Hello, welcome to this month’s blog on the Microsoft patch release. This month the vendor is releasing four bulletins covering a total of six vulnerabilities. All six of this month’s issues are rated ’Important’.
As always, customers are advised to follow these security best practices:
- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or questionable sources.
- Never visit sites of unknown or questionable integrity.
- Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft’s summary of the January releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Jan
The following is a breakdown of the issues being addressed this month:
-
MS14-001 Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605)
Memory Corruption Vulnerability in Microsoft Word (CVE-2014-0258) MS Rating: Important
A remote code execution vulnerability exists in the way that affected Microsoft Office software parses specially crafted files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.
Memory Corruption Vulnerability in Microsoft Word (CVE-2014-0259) MS Rating: Important
A remote code execution vulnerability exists in the way that affected Microsoft Office software parses specially crafted files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.
Memory Corruption Vulnerability in Microsoft Word (CVE-2014-0260) MS Rating: Important
A remote code execution vulnerability exists in the way that affected Microsoft Office software parses specially crafted files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.
-
MS14-002 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2914368)
Kernel NDProxy Vulnerability (CVE-2013-5065) MS Rating: Important
An elevation of privilege vulnerability exists in the NDProxy component of the Windows kernel due to the improper validation of input passed from user mode to the kernel. The vulnerability could allow an attacker to run code in kernel mode. An attacker who successfully exploited this vulnerability could run a specially crafted application and take complete control of an affected system. The attacker could then install programs, view, change, or delete data, or create new accounts with full administrator rights.
-
MS14-003 Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2913602)
Win32k Window Handle Vulnerability (CVE-2014-0262) MS Rating: Important
An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly uses window handle thread-owned objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated privileges.
-
MS14-004 Vulnerability in Microsoft Dynamics AX Could Allow Denial of Service (2880826)
Query Filter DoS Vulnerability (CVE-2014-0261) MS Rating: Important
A denial of service vulnerability exists in Microsoft Dynamics AX that could allow an attacker to cause a Dynamics AX server to become unresponsive.
More information on the vulnerabilities being addressed this month is available at Symantec’s free SecurityFocus portal and to our customers through the DeepSight Threat Management System.