Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses 8 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-585 on Wednesday, October 15.

MS14-056

Multiple Elevation of Privilege Vulnerabilities in Internet Explorer MULTIPLE
Internet Explorer ASLR Bypass Vulnerability CVE-2014-4140
Multiple Memory Corruption Vulnerabilities in Internet Explorer MULTIPLE

MS14-057

.NET ClickOnce Elevation of Privilege Vulnerability CVE-2014-4073
.NET Framework Remote Code Execution Vulnerability CVE-2014-4121
.NET ASLR Vulnerability CVE-2014-4122

MS14-058

Win32k.sys Elevation of Privilege Vulnerability CVE-2014-4113
TrueType Font Parsing Remote Code Execution Vulnerability CVE-2014-4148

MS14-059

MVC XSS Vulnerability CVE-2014-4075

MS14-060

Windows OLE Remote Code Execution Vulnerability CVE-2014-4114

MS14-061

Microsoft Word File Format Vulnerability CVE-2014-4117

MS14-062

MSQC Arbitrary Write Privilege Escalation Vulnerability CVE-2014-4971

MS14-063

Windows Disk Partition Driver Elevation of Privilege Vulnerability

CVE-2014-4115

MS14-056

The first bulletin this month belongs to Internet Explorer and, like most months, it contains the bulk of the CVEs fixed. There are a couple of interesting vulnerabilities that should be pointed out this month. The first is one of the privilege escalation CVEs, CVE-2014-4123, which has seen active exploitation in the wild. The second is CVE-2014-4140, which is an ASLR bypass… these vulnerabilities are always popular with attackers.

MS14-057

The second bulletin this month addresses three CVEs related to .NET. Rather than provide limited details, we suggest you read the blog post that Microsoft released related to this bulletin[1].

MS14-058

Up next, we have MS14-058, a typical win32k.sys update. This bulletin resolves two vulnerabilities, both of which are currently being exploited in the wild, so it should be ranked relatively high on your patch installation list.

MS14-059

The next bulletin for ASP.NET MVC contains a single vulnerability fix for a Cross-Site Scripting vulnerability. Due to the nature of ASP.NET MVC, it’s important to note that you may have to resolve both development environments and deployed applications. Please take care to ensure that all systems are appropriately updated.

MS14-060

Up next we have the bulletin that’s making the most news today, the vulnerability utilized in the Sandworm attacks discussed by iSIGHT Partners[2]. This attack requires that you open a document containing malicious OLE content. It is another example of how proper user training can greatly reduce your attack surface.

MS14-061

The next bulletin this month, MS14-061, discusses a single vulnerability affecting Microsoft Word file format parsing. For anyone looking to make the case to upgrade to the latest version of Office this is a great argument point, as Microsoft Office 2013 isn’t affected. It is important to know, however, that SharePoint 2010 Word Automation Services and Office Web Apps 2010 are both also affected.

MS14-062

This bulletin, MS14-062, is evidence that there are still issues related to only the oldest supported versions of software. If you’re running Server 2003 in your environment, we can only hope you have started working on an upgrade plan because the software is more than a little dated at this point. This specific issue affects the message queuing service (MSMQ) and, if it wasn’t clear, this issue affects only Windows Server 2003.

MS14-063

The final attack this month involves the FASTFAT driver, which supports FAT32 disk partitions. This vulnerability is likely to see limited real world attack scenarios, as it requires connecting a FAT32 formatted device with malicious data in the partition table to a vulnerable computer. The biggest risk here will be from insiders, where a user brings in a malicious thumb drive either purposely or on accident.

 

As always, VERT recommends that you apply all the patches as soon as possible but also that you fully vet patches (when possible) before applying them to production systems.

 

Ease of Use (published exploits) to Risk Table

Automated Exploit
Easy
Moderate
MS14-056
MS14-060
MS14-058
Difficult
Extremely Difficult
No Known Exploit
MS14-061 MS14-059 MS14-057
MS14-062
MS14-063
Exposure
Local
Availability
Local
Access
Remote
Availability
Remote
Access
Local
Privileged
Remote
Privileged