August Patch Tuesday Newsletter -

 

Greetings!

 

As we know the threat landscape continues to drive vendors to make changes to their code in an aggressive manner.  The main focus of this Patch Tuesday has been around an Internet Explorer flaw allowing for remote execution of attacks in the browser.  This August Patch Tuesday brought nine security fixes, but less worrying for software users is that only two of the patches are rated as "Critical" by Microsoft which if un-protected would leave users open to remote code execution attacks.

 

“An attacker would exploit this vulnerability on your users through a malicious webpage. These pages can be on sites that are either set up specifically for this purpose, requiring him or her to attract your users to the site or are on sites that are already under control of the attacker with an established user community, such as blogs and forums.” 

 

To boil this down (short) –

 

  • Microsoft issued two critical fixes for vulnerabilities in its Windows and Internet Explorer (IE) software products for this month’s Patch Tuesday release.
  • The remaining seven vulnerabilities are related to the firm's Microsoft Office, SQL server, Windows, Server and .Net framework software products. Each has an "Important" rating from Microsoft and leaves users open to a mix of remote code execution, elevation of privilege and security bypass exploits.

 

Of the 9 releases, Microsoft identifies two as “critical” and the remaining patches are labeled “important or moderate.”  This month’s patches are as follows:

 

Date

Bulletin Number

KB Number

Title

Bulletin Rating

 

McAfee Coverage

8/12/2014

MS14-051

2976627

Cumulative Security Update for Internet Explorer

Critical

HIPS, VSE BOP, App Control, NSP, Patch

8/12/2014

MS14-050

2977202

Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege

Important

Patch, MVM

8/12/2014

MS14-049

2962490

Vulnerability in Windows Installer Service Could Allow Elevation of Privilege

Important

Patch, MVM

8/12/2014

MS14-048

2977201

Vulnerability in OneNote Could Allow Remote Code Execution

Important

Patch, HIPS, MVM

8/12/2014

MS14-047

2978668

Vulnerability in LRPC Could Allow Security Feature Bypass

Important

Patch,  MVM

8/12/2014

MS14-046

2984625

Vulnerability in .NET Framework Could Allow Security Feature Bypass

Important

Patch, MVM

8/12/2014

MS14-045

2984615

Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege

Important

Patch, MVM

8/12/2014

MS14-044

2984340

Vulnerabilities in SQL Server Could Allow Elevation of Privilege

Important

Patch, MVM, BOP, HIPS

8/12/2014

MS14-043

2978742

Vulnerability in Windows Media Center Could Allow Remote Code Execution

Critical

Patch, MVM, App Control

 

Looking over the patches, I would like to highlight the following critical updates:

 

MS14-051

(CVE-2014-2774)

This security update resolves one publicly disclosed and twenty-five privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

 

Microsoft Patch Information: http://technet.microsoft.com/security/bulletin/MS14-051

 

MS14-043

(CVE-2014-4060)

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that invokes Windows Media Center resources. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

 

Microsoft Patch Information: https://technet.microsoft.com/library/security/ms14-043

 

Aggregate coverage (combining host- and network-based countermeasure together) is 4 out of 9. McAfee Vulnerability Manager has the ability to scan and detect all 9 vulnerabilities or the existence of a patch. Specifically, coverage for each of the two most critical related vulnerabilities (MS14-043 and MS14-051) are under further investigation.  For the most current up to date coverage please follow the MTIS alerts located here:

 

For patches – 043 through 050 - MTIS14-124

For patch – 051 MTIS14-125

 

Why not VirusScan or other technologies called out as mitigations? These attacks are exploits – they do not drop malicious code onto the disk of the system, rather they allow for privileged access which opens to the door to the attacker to gain greater access and cause more harm.  NOTE: In some case there are no countermeasures available – patching must be done to truly mitigate the risk. Analysis will continue to be done with labs and new detections may be added. 

Further research is being performed 24/7 by McAfee Labs, and coverage may improve as additional results come in.  As more details become available, you’ll find them on the McAfee Threat Center.  You might also be interested in subscribing to McAfee Labs Security Advisories,where you can get real-time updates via email.

 

Finally, in case you’re interested, these briefings are archived on the McAfee Community site and newly archived here.

 

For additional useful “security” information, please makenote of the following links:

 

McAfee Labs Security Advisory

McAfee Security Content Release Notes

McAfee SNS archives

 

You can also review a Microsoft Summaryfor August at the Microsoft site.

 

Happy patching!