As we already wrote a few days ago, in this patch tuesday Microsoft has added the next option of safety for Internet Explorer under the name Out-of-date ActiveX control blocking which will block reproduction of contents of the web page through outdated controls of ActiveX (IE plug-ins). So far it is only about Oracle Java plug-in of which outdated versions the most part of exploits for installation of malicious programs in system are the share. Later for this option of safety support of blocking of Adobe Flash Player and MS Silverlight can be added. This month Microsoft also announced completion of support of unsafe Internet Explorer versions and outdated. net Framework versions at the beginning of 2016.
The MS14-043 updating corrects one RCE vulnerability of CVE-2014-4060 in the Windows Media Center component for Windows Vista-Seven-8-8.1. Vulnerability is present at MCPlayer.dll library which incorrectly works with memory after release of object of CSyncBasePlayer (use-after-free). Attacking can execute code through in a special way the created document Office which includes contents for call of the Windows Media Center component. The harmful document can be published on the special website where the user will be redirected, or attachment with such document can be sent to the user to e-mail. Critical. Exploitation Less Likely.
The MS14-044 updating corrects two vulnerabilities like Elevation of Privelege and Denial of Service in product of the SQL Server of versions 2008-2014. It is about the SQL Server Master Data Services and SQL Server relational database management system components. Attacking can lift the privileges in system using one of vulnerabilities using special client-side the script published on the website when using by the user of Internet Explorer for visit of the site (through XSS, SQL Master Data Services XSS Vulnerability? CVE-2014-1820). In other case (SQL Server Stack Overrun Vulnerability? CVE-2014-4061) the attacking can send in a special way the created request in the Transact-SQL language for the SQL server that will lead to its hangup. Important.
The MS14-045 updating corrects three vulnerabilities like Elevation of Privelege in system components of all supported Windows versions. It is about vulnerabilities in such system components as the driver of kernel mode of subsystem of Windows (win32k.sys), the DirectX (Dxgkrnl.sys) and GDI driver (Gdi32.dll). Vulnerability of CVE-2014-0318 is present at win32k.sys and can be used attacking for execution of the code in kernel mode bypassing restrictions of Windows (user-mode restrictions escape). The second vulnerability of CVE-2014-1819 is also present at Win32k (Font Double-Fetch Vulnerability) and is connected with the wrong processing by the driver of descriptors on the objects retrieved from files of fonts. The third vulnerability of CVE-2014-4064 has the Information Disclosure type and can be used attacking for obtaining information on addresses of objects in system memory (Windows Kernel Pool Allocation Vulnerability). Important.
The MS14-046 updating corrects vulnerability of type? Security Feature Bypass? (.NET ASLR Vulnerability? CVE-2014-4062) in. net Framework versions from 2.0 SP2 to 3.5.1. Vulnerability can be used by ASLR attacking for bypass together with other RCE vulnerability, i.e. can facilitate considerably attacking possibility of remote installation of code in system through the .NET library compiled without support of ASLR. Important. Exploitation Less Likely.
The MS14-047 updating corrects one vulnerability of CVE-2014-0316 of type? Security Feature Bypass? in the Microsoft Local RPC component (Rpcrt4.dll) on Windows 7+. Vulnerability consists in the wrong mechanism of release of memory of the message on the party of Local of the RPC server (through the Rpcrt4.dll function) which the server marks as incorrect. The error in implementation allows attacking to fill virtual address space of target process (server) with the same messages that, in turn, can lead to ASLR bypass through remote memory-spray. Important. Exploitation Unlikely.
The MS14-048 updating closes one RCE vulnerability in product of OneNote 2007 SP3. Attacking can execute far off code through in a special way the created OneNote file. Important. Exploitation Less Likely.
The MS14-049 updating closes one vulnerability like Elevation of Privilege in the Windows Installer component of all supported releases of Windows. Attacking can use this vulnerability (Windows Installer Repair Vulnerability? CVE-2014-1814) for raising of the privileges in system through in a special way the compiled application which tries to correct installation of other application with use of Windows Installer API. Updating is addressed to such system files as Msi.dll, Msimsg.dll and Appinfo.dll. Exploitation Less Likely.
1? Exploitation More Likely
The probability of exploitation of vulnerability is very high, malefactors can use exploit, for example, for remote execution of code.
2? Exploitation Less Likely
Probability of exploitation average as malefactors will hardly be able to achieve situation of steady exploitation, and also owing to technical feature of vulnerability and complexity of development of exploit.
3? Exploit code unlikely
Probability of exploitation minimum and malefactors will hardly be able to develop successfully working code and to use this vulnerability for carrying out attack.
We recommend to our users to set updatings as soon as possible and if you still have not made it, to include automatic delivery of updatings with use of Windows Update (by default such opportunity is included).
The Adobe company has let out updatings of safety for the products of Flash Player (APSB14-18) and Reader, Acrobat (APSB14-19). The APSB14-19 updating corrects the vulnerability operated by in-the-wild which is used attacking for bypass of the sandbox mechanism used in the actual Adobe Reader XI version. This Reader version is by default started in the so-called protected sandboxing-mode and isolates process in the context of which PDF, from system operations through Deny SID in access token and special object task is viewed (as in case with sandboxing at Google Chrome). Vulnerability allows to bypass these restrictions and to execute any code with high privileges (sandbox protection bypass).
We recommend to update Flash Player used by you as soon as possible. Such browsers as Internet Explorer 10 &11 on Windows 8/8.1 and Google Chrome update the Flash Player versions automatically. For IE see the updated Security Advisory 2755801. Check your Flash Player version for relevance here, in the table these versions for different browsers are provided below.
This article is a translation of the original post at habrahabr.ru/post/233185/
If you have any questions regarding the material covered in the article above, please, contact the original author of the post.
If you have any complaints about this article or you want this article to be deleted, please, drop an email here: email@example.com.
We believe that the knowledge, which is available at the most popular Russian IT blog habrahabr.ru, should be accessed by everyone, even though it is poorly translated.
Shared knowledge makes the world better.