Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.
Security Response

Microsoft Patch Tuesday – August 2014

Created: 12 Aug 2014 20:52:31 GMT • Updated: 14 Aug 2014 17:24:57 GMT
himanshu_mehta's picture
0 2 Votes
Login to vote

Welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing nine bulletins covering a total of 37 vulnerabilities. Twenty-eight of this month's issues are rated Critical.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the August releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms14-aug

The following issues are addressed this month:

  1. MS14-043 Vulnerability in Windows Media Center Could Allow Remote Code Execution (2978742)

    CSyncBasePlayer Use After Free Vulnerability (CVE-2014-4060) MS Rating: Critical

    A remote code execution vulnerability exists in Windows Media Center, which could be exploited by convincing a user to open a specially crafted Microsoft Office file.

  2. MS14-044 Vulnerabilities in SQL Server Could Allow Elevation of Privilege (2984340)

    Microsoft SQL Server Stack Overrun Vulnerability (CVE-2014-4061) MS Rating: Important

    A denial of service vulnerability exists in SQL Server. An attacker who successfully exploited this vulnerability could cause the server to stop responding until a manual reboot is initiated.

    SQL Master Data Services XSS Vulnerability (CVE-2014-1820) MS Rating: Important

    An XSS vulnerability exists in SQL Master Data Services (MDS) that could allow an attacker to inject a client-side script into the user's instance of Internet Explorer. The script could spoof content, disclose information, or take any action that the user could take on the site on behalf of the targeted user.

  3. MS14-045 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2984615)

    Win32k Elevation of Privilege Vulnerability (CVE-2014-0318) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles window handle thread-owned objects. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

    Font Double-Fetch Vulnerability (CVE-2014-1819) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that the affected component handles objects from specially crafted font files. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated privileges.

    Windows Kernel Pool Allocation Vulnerability (CVE-2014-4064) MS Rating: Important

    An information disclosure vulnerability exists in the way Windows kernel memory is managed. An attacker who successfully exploited this vulnerability could use it to disclose memory addresses or other sensitive kernel information.

  4. MS14-046 Vulnerability in .NET Framework Could Allow Security Feature Bypass (2984625)

    .NET ASLR Vulnerability (CVE-2014-4062) MS Rating: Important

    A security feature bypass vulnerability exists in the Microsoft .NET Framework that could allow an attacker to bypass the Address Space Layout Randomization (ASLR) security feature, which helps protect users from a broad class of vulnerabilities. The security feature bypass by itself does not allow arbitrary code execution, however an attacker could use this ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, that could take advantage of the ASLR bypass to run arbitrary code.

  5. MS14-047 Vulnerability in LRPC Could Allow Security Feature Bypass (2978668)

    LRPC ASLR Bypass Vulnerability (CVE-2014-0316) MS Rating: Important

    A security feature bypass vulnerability exists in Microsoft Remote Procedure Call (LRPC). An LRPC server may leak the message it receives from the client if the message is a specific type and has a data view attached (not expected for messages of this type). RPC considers this an error and returns, but does not free the message. This allows the client to fill up the address space of the server with such messages.

  6. MS14-048 Vulnerability in OneNote Could Allow Remote Code Execution (2977201)

    OneNote Remote Code Execution Vulnerability (CVE-2014-2815) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft OneNote parses specially crafted files. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  7. MS14-049 Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (2962490)

    Windows Installer Repair Vulnerability (CVE-2014-1814) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows Installer service improperly handles the repair of a previously installed application. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

  8. MS14-050 Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege (2977202)

    SharePoint Page Content Vulnerability (CVE-2014-2816) MS Rating: Important

    An elevation of privilege vulnerability exists in SharePoint Server. An authenticated attacker who successfully exploited this vulnerability could use a specially crafted application to run arbitrary code in the security context of the logged-on user.

  9. MS14-051 Cumulative Security Update for Internet Explorer (2976627)

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-2774) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-2784) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-2796) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-2808) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-2810) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-2811) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Elevation of Privilege Vulnerability (CVE-2014-2817) MS Rating: Important

    An elevation of privilege vulnerability exists in Internet Explorer. An attacker who successfully exploited this vulnerability could elevate privileges in affected versions of Internet Explorer.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-2818) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Elevation of Privilege Vulnerability (CVE-2014-2819) MS Rating: Important

    An elevation of privilege vulnerability exists in Internet Explorer. An attacker who successfully exploited this vulnerability could elevate privileges in affected versions of Internet Explorer.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-2820) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-2821) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-2822) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-2823) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-2824) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-2825) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-2826) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-2827) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-4050) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-4051) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-4052) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-4055) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-4056) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-4057) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-4058) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-4063) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-4067) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.