New Windows vulnerabilities exploited by hackers
Just yesterday, 4 0day vulnerabilities that have already been closed by Microsoft with the planned patch tuesday were made public for Windows. In addition to the aforementioned Remote Code Execution vulnerability CVE-2014-4114 in the OLE package manager component, another RCE vulnerability and two Local Privilege Escalation vulnerabilities, which are present in the win32k.sys driver and the Internet Explorer browser, became known . Vulnerabilities are used by attackers in targeted attacks and are presented in the table below.
In total for the past patch tuesday, Microsoft has closed 24 vulnerabilities in Windows, IE, Office, .NET Framework, and ASP .NET products. To do this, 8 updates were released, three of which have the status of Critical and five Important. In addition, the new Internet Explorer 11 security option called the ActiveX control blocking feature , which we wrote about in detail here , has been expanded to block outdated Silverlight plugins.
')
The MS14-056 update fixes 14 vulnerabilities in all supported versions of Internet Explorer 6-11 for all operating systems from Windows Server 2003 to the latest Windows 8.1 & RT. The two vulnerabilities CVE-2014-4123 and CVE-2014-4124 are of type Elevation of Privelege and can be used by attackers to bypass the sandbox mode in IE7-11. Vulnerability CVE-2014-4140 allows attackers to bypass ASLR in the context of a running browser tab process. The remaining vulnerabilities are of type memory-corruption and allow an attacker to remotely execute code through a specially formed web page. Critical. Exploitation Detected .
Update MS14-057 fixes three vulnerabilities in all supported versions of the .NET Framework. Vulnerability CVE-2014-4073 is of type Elevation of Privelege and can be used by attackers to increase their privileges from the Internet Explorer browser when working with ClickOnce content, i.e. attackers can bypass the browser's sandboxing mode when the user activates the corresponding web page content. Vulnerability CVE-2014-4121 allows attackers to remotely execute code on a vulnerable system when viewing malicious .NET content (applications) in a browser. The last vulnerability CVE-2014-4122 allows attackers to bypass ASLR, which greatly facilitates the task of remote code execution in the browser. Critical. Exploitation Less Likely .
Update MS14-058 fixes two vulnerabilities in the Win32k.sys driver. See table above. Critical. Exploitation Detected .
Update MS14-059 fixes one Security Security Bypass vulnerability CVE-2014-4075 in all versions of the ASP.NET MVC framework. Vulnerability allows an attacker to conduct a successful XSS attack on a user by inserting a malicious script into a web page viewed by the user. Important. Exploitation Unlikely.
Update MS14-060 fixes a known vulnerability CVE-2014-4114 in Windows, see the table above. Important. Exploitation Detected.
The MS14-061 update fixes a CVE-2014-4117 vulnerability in Office. All supported versions of Word 2007-2013 are subject to correction. Attackers can remotely execute code through a specially crafted document. Such a document can be sent to the victim's email as an attachment to the message. Important. Exploitation More Likely.
The MS14-062 update fixes one CVE-2014-4971 Local Privelege Escalation vulnerability in the MSMQ Message Queuing service on Windows Server 2003. An attacker can elevate his privileges to the system level by sending a special IOCTL request to the Mqac.sys driver, which contains a vulnerability (subject to repair are Spuninst.exe, Mqac.sys, Mqqm.dll executables). Important. Exploitation More Likely.
Update MS14-063 fixes one CVE-2014-4115 Local Privelege Escalation vulnerability in the FAT32 file system driver - Fastfat.sys. Vulnerability allows an attacker to overwrite part of the buffer in system memory. An attacker could exploit this vulnerability by connecting a USB device to a computer with a partition formatted as FAT32 file system. Important. Exploitation Less Likely.
0 - Exploitation Detected
Vulnerability is exploited in-the-wild. That is, it was established that attackers use an exploit for this vulnerability to successfully attack users. Highest hazard index.
1 - Exploitation More Likely
The probability of exploiting the vulnerability is very high, attackers can use an exploit, for example, for remote code execution.
2 - Exploitation Less Likely
The exploitation probability is average, since attackers are unlikely to be able to achieve a situation of sustainable exploitation, as well as due to the technical peculiarities of vulnerability and the complexity of developing an exploit.
3 - Exploit code unlikely
The exploitation probability is minimal and attackers are unlikely to be able to develop successfully working code and take advantage of this vulnerability to conduct an attack.
We recommend our users to install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (by default this option is enabled).
be secure.
In total for the past patch tuesday, Microsoft has closed 24 vulnerabilities in Windows, IE, Office, .NET Framework, and ASP .NET products. To do this, 8 updates were released, three of which have the status of Critical and five Important. In addition, the new Internet Explorer 11 security option called the ActiveX control blocking feature , which we wrote about in detail here , has been expanded to block outdated Silverlight plugins.
')
The MS14-056 update fixes 14 vulnerabilities in all supported versions of Internet Explorer 6-11 for all operating systems from Windows Server 2003 to the latest Windows 8.1 & RT. The two vulnerabilities CVE-2014-4123 and CVE-2014-4124 are of type Elevation of Privelege and can be used by attackers to bypass the sandbox mode in IE7-11. Vulnerability CVE-2014-4140 allows attackers to bypass ASLR in the context of a running browser tab process. The remaining vulnerabilities are of type memory-corruption and allow an attacker to remotely execute code through a specially formed web page. Critical. Exploitation Detected .
Update MS14-057 fixes three vulnerabilities in all supported versions of the .NET Framework. Vulnerability CVE-2014-4073 is of type Elevation of Privelege and can be used by attackers to increase their privileges from the Internet Explorer browser when working with ClickOnce content, i.e. attackers can bypass the browser's sandboxing mode when the user activates the corresponding web page content. Vulnerability CVE-2014-4121 allows attackers to remotely execute code on a vulnerable system when viewing malicious .NET content (applications) in a browser. The last vulnerability CVE-2014-4122 allows attackers to bypass ASLR, which greatly facilitates the task of remote code execution in the browser. Critical. Exploitation Less Likely .
Update MS14-058 fixes two vulnerabilities in the Win32k.sys driver. See table above. Critical. Exploitation Detected .
Update MS14-059 fixes one Security Security Bypass vulnerability CVE-2014-4075 in all versions of the ASP.NET MVC framework. Vulnerability allows an attacker to conduct a successful XSS attack on a user by inserting a malicious script into a web page viewed by the user. Important. Exploitation Unlikely.
Update MS14-060 fixes a known vulnerability CVE-2014-4114 in Windows, see the table above. Important. Exploitation Detected.
The MS14-061 update fixes a CVE-2014-4117 vulnerability in Office. All supported versions of Word 2007-2013 are subject to correction. Attackers can remotely execute code through a specially crafted document. Such a document can be sent to the victim's email as an attachment to the message. Important. Exploitation More Likely.
The MS14-062 update fixes one CVE-2014-4971 Local Privelege Escalation vulnerability in the MSMQ Message Queuing service on Windows Server 2003. An attacker can elevate his privileges to the system level by sending a special IOCTL request to the Mqac.sys driver, which contains a vulnerability (subject to repair are Spuninst.exe, Mqac.sys, Mqqm.dll executables). Important. Exploitation More Likely.
Update MS14-063 fixes one CVE-2014-4115 Local Privelege Escalation vulnerability in the FAT32 file system driver - Fastfat.sys. Vulnerability allows an attacker to overwrite part of the buffer in system memory. An attacker could exploit this vulnerability by connecting a USB device to a computer with a partition formatted as FAT32 file system. Important. Exploitation Less Likely.
0 - Exploitation Detected
Vulnerability is exploited in-the-wild. That is, it was established that attackers use an exploit for this vulnerability to successfully attack users. Highest hazard index.
1 - Exploitation More Likely
The probability of exploiting the vulnerability is very high, attackers can use an exploit, for example, for remote code execution.
2 - Exploitation Less Likely
The exploitation probability is average, since attackers are unlikely to be able to achieve a situation of sustainable exploitation, as well as due to the technical peculiarities of vulnerability and the complexity of developing an exploit.
3 - Exploit code unlikely
The exploitation probability is minimal and attackers are unlikely to be able to develop successfully working code and take advantage of this vulnerability to conduct an attack.
We recommend our users to install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (by default this option is enabled).
be secure.
Source: https://habr.com/ru/post/240445/
All Articles