Microsoft Patch Tuesday – November 2014

This month the vendor is releasing fourteen bulletins covering a total of 33 vulnerabilities. Fourteen of this month's issues are rated ’Critical’.

ms-tuesday-patch-key-concept-white-light 2_0.png

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing fourteen bulletins covering a total of 33 vulnerabilities. Fourteen of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the November releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms14-nov

The following is a breakdown of the issues being addressed this month:

  1. MS14-064 Vulnerabilities in Windows OLE Could Allow Remote Code Execution (3011443)

    Windows OLE Automation Array Remote Code Execution Vulnerability (CVE-2014-6332) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.

    Windows OLE Remote Code Execution Vulnerability (CVE-2014-6352) MS Rating: Important

    A remote code execution vulnerability exists in the context of the current user that is caused when a user downloads, or receives, and then opens a specially crafted Microsoft Office file that contains OLE objects.

  2. MS14-065 Cumulative Security Update for Internet Explorer (3003057)

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-4143) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-6337) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-6341) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-6342) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-6343) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-6344) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-6347) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-6348) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-6351) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-6353) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Elevation of Privilege Vulnerability (CVE-2014-6349) MS Rating: Important

    An elevation of privilege vulnerability exists when Internet Explorer does not properly validate permissions under specific conditions. An attacker who successfully exploited this vulnerability could run scripts run with elevated privileges.

    Internet Explorer Elevation of Privilege Vulnerability (CVE-2014-6350) MS Rating: Important

    An elevation of privilege vulnerability exists when Internet Explorer does not properly validate permissions under specific conditions. An attacker who successfully exploited this vulnerability could run scripts run with elevated privileges.

    Internet Explorer Cross-domain Information Disclosure Vulnerability (CVE-2014-6340) MS Rating: Important

    An information disclosure vulnerability exists when Internet Explorer does not properly enforce cross-domain policies. An attacker could exploit this issue to gain access to information in another domain or Internet Explorer zone.

    Internet Explorer Cross-domain Information Disclosure Vulnerability (CVE-2014-6345) MS Rating: Important

    An information disclosure vulnerability exists when Internet Explorer does not properly enforce cross-domain policies. An attacker could exploit this issue to gain access to information in another domain or Internet Explorer zone.

    Internet Explorer Cross-domain Information Disclosure Vulnerability (CVE-2014-6346) MS Rating: Important

    An information disclosure vulnerability exists when Internet Explorer does not properly enforce cross-domain policies. An attacker could exploit this issue to gain access to information in another domain or Internet Explorer zone.

    Internet Explorer Clipboard Information Disclosure Vulnerability (CVE-2014-6323) MS Rating: Important

    An information disclosure vulnerability exists when Internet Explorer does not properly restrict access to the clipboard of a user who visits a website. The vulnerability could allow data stored on the Windows clipboard to be accessed by a malicious site. An attacker could collect information from the clipboard of a user if that user visits the malicious site.

    Internet Explorer ASLR Bypass Vulnerability (CVE-2014-6339) MS Rating: Important

    A security feature bypass vulnerability exists when Internet Explorer does not use the Address Space Layout Randomization (ASLR) security feature, which could allow an attacker to more reliably predict the memory offsets of specific instructions in a given call stack.

  3. MS14-066 Vulnerability in Schannel Could Allow Remote Code Execution (2992611)

    Microsoft Schannel Remote Code Execution Vulnerability (CVE-2014-6321) MS Rating: Critical

    A remote code execution vulnerability exists in the Secure Channel (Schannel) security package due to the improper processing of specially crafted packets.

  4. MS14-067 Vulnerability in XML Core Services Could Allow Remote Code Execution (2993958)

    MSXML Remote Code Execution Vulnerability (CVE-2014-4118) MS Rating: Critical

    A remote code execution vulnerability exists when Microsoft XML Core Services (MSXML) improperly parses XML content, which can corrupt the system state in such a way as to allow an attacker to run arbitrary code. The vulnerability could allow a remote code execution if a user opens a specially crafted file or webpage.

  5. MS14-069 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3009710)

    Microsoft Office Double Delete Remote Code Execution Vulnerability (CVE-2014-6333) MS Rating: Important

    A remote code execution vulnerability exists in the context of the current user that is caused when Microsoft Word does not properly handle objects in memory while parsing specially crafted Office files.

    Microsoft Office Bad Index Remote Code Execution Vulnerability (CVE-2014-6334) MS Rating: Important

    A remote code execution vulnerability exists in the context of the current user that is caused when Microsoft Word improperly handles objects in memory while parsing specially crafted Office files. This could corrupt system memory in such a way as to allow an attacker to execute arbitrary code.

    Microsoft Office Invalid Pointer Remote Code Execution Vulnerability (CVE-2014-6335) MS Rating: Important

    A remote code execution vulnerability exists in the context of the local user that is caused when Microsoft Word improperly handles objects in memory while parsing specially crafted Office files. This could corrupt system memory in such a way as to allow an attacker to execute arbitrary code.

  6. MS14-070 Vulnerability in TCP/IP Could Allow Elevation of Privilege (2989935)

    TCP/IP Elevation of Privilege Vulnerability (CVE-2014-4076) MS Rating: Important

    An elevation of privilege vulnerability exists in the Windows TCP/IP stack (tcpip.sys, tcpip6.sys) that is caused when the Windows TCP/IP stack fails to properly handle objects in memory during IOCTL processing.

  7. MS14-071 Vulnerability in Windows Audio Service Could Allow Elevation of Privilege (3005607)

    Windows Audio Service Vulnerability (CVE-2014-6322) MS Rating: Important

    An elevation of privilege vulnerability exists in the Windows audio service component that could be exploited through Internet Explorer. The vulnerability is caused when Internet Explorer does not properly validate permissions under specific conditions, potentially allowing script to be run with elevated privileges.

  8. MS14-072 Vulnerability in .NET Framework Could Allow Elevation of Privilege (3005210)

    TypeFilterLevel Vulnerability (CVE-2014-4149) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that .NET Framework handles TypeFilterLevel checks for some malformed objects.

  9. MS14-073 Vulnerability in Microsoft SharePoint Foundation Could Allow Elevation of Privilege (3000431)

    SharePoint Elevation of Privilege Vulnerability (CVE-2014-4116) MS Rating: Important

    An elevation of privilege vulnerability exists when SharePoint Server does not properly sanitize page content in SharePoint lists. An authenticated attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user.

  10. MS14-074 Vulnerability in Remote Desktop Protocol could allow Security Feature Bypass (3003743)

    Remote Desktop Protocol (RDP) Failure to Audit Vulnerability (CVE-2014-6318) MS Rating: Important

    A security feature bypass vulnerability exists in Remote Desktop Protocol (RDP) when RDP does not properly log failed logon attempts. The vulnerability could allow an attacker to bypass the audit logon security feature. The security feature bypass by itself does not allow an arbitrary code execution. However, an attacker could use this bypass vulnerability in conjunction with another vulnerability.

  11. MS14-076 Vulnerability in Internet Information Services (IIS) Could Allow Security Feature Bypass (2982998)

    IIS Security Feature Bypass Vulnerability (CVE-2014-4078) MS Rating: Important

    A security feature bypass vulnerability exists in Internet Information Services (IIS) that is caused when incoming web requests are not properly compared against the 'IP and domain restriction' filtering list.

  12. MS14-077 Vulnerability in Active Directory Federation Services could allow Information Disclosure (3003381)

    Active Directory Federation Services Information Disclosure Vulnerability (CVE-2014-6331) MS Rating: Important

    An information disclosure vulnerability exists when Active Directory Federation Services (AD FS) fails to properly log off a user. The vulnerability could allow an unintentional information disclosure.

  13. MS14-078 Vulnerability in IME (Japanese) Could Allow Elevation of Privilege (2992719)

    Microsoft IME (Japanese) Elevation of Privilege Vulnerability (CVE-2014-4077) MS Rating: Moderate

    An elevation of privilege vulnerability exists in Microsoft IME for Japanese that is caused when a vulnerable sandboxed application uses Microsoft IME (Japanese).

  14. MS14-079 Vulnerability in Kernel-Mode Driver Could Allow Denial of Service (3002885)

    Denial of Service in Windows Kernel Mode Driver Vulnerability (CVE-2014-6317) MS Rating: Moderate

    A denial of service vulnerability exists in the Windows kernel-mode driver that is caused by the improper handling of TrueType font objects in memory.

More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.