Welcome to the second Microsoft Patch Tuesday of 2014. Thismonth’s release has the unusual twist of two last minute critical patches thatwere just announced yesterday. This is the first time patches have been addedat the last minute. Today, Microsoft has officially released 7 patchesaddressing 32 individual vulnerabilities.
Continuing with today’s seven releases, four are identifiedby Microsoft as “critical.” The remainingpatches are labeled “important” by Microsoft. This month’s patches are as follows:
- MS14-005 Vulnerabilityin Microsoft XML Core Services Could Allow Information Disclosure (2916036)
- MS14-006 Vulnerabilityin IPv6 Could Allow Denial of Service (2904659)
- MS14-007 Vulnerabilityin Direct2D Could Allow Remote Code Execution (2912390)
- MS14-008 Vulnerabilityin Microsoft Forefront Protection for Exchange Could Allow Remote CodeExecution (2927022)
- MS14-009 Vulnerabilitiesin .NET Framework Could Allow Elevation of Privilege (2916607)
- MS14-010 CumulativeSecurity Update for Internet Explorer (2909921)
- MS14-011 Vulnerabilityin VBScript Scripting Engine Could Allow Remote Code Execution (2928390)
Looking over the patches, I would like to highlight the followingfour critical updates:
The firstupdate I would like to highlight is one of the critical patches that was addedto our list yesterday. This update resolves 24 CVEs in Internet Explorerversions 6-10 in which only 1 of the 24 is known to be publicly released. Ofthe 24 CVEs, 22 take advantage of memory corruption vulnerabilities found inIE. With a properly crafted website or phishing email, an adversary may obtain completeremote access to a system including the ability to elevate the privileges ofthe current logged on user. There is no doubt why Microsoft rushed to make thisupdate part of the month’s allotment of patches. Immediate patching should bepriority number one on all systems running IE 6-10.
This is the secondhighlighted patch that Microsoft added yesterday. The patch addresses acritical vulnerability in the VBScript scripting language that can be remotelytriggered by malicious code planted in a webpage that allows the attacker theability to execute remote code. All Windows desktop and Windows Server systemsrunning VBScript 5.6-5.8 are affected and should be patched immediately. This patch should be the top priority of yourpatching cycle this month if you have these versions of VBScript in yourenvironment.
The third updateI would like to highlight consists of a patch for a vulnerability found in Windowsversions 7, 8 and RT as well as Windows Server 2012. This patch addresses anotherremotely exploitable vulnerability in IE found in the graphics applicationprogramming interface Direct2D. Anadversary can exploit the flaw by attracting users to a webpage hostingmalicious code with the specific tag for “Scalable Vector Graphics.” Then, the adversarywill be allowed the same access as the current logged on user. Though there areno known exploits of this vulnerability, I would still recommend patching thisas soon as possible.
The finalupdate we will look at this month is for a vulnerability found in MicrosoftForefront 2010 for Exchange servers. This vulnerability involves zero userinteraction and only requires the attacker to send a malicious email. Once theemail has been scanned by Forefront, the attacker’s code would be executedunder the same rights as the Microsoft Forefront Protection service account. Ifyou are running Forefront 2010, we recommend immediate patching. Also, it should be noted that McAfee offers anePO-managed product for securing exchange servers from malicious content calledMcAfee Security for Microsoft Exchange (MSME). Contact your local sales teamfor more information about MSME.
Aggregate coverage (combining host and network-basedcountermeasure together) is 28 out of 32. McAfee Vulnerability Manager has theability to scan and detect all 32 vulnerabilities.
Specifically, coverage for each of the fourmost critical related vulnerabilities (MS14-010, MS14-011, MS14-008 and MS14-007)is covered by the following McAfee endpoint security software and McAfeeEnterprise Firewall:
- BOP ( Buffer Overflow Protection ww/ VSE)
- App Control
Further research is being performed 24/7 by McAfee Labs andcoverage may improve as additional results come in. As more details become available, you’ll findthem on the McAfee Threat Center. Youmight also be interested in subscribing to McAfee Labs Security Advisories,where you can get real-time updates via email.