulnerability could cause the affected system to stop responding.


Microsoft Patch Tuesday – January 2014
Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing four bulletins covering a total of six vulnerabilities. All six of this month's issues are rated ’Important’.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the January releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Jan

The following is a breakdown of the issues being addressed this month:

MS14-001 Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605)

Memory Corruption Vulnerability in Microsoft Word (CVE-2014-0258) MS Rating: Important

A remote code execution vulnerability exists in the way that affected Microsoft Office software parses specially crafted files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.

Memory Corruption Vulnerability in Microsoft Word (CVE-2014-0259) MS Rating: Important

A remote code execution vulnerability exists in the way that affected Microsoft Office software parses specially crafted files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.

Memory Corruption Vulnerability in Microsoft Word (CVE-2014-0260) MS Rating: Important

A remote code execution vulnerability exists in the way that affected Microsoft Office software parses specially crafted files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.

MS14-002 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2914368)

Kernel NDProxy Vulnerability (CVE-2013-5065) MS Rating: Important

An elevation of privilege vulnerability exists in the NDProxy component of the Windows kernel due to the improper validation of input passed from user mode to the kernel. The vulnerability could allow an attacker to run code in kernel mode. An attacker who successfully exploited this vulnerability could run a specially crafted application and take complete control of an affected system. The attacker could then install programs, view, change, or delete data, or create new accounts with full administrator rights.

MS14-003 Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2913602)

Win32k Window Handle Vulnerability (CVE-2014-0262) MS Rating: Important

An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly uses window handle thread-owned objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated privileges.

MS14-004 Vulnerability in Microsoft Dynamics AX Could Allow Denial of Service (2880826)

Query Filter DoS Vulnerability (CVE-2014-0261) MS Rating: Important

A denial of service vulnerability exists in Microsoft Dynamics AX that could allow an attacker to cause a Dynamics AX server to become unresponsive.