This month’s Microsoft Update Tuesday is pretty light save
for the Internet Explorer bulletin. While there’s only a total of 4 bulletins,
they cover a total of 42 CVEs. The IE bulletin, as is usual, has the most
updates for bugs and is rated critical. It covers a total of 37 CVEs. The other three bulletins are rated as important and provide updates for the remaining five vulnerabilities.
MS14-052 is the IE bulletin and is rated critical. It covers
a total of 37 CVEs. Of these 37 CVEs, 36 are remote code execution
vulnerabilities, the other one is an information disclosure vulnerability
(CVE-2013-7331). This last vulnerability is publicly known and under active
exploitation. This vulnerability allows attackers to use Microsoft’s XMLDOM ActiveX
object to gain information on local drive and network settings. The attack
can be used to detect if files or folders are present on the machine due to
different error messages being returned depending on if the files or folder
exist or not. An attacker can similarly figure out internal IP addresses using
this vulnerability. The remaining 36 vulnerabilities are mostly the result of
use-after-free vulnerabilities.
The three remaining bulletins are all rated as important:
Bulletin MS14-053 deals with a single CVE (CVE-2014-4072) in
.NET. The vulnerability results in a Denial of Service. This is due to a hash
collision that can be exploited by an attacker, which will result in resource
exhaustion.
CVE-2014-4074 is fixed by bulletin MS14-054, it deals with a
vulnerability in the Windows Task Scheduler that could allow a logged on user
to schedule a task that would run code at the system level.
The final bulletin is MS14-055 and fixes three vulnerabilities
in Lync. Two of the vulnerabilities, CVE-2014-4068 and CVE-2014-4071, could
result in Denial of Services. An attacker could create a legitimate meeting and
then modify the SIP information, which would result in a DoS on the Lync
server. The third vulnerability that is covered by this bulletin is
CVE-2014-4070 and can result in information disclosure due to a Cross Site
Scripting (XSS) vulnerability on the server.
To address these issues, Talos has the following SIDs: 29821-29822, 30110-30113,
31782-31797, 31799-31802, 31811-31812
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.