Developers Club geek daily blog

3 years, 3 months ago
The Microsoft company has let out set of updatings for the products which close 37 unique vulnerabilities in such products as Windows, Internet Explorer. net Framework, the SQL Server, OneNote and SharePoint. Two updatings have the status of Critical and seven more status of Important. Microsoft has also updated Security Advisory 2755801 in connection with release of the new version of the Flash Player player as a part of Internet Explorer. As usual, one of updatings? MS14-051 corrects significant amount of critical Remote Code Execution of vulnerabilities (26) in all supported IE 6-11 versions for W2k3 +. Vulnerabilities can be used attacking for carrying out attacks like drive-by download and reserved installation of malicious code in system. For application of updating reset is necessary.

Microsoft and Adobe have let out set of updatings, August, 2014

As we already wrote a few days ago, in this patch tuesday Microsoft has added the next option of safety for Internet Explorer under the name Out-of-date ActiveX control blocking which will block reproduction of contents of the web page through outdated controls of ActiveX (IE plug-ins). So far it is only about Oracle Java plug-in of which outdated versions the most part of exploits for installation of malicious programs in system are the share. Later for this option of safety support of blocking of Adobe Flash Player and MS Silverlight can be added. This month Microsoft also announced completion of support of unsafe Internet Explorer versions and outdated. net Framework versions at the beginning of 2016.

The MS14-043 updating corrects one RCE vulnerability of CVE-2014-4060 in the Windows Media Center component for Windows Vista-Seven-8-8.1. Vulnerability is present at MCPlayer.dll library which incorrectly works with memory after release of object of CSyncBasePlayer (use-after-free). Attacking can execute code through in a special way the created document Office which includes contents for call of the Windows Media Center component. The harmful document can be published on the special website where the user will be redirected, or attachment with such document can be sent to the user to e-mail. Critical. Exploitation Less Likely.

The MS14-044 updating corrects two vulnerabilities like Elevation of Privelege and Denial of Service in product of the SQL Server of versions 2008-2014. It is about the SQL Server Master Data Services and SQL Server relational database management system components. Attacking can lift the privileges in system using one of vulnerabilities using special client-side the script published on the website when using by the user of Internet Explorer for visit of the site (through XSS, SQL Master Data Services XSS Vulnerability? CVE-2014-1820). In other case (SQL Server Stack Overrun Vulnerability? CVE-2014-4061) the attacking can send in a special way the created request in the Transact-SQL language for the SQL server that will lead to its hangup. Important.

The MS14-045 updating corrects three vulnerabilities like Elevation of Privelege in system components of all supported Windows versions. It is about vulnerabilities in such system components as the driver of kernel mode of subsystem of Windows (win32k.sys), the DirectX (Dxgkrnl.sys) and GDI driver (Gdi32.dll). Vulnerability of CVE-2014-0318 is present at win32k.sys and can be used attacking for execution of the code in kernel mode bypassing restrictions of Windows (user-mode restrictions escape). The second vulnerability of CVE-2014-1819 is also present at Win32k (Font Double-Fetch Vulnerability) and is connected with the wrong processing by the driver of descriptors on the objects retrieved from files of fonts. The third vulnerability of CVE-2014-4064 has the Information Disclosure type and can be used attacking for obtaining information on addresses of objects in system memory (Windows Kernel Pool Allocation Vulnerability). Important.

The MS14-046 updating corrects vulnerability of type? Security Feature Bypass? (.NET ASLR Vulnerability? CVE-2014-4062) in. net Framework versions from 2.0 SP2 to 3.5.1. Vulnerability can be used by ASLR attacking for bypass together with other RCE vulnerability, i.e. can facilitate considerably attacking possibility of remote installation of code in system through the .NET library compiled without support of ASLR. Important. Exploitation Less Likely.

The MS14-047 updating corrects one vulnerability of CVE-2014-0316 of type? Security Feature Bypass? in the Microsoft Local RPC component (Rpcrt4.dll) on Windows 7+. Vulnerability consists in the wrong mechanism of release of memory of the message on the party of Local of the RPC server (through the Rpcrt4.dll function) which the server marks as incorrect. The error in implementation allows attacking to fill virtual address space of target process (server) with the same messages that, in turn, can lead to ASLR bypass through remote memory-spray. Important. Exploitation Unlikely.

The MS14-048 updating closes one RCE vulnerability in product of OneNote 2007 SP3. Attacking can execute far off code through in a special way the created OneNote file. Important. Exploitation Less Likely.

The MS14-049 updating closes one vulnerability like Elevation of Privilege in the Windows Installer component of all supported releases of Windows. Attacking can use this vulnerability (Windows Installer Repair Vulnerability? CVE-2014-1814) for raising of the privileges in system through in a special way the compiled application which tries to correct installation of other application with use of Windows Installer API. Updating is addressed to such system files as Msi.dll, Msimsg.dll and Appinfo.dll. Exploitation Less Likely.

The MS14-050 updating closes one Elevation of Privilege vulnerability in product of Microsoft SharePoint Server 2013. Attacking which has on hands registration data for input in account on the server, can use in a special way the compiled applications for start of harmful JavaScript for the user who visits the site under control of SharePoint. Important. Exploitation Less Likely.

1? Exploitation More Likely
The probability of exploitation of vulnerability is very high, malefactors can use exploit, for example, for remote execution of code.

2? Exploitation Less Likely
Probability of exploitation average as malefactors will hardly be able to achieve situation of steady exploitation, and also owing to technical feature of vulnerability and complexity of development of exploit.

3? Exploit code unlikely
Probability of exploitation minimum and malefactors will hardly be able to develop successfully working code and to use this vulnerability for carrying out attack.

We recommend to our users to set updatings as soon as possible and if you still have not made it, to include automatic delivery of updatings with use of Windows Update (by default such opportunity is included).

Microsoft and Adobe have let out set of updatings, August, 2014

The Adobe company has let out updatings of safety for the products of Flash Player (APSB14-18) and Reader, Acrobat (APSB14-19). The APSB14-19 updating corrects the vulnerability operated by in-the-wild which is used attacking for bypass of the sandbox mechanism used in the actual Adobe Reader XI version. This Reader version is by default started in the so-called protected sandboxing-mode and isolates process in the context of which PDF, from system operations through Deny SID in access token and special object task is viewed (as in case with sandboxing at Google Chrome). Vulnerability allows to bypass these restrictions and to execute any code with high privileges (sandbox protection bypass).

Microsoft and Adobe have let out set of updatings, August, 2014

We recommend to update Flash Player used by you as soon as possible. Such browsers as Internet Explorer 10 &11 on Windows 8/8.1 and Google Chrome update the Flash Player versions automatically. For IE see the updated Security Advisory 2755801. Check your Flash Player version for relevance here, in the table these versions for different browsers are provided below.

Microsoft and Adobe have let out set of updatings, August, 2014

image
be secure.

This article is a translation of the original post at habrahabr.ru/post/233185/
If you have any questions regarding the material covered in the article above, please, contact the original author of the post.
If you have any complaints about this article or you want this article to be deleted, please, drop an email here: sysmagazine.com@gmail.com.

We believe that the knowledge, which is available at the most popular Russian IT blog habrahabr.ru, should be accessed by everyone, even though it is poorly translated.
Shared knowledge makes the world better.
Best wishes.

comments powered by Disqus