Endpoint Protection

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing four bulletins covering a total of 42 vulnerabilities. Thirty-six of this month's issues are rated Critical.

As always, customers are advised to follow these security best practices:

• Install vendor patches as soon as they are available.
• Run all software with the least privileges required while still maintaining functionality.
• Avoid handling files from unknown or questionable sources.
• Never visit sites of unknown or questionable integrity.
• Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the September releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms14-sep

The following is a breakdown of the issues being addressed this month:

1. MS14-052 Cumulative Security Update for Internet Explorer (2977629)

   Internet Explorer Resource Information Disclosure Vulnerability (CVE-2013-7331) MS Rating: Important

   An information disclosure vulnerability exists in Internet Explorer which allows resources loaded into memory to be queried. This vulnerability could allow an attacker to detect anti-malware applications in use on a target and use the information to avoid detection.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-2799) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4059) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4065) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4079) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4080) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4081) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4082) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4083) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4084) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4085) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4086) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4087) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4088) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4089) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4090) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4091) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4092) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4093) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4094) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4095) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4096) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4097) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4098) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4099) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4100) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4101) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4102) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4103) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4104) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4105) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4106) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4107) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4108) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4109) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4110) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

   Internet Explorer Memory Corruption Vulnerability (CVE-2014-4111) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.




2. MS14-053 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2990931)

   .NET Framework Denial of Service Vulnerability (CVE-2014-4072) MS Rating: Important

   A denial of service vulnerability exists in the way that the Microsoft .NET Framework handles specially crafted requests, causing a hash collision. An attacker who successfully exploited this vulnerability could send a small number of specially crafted requests to a .NET server, causing performance to degrade significantly enough to cause a denial of service condition.




3. MS14-054 Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (2988948)

   Task Scheduler Vulnerability (CVE-2014-4074) MS Rating: Important

   An elevation of privilege vulnerability exists in how Windows Task Scheduler improperly conducts integrity checks on tasks. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user right.




4. MS14-055 Vulnerabilities in Microsoft Lync Server Could Allow Denial of Service (2990928)

   Lync Denial of Service Vulnerability (CVE-2014-4068) MS Rating: Important

   A denial of service vulnerability exists in Lync Server. An attacker who successfully exploited this vulnerability could cause the affected system to stop responding.

   Lync XSS Information Disclosure Vulnerability (CVE-2014-4070) MS Rating: Important

   A reflected cross-site scripting (XSS) vulnerability which could result in an information disclosure exists when Lync Server fails to properly sanitize specially crafted content. An attacker who successfully exploited this vulnerability could potentially execute scripts in the user’s browser to obtain information from web sessions.

   Lync Denial of Service Vulnerability (CVE-2014-4071) MS Rating: Important

   A denial of service vulnerability exists in Lync Server. An attacker who successfully exploited this vulnerability could cause the affected system to stop responding.

More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.