Microsoft released a set of updates, March 2014
Microsoft has released a series of updates for its products, which close 23 unique vulnerabilities (2 fixes with the Critical status and 3 with the Important status). As usual, one of the updates ( MS14-012 ) is aimed at fixing eighteen Remote Code Execution (RCE) vulnerabilities in all versions of Internet Explorer 6-11 on Windows XP SP3 / XP x64 SP2 to Windows 8.1 / RT 8.1. Attackers can use a specially prepared web page for remote code execution via a browser (drive-by). The update also closes the IE10 use-after-free vulnerability CVE-2014-0322 ( SA 2934088 ), which was previously used in targeted attacks . A reboot is required to apply the update.
Another critical update, MS14-013, fixes the CVE-2014-0301 (RCE) double-free vulnerability in the DirectShow component (qedit.dll) for all operating systems from Windows XP to 8.1. Attackers can use specially formed image file (JPEG) to execute arbitrary code in the system.
')
Update MS14-014 fixes vulnerability CVE-2014-0319 in Silverlight v5 platform. The vulnerability has the Security Feature Bypass type and allows attackers to bypass the DEP & ASLR for the library of this platform, which facilitates the development of stable RCE exploits for remote code execution through a browser. Important.
Update MS14-015 closes two vulnerabilities CVE-2014-0300 and CVE-2014-0323 in the win32k.sys driver for all operating systems. The first vulnerability is of type Elevation of Privilege and can be used by attackers to elevate their privileges in the system to the maximum level (SYSTEM), the second vulnerability is of type Information Disclosure. Using the first vulnerability, attackers can secure themselves beyond the limitations of the sandbox of a web browser (browser sandbox escape) and / or run their code in kernel mode. Using this approach in conjunction with the RCE exploit for remote code execution, attackers can execute their code in the victim’s system through a specially crafted web page, even if the browser uses sandbox technologies (as in Internet Explorer 7+ on Vista + Integrity Level and Google Chrome). Important. Exploit code likely .
Update MS14-016 closes Security Feature Bypass vulnerability CVE-2014-0317 in the Security Account Manager Remote (SAMR) component for Windows XP - 2008 Server & 2012 Server. Important.
1 - Exploit code likely
The probability of exploiting the vulnerability is very high, attackers can use an exploit, for example, for remote code execution.
2 - Exploit code would be difficult to build
The exploitation probability is average, since attackers are unlikely to be able to achieve a situation of sustainable exploitation, as well as due to the technical peculiarities of vulnerability and the complexity of developing an exploit.
3 - Exploit code unlikely
The exploitation probability is minimal and attackers are unlikely to be able to develop successfully working code and take advantage of this vulnerability to conduct an attack.
We recommend our users to install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (by default this option is enabled).
be secure.
Another critical update, MS14-013, fixes the CVE-2014-0301 (RCE) double-free vulnerability in the DirectShow component (qedit.dll) for all operating systems from Windows XP to 8.1. Attackers can use specially formed image file (JPEG) to execute arbitrary code in the system.
')
Update MS14-014 fixes vulnerability CVE-2014-0319 in Silverlight v5 platform. The vulnerability has the Security Feature Bypass type and allows attackers to bypass the DEP & ASLR for the library of this platform, which facilitates the development of stable RCE exploits for remote code execution through a browser. Important.
Update MS14-015 closes two vulnerabilities CVE-2014-0300 and CVE-2014-0323 in the win32k.sys driver for all operating systems. The first vulnerability is of type Elevation of Privilege and can be used by attackers to elevate their privileges in the system to the maximum level (SYSTEM), the second vulnerability is of type Information Disclosure. Using the first vulnerability, attackers can secure themselves beyond the limitations of the sandbox of a web browser (browser sandbox escape) and / or run their code in kernel mode. Using this approach in conjunction with the RCE exploit for remote code execution, attackers can execute their code in the victim’s system through a specially crafted web page, even if the browser uses sandbox technologies (as in Internet Explorer 7+ on Vista + Integrity Level and Google Chrome). Important. Exploit code likely .
Update MS14-016 closes Security Feature Bypass vulnerability CVE-2014-0317 in the Security Account Manager Remote (SAMR) component for Windows XP - 2008 Server & 2012 Server. Important.
1 - Exploit code likely
The probability of exploiting the vulnerability is very high, attackers can use an exploit, for example, for remote code execution.
2 - Exploit code would be difficult to build
The exploitation probability is average, since attackers are unlikely to be able to achieve a situation of sustainable exploitation, as well as due to the technical peculiarities of vulnerability and the complexity of developing an exploit.
3 - Exploit code unlikely
The exploitation probability is minimal and attackers are unlikely to be able to develop successfully working code and take advantage of this vulnerability to conduct an attack.
We recommend our users to install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (by default this option is enabled).
be secure.
Source: https://habr.com/ru/post/215335/
All Articles