VERT Alert - May 1, 2014

Today’s VERT Alert addresses 1 new Out of Band Microsoft Security Bulletins. VERT is actively working on coverage for this bulletin in order to meet our 24-hour SLA and expects to ship ASPL-560 on Friday, May 2nd.

MS14-021

Internet Explorer Memory Corruption Vulnerability

CVE-2014-1776

MS14-021

Microsoft is releasing a single Out of Band patch today for a vulnerability that was first identified at the beginning of this week. The vulnerability was identified as being used in limited, targeted attacks and the release of this Out of Band may indicate an increase in the number of attacks. Given the publicity of this vulnerability combined with the rapid release of an Out of Band, it may be advisable to break standard testing procedure and deploy the patch as quickly as possible. That is a decision that individuals and organizations will have to make for their own environments. It’s also important to note that Microsoft has released an update for Windows XP, even though it is no longer supported. This further speaks to the severity of this vulnerability.

Additional Information

As always, VERT recommends that you apply all the patches as soon as possible but also that you fully vet patches (when possible) before applying them to production systems.

Ease of Use (published exploits) to Risk Table

Automated Exploit
             
Easy
             
Moderate
    MS14-021        
Difficult
             
Extremely Difficult
             
No Known Exploit
         
 
 
 
Exposure
Local
Availability
Local
Access
Remote
Availability
Remote
Access
Local
Privileged
Remote
Privileged