Microsoft released a set of updates, September 2014
Microsoft has released a set of updates for its products, which cover 42 unique vulnerabilities. Updates are targeted for Windows, Internet Explorer, .NET Framework, and Lync Server products. One update has the status Critical and three status Important. The company also updated SA 2755801 in connection with the release of the new Flash Player in Internet Explorer ( APSB14-21 ). Update MS14-052 fixes 37 vulnerabilities like Remote Code Execution and Information Disclosure in all supported versions of IE 6-11 for W2k3 +. Vulnerabilities can be used by attackers to conduct drive-by download attacks, as well as to obtain information about the system via IE (for example, remote retrieval of information about files). One of the fixed Information Disclosure vulnerabilities CVE-2013-7331 is used by attackers to carry out attacks on users ( Exploitation Detected ).
Update MS14-053 fixes a single CVE-2014-4072 vulnerability of the Denial of Service type in all versions of the .NET Framework. Attackers can cause the HTTP server to freeze by sending specially crafted requests to an ASP.NET-based website. Exploitation Unlikely .
')
Update MS14-054 fixes the CVE-2014-4074 type Elevation of Privilege vulnerability in the Windows 8-8.1 task scheduler. Using this vulnerability, attackers can elevate their privileges in the system to the LocalSystem account level, which will allow them to perform a wide range of operations on a compromised system. Exploitation More Likely .
Update MS14-055 fixes three vulnerabilities CVE-2014-4068 (Denial of Service Vulnerability), CVE-2014-4070 (Information Disclosure), CVE-2014-4071 (Denial of Service) in Microsoft Lync Server 2010-2013. Exploitation Unlikely .
0 - Exploitation Detected
Vulnerability is exploited in-the-wild. That is, it was established that attackers use an exploit for this vulnerability to successfully attack users. Highest hazard index.
1 - Exploitation More Likely
The probability of exploiting the vulnerability is very high, attackers can use an exploit, for example, for remote code execution.
2 - Exploitation Less Likely
The exploitation probability is average, since attackers are unlikely to be able to achieve a situation of sustainable exploitation, as well as due to the technical peculiarities of vulnerability and the complexity of developing an exploit.
3 - Exploit code unlikely
The exploitation probability is minimal and attackers are unlikely to be able to develop successfully working code and take advantage of this vulnerability to conduct an attack.
We recommend our users to install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (by default this option is enabled).
be secure.
Update MS14-053 fixes a single CVE-2014-4072 vulnerability of the Denial of Service type in all versions of the .NET Framework. Attackers can cause the HTTP server to freeze by sending specially crafted requests to an ASP.NET-based website. Exploitation Unlikely .
')
Update MS14-054 fixes the CVE-2014-4074 type Elevation of Privilege vulnerability in the Windows 8-8.1 task scheduler. Using this vulnerability, attackers can elevate their privileges in the system to the LocalSystem account level, which will allow them to perform a wide range of operations on a compromised system. Exploitation More Likely .
Update MS14-055 fixes three vulnerabilities CVE-2014-4068 (Denial of Service Vulnerability), CVE-2014-4070 (Information Disclosure), CVE-2014-4071 (Denial of Service) in Microsoft Lync Server 2010-2013. Exploitation Unlikely .
0 - Exploitation Detected
Vulnerability is exploited in-the-wild. That is, it was established that attackers use an exploit for this vulnerability to successfully attack users. Highest hazard index.
1 - Exploitation More Likely
The probability of exploiting the vulnerability is very high, attackers can use an exploit, for example, for remote code execution.
2 - Exploitation Less Likely
The exploitation probability is average, since attackers are unlikely to be able to achieve a situation of sustainable exploitation, as well as due to the technical peculiarities of vulnerability and the complexity of developing an exploit.
3 - Exploit code unlikely
The exploitation probability is minimal and attackers are unlikely to be able to develop successfully working code and take advantage of this vulnerability to conduct an attack.
We recommend our users to install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (by default this option is enabled).
be secure.
Source: https://habr.com/ru/post/236331/
All Articles