For the July edition of Patch Tuesday, we have been presented with 29 vulnerabilities covered in 6 bulletins.
Of these, Microsoft labels 24 vulnerabilities as “critical.” One is listed as “moderate” while the rest are labeled “important.” This month’s patches are as follows:
- MS14-037 Cumulative Security Update for Internet Explorer (2975687)
- MS14-038 Vulnerability in Windows Journal Could Allow Remote CodeExecution (2975689)
- MS14-039 Vulnerability On-Screen Keyboard Could Allow Elevation ofPrivilege (2975685)
- MS14-040 Vulnerability in Ancillary Function Driver (AFD) Could AllowElevation of Privilege (2975684)
- MS14-041 Vulnerability in DirectShow Could Allow Elevation of Privilege(2975681)
- MS14-042 Vulnerability in Microsoft Service Bus Could Allow Denial ofService (2969262)
Looking over the patches, I would like to highlight the following two critical updates:
This cumulative update resolves 24 CVEs found in all supported versions of IE 6 - 11. Of the 24 CVEs, one has been publicly disclosed and the rest (23) were privately disclosed. To our knowledge, none have been used in any exploits. The majority of the issues resolved by this fix deal with Remote Code Execution (RCE) vulnerabilities. Also of note in this patch is the Extended Validation (EV) Certificate Security Feature Bypass Vulnerability (CVE-2014-2783). This vulnerability could allow an attacker to bypass EV SSL cert guidelines byusing a wildcard certificate. For more information, click the CVE number above, or read this Microsoft Security Bulletin.
The second critical patch addresses a vulnerability in .JNT files used by Microsoft Journal. Journal (journal.exe) is found on non-server Windows versions. Journal is vulnerable to specially crafted .JNT files that can lead to remote code execution when opened.
Aggregate coverage (combining host- and network-based countermeasures together) is 3 out of 7. McAfee Vulnerability Manager has the ability to scan and detect all 29 vulnerabilities. Specifically, coverage for each of the two most critical vulnerabilities (MS14-037 andMS14-038) are covered by the following McAfee endpoint security software and McAfee Firewall Enterprise:
- App Control (full coverage)
- MVM (full coverage)
- BOP (Buffer Overflow Protection w/ VSE – partial coverage)
- HIPS (partial coverage)
- NSP (partial coverage)
Further research is being performed 24/7 by McAfee Labs, and coverage may improve as additional results come in. As more details become available, you’ll find them on the McAfee Threat Center. You might also be interested in subscribing to McAfee Labs Security Advisories,where you can get real-time updates via email.
For additional useful “security” information, please makenote of the following links:
You can also review a Microsoft Summaryfor July at the Microsoft site.