Skip to content ↓ | Skip to navigation ↓

Today’s Vulnerability and Exposure Research Team (VERT) Alert addresses one new Out of Band Microsoft Security Bulletin. VERT is actively working on coverage for this bulletin in order to meet our 24-hour SLA and expects to ship ASPL-560 on Friday, May 2nd.

MS14-021

Internet Explorer Memory Corruption Vulnerability CVE-2014-1776

MS14-021

Microsoft is releasing a single Out of Band patch today for a vulnerability that was first identified at the beginning of this week. The vulnerability was identified as being used in limited, targeted attacks and the release of this Out of Band may indicate an increase in the number of attacks.

Given the publicity of this vulnerability combined with the rapid release of an Out of Band, it may be advisable to break standard testing procedure and deploy the patch as quickly as possible. That is a decision that individuals and organizations will have to make for their own environments.

It’s also important to note that Microsoft has released an update for Windows XP, even though it is no longer supported. This further speaks to the severity of this vulnerability.

Additional Information

As always, VERT recommends that you apply all the patches as soon as possible but also that you fully vet patches (when possible) before applying them to production systems.

Ease of Use (published exploits) to Risk Table:

Automated Exploit
Easy
Moderate
MS14-021
Difficult
Extremely Difficult
No Known Exploit
Exposure
Local
Availability
Local
Access
Remote
Availability
Remote
Access
Local
Privileged
Remote
Privileged

 

Related Articles:

 

Resources:

picCheck out Tripwire SecureScan™, a free, cloud-based vulnerability management service  for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the Heartbleed vulnerability.

 

picThe Executive’s Guide to the Top 20 Critical Security Controls

Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].

 

Title image courtesy of ShutterStock