HackDig : Dig high-quality web security articles for hacker

VERT Alert – October 14, 2014

2014-10-15 04:10

Today’s VERT Alert addresses 8 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-585 on Wednesday, October 15.

MS14-056

Multiple Elevation of Privilege Vulnerabilities in Internet ExplorerMULTIPLE
Internet Explorer ASLR Bypass VulnerabilityCVE-2014-4140
Multiple Memory Corruption Vulnerabilities in Internet ExplorerMULTIPLE

MS14-057

.NET ClickOnce Elevation of Privilege VulnerabilityCVE-2014-4073
.NET Framework Remote Code Execution VulnerabilityCVE-2014-4121
.NET ASLR VulnerabilityCVE-2014-4122

MS14-058

Win32k.sys Elevation of Privilege VulnerabilityCVE-2014-4113
TrueType Font Parsing Remote Code Execution VulnerabilityCVE-2014-4148

MS14-059

MVC XSS VulnerabilityCVE-2014-4075

MS14-060

Windows OLE Remote Code Execution VulnerabilityCVE-2014-4114

MS14-061

Microsoft Word File Format VulnerabilityCVE-2014-4117

MS14-062

MSQC Arbitrary Write Privilege Escalation VulnerabilityCVE-2014-4971

MS14-063

Windows Disk Partition Driver Elevation of Privilege Vulnerability

CVE-2014-4115

MS14-056

The first bulletin this month belongs to Internet Explorer and, like most months, it contains the bulk of the CVEs fixed. There are a couple of interesting vulnerabilities that should be pointed out this month. The first is one of the privilege escalation CVEs, CVE-2014-4123, which has seen active exploitation in the wild. The second is CVE-2014-4140, which is an ASLR bypass… these vulnerabilities are always popular with attackers.

MS14-057

The second bulletin this month addresses three CVEs related to .NET. Rather than provide limited details, we suggest you read the blog post that Microsoft released related to this bulletin[1].

MS14-058

Up next, we have MS14-058, a typical win32k.sys update. This bulletin resolves two vulnerabilities, both of which are currently being exploited in the wild, so it should be ranked relatively high on your patch installation list.

MS14-059

The next bulletin for ASP.NET MVC contains a single vulnerability fix for a Cross-Site Scripting vulnerability. Due to the nature of ASP.NET MVC, it’s important to note that you may have to resolve both development environments and deployed applications. Please take care to ensure that all systems are appropriately updated.

MS14-060

Up next we have the bulletin that’s making the most news today, the vulnerability utilized in the Sandworm attacks discussed by iSIGHT Partners[2]. This attack requires that you open a document containing malicious OLE content. It is another example of how proper user training can greatly reduce your attack surface.

MS14-061

The next bulletin this month, MS14-061, discusses a single vulnerability affecting Microsoft Word file format parsing. For anyone looking to make the case to upgrade to the latest version of Office this is a great argument point, as Microsoft Office 2013 isn’t affected. It is important to know, however, that SharePoint 2010 Word Automation Services and Office Web Apps 2010 are both also affected.

MS14-062

This bulletin, MS14-062, is evidence that there are still issues related to only the oldest supported versions of software. If you’re running Server 2003 in your environment, we can only hope you have started working on an upgrade plan because the software is more than a little dated at this point. This specific issue affects the message queuing service (MSMQ) and, if it wasn’t clear, this issue affects only Windows Server 2003.

MS14-063

The final attack this month involves the FASTFAT driver, which supports FAT32 disk partitions. This vulnerability is likely to see limited real world attack scenarios, as it requires connecting a FAT32 formatted device with malicious data in the partition table to a vulnerable computer. The biggest risk here will be from insiders, where a user brings in a malicious thumb drive either purposely or on accident.

 

As always, VERT recommends that you apply all the patches as soon as possible but also that you fully vet patches (when possible) before applying them to production systems.

 

Ease of Use (published exploits) to Risk Table

Automated Exploit
Easy
Moderate
MS14-056
MS14-060
MS14-058
Difficult
Extremely Difficult
No Known Exploit
MS14-061MS14-059MS14-057
MS14-062
MS14-063
Exposure
Local
Availability
Local
Access
Remote
Availability
Remote
Access
Local
Privileged
Remote
Privileged


Source: /My_XRd_GnxO/3~/ytiruces-fo-etats-eriwpirt/r~/moc.elgoog.yxorpdeef

Read:1319 | Comments:0 | Tags:Featured Articles Vulnerability Management VERT

“VERT Alert – October 14, 2014”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud