As we know the threat landscape continues to drive vendors to make changes to their code in an aggressive manner. The main focus of this Patch Tuesday has been around an Internet Explorer flaw allowing for remote execution of attacks in the browser. This August Patch Tuesday brought nine security fixes, but less worrying for software users is that only two of the patches are rated as "Critical" by Microsoft which if un-protected would leave users open to remote code execution attacks.
“An attacker would exploit this vulnerability on your users through a malicious webpage. These pages can be on sites that are either set up specifically for this purpose, requiring him or her to attract your users to the site or are on sites that are already under control of the attacker with an established user community, such as blogs and forums.”
To boil this down (short) –
- Microsoft issued two critical fixes for in its Windows and Internet Explorer (IE) software products for this month’s Patch Tuesday release.
- The remaining seven vulnerabilities are related to the firm's Microsoft Office, SQL server, Windows, Server and .Net framework . Each has an "Important" rating from Microsoft and leaves users open to a mix of remote code execution, elevation of privilege and security bypass exploits.
Of the 9 releases, Microsoft identifies two as “critical” and the remaining patches are labeled “important or moderate.” This month’s patches are as follows:
HIPS, VSE BOP, App Control, NSP, Patch
Patch, HIPS, MVM
Patch, MVM, BOP, HIPS
Patch, MVM, App Control
Looking over the patches, I would like to highlight the following critical updates:
This security update resolves one publicly disclosed and twenty-five privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Microsoft Patch Information: http://technet.microsoft.com/security/bulletin/MS14-051
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that invokes Windows Media Center resources. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Microsoft Patch Information: https://technet.microsoft.com/library/security/ms14-043
Aggregate coverage (combining host- and network-based countermeasure together) is 4 out of 9. McAfee Vulnerability Manager has the ability to scan and detect all 9 vulnerabilities or the existence of a patch. Specifically, coverage for each of the two most critical related vulnerabilities (MS14-043 and MS14-051) are under further investigation. For the most current up to date coverage please follow the MTIS alerts located here:
For patches – 043 through 050 - MTIS14-124
For patch – 051 MTIS14-125
Why not VirusScan or other technologies called out as mitigations? These attacks are exploits – they do not drop malicious code onto the disk of the system, rather they allow for privileged access which opens to the door to the attacker to gain greater access and cause more harm. NOTE: In some case there are no countermeasures available – patching must be done to truly mitigate the risk. Analysis will continue to be done with labs and new detections may be added.
Further research is being performed 24/7 by McAfee Labs, and coverage may improve as additional results come in. As more details become available, you’ll find them on the McAfee Threat Center. You might also be interested in subscribing to McAfee Labs Security Advisories,where you can get real-time updates via email.
For additional useful “security” information, please makenote of the following links:
You can also review a Microsoft Summaryfor August at the Microsoft site.