Tag Archives: Microsoft Patch Tuesday

Microsoft Patch Tuesday – January 2015

      No Comments on Microsoft Patch Tuesday – January 2015

Hello, welcome to this month’s blog on the Microsoft patch release. This month the vendor is releasing eight bulletins covering a total of 8 vulnerabilities. One of this month’s issues is rated ’Critical’.

Read More

Microsoft Patch Tuesday – December 2014

      No Comments on Microsoft Patch Tuesday – December 2014
This month the vendor is releasing seven bulletins covering a total of 24 vulnerabilities. Thirteen of this month’s issues are rated ‘Critical’.

Twitter Card Style: 

summary

ms-tuesday-patch-key-concept-colored-light.png

Hello, welcome to this month’s blog on the Microsoft patch release. This month the vendor is releasing seven bulletins covering a total of 24 vulnerabilities. Thirteen of this month’s issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft’s summary of the December releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms14-dec

The following is a breakdown of the issues being addressed this month:

  1. MS14-075 Vulnerabilities in Microsoft Exchange Server Could Allow Security Feature Bypass (3009712)

    Outlook Web Access Token Spoofing Vulnerability (CVE-2014-6319) MS Rating: Moderate

    A token spoofing vulnerability exists in Exchange Server when Microsoft Outlook Web Access (OWA) fails to properly validate a request token.

    OWA XSS Vulnerability (CVE-2014-6325) MS Rating: Important

    An elevation of privilege vulnerability exists when Microsoft Exchange Server does not properly validate input. An attacker who successfully exploited this vulnerability could run script in the context of the current user.

    OWA XSS Vulnerability (CVE-2014-6326) MS Rating: Important

    An elevation of privilege vulnerability exists when Microsoft Exchange Server does not properly validate input. An attacker who successfully exploited this vulnerability could run script in the context of the current user.

    Exchange URL Redirection Vulnerability (CVE-2014-6336) MS Rating: Important

    A spoofing vulnerability exists in Microsoft Exchange when Microsoft Outlook Web Access (OWA) fails to properly validate redirection tokens.

  2. MS14-080 Cumulative Security Update for Internet Explorer (3008923)

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-6327) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-6329) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-6330) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-6366) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-6369) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-6373) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-6374) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-6375) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-6376) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-8966) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    XSS Filter Bypass Vulnerability in Internet Explorer (CVE-2014-6328) MS Rating: Important

    An XSS filter bypass vulnerability exists in the way Internet Explorer disables an HTML attribute in otherwise appropriately filtered HTTP response data. This vulnerability could allow initially disabled scripts to run in the wrong security context, leading to information disclosure.

    XSS Filter Bypass Vulnerability in Internet Explorer (CVE-2014-6365) MS Rating: Important

    An XSS filter bypass vulnerability exists in the way Internet Explorer disables an HTML attribute in otherwise appropriately filtered HTTP response data. This vulnerability could allow initially disabled scripts to run in the wrong security context, leading to information disclosure.

    Internet Explorer ASLR Bypass Vulnerability (CVE-2014-6368) MS Rating: Important

    A security feature bypass vulnerability exists when Internet Explorer does not use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. This vulnerability could allow an attacker to bypass the Address Space Layout Randomization (ASLR) security feature.

    VBScript Memory Corruption Vulnerability (CVE-2014-6363) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the VBScript engine, when rendered in Internet Explorer, handles objects in memory. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

  3. MS14-081 Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow (3017301)

    Index Remote Code Execution Vulnerability (CVE-2014-6356) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Microsoft Word does not properly handle objects in memory while parsing specially crafted Office files. System memory may be corrupted in such a way that an attacker could execute arbitrary code.

    Use After Free Word Remote Code Execution Vulnerability (CVE-2014-6357) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Microsoft Word does not properly handle objects in memory while parsing specially crafted Office files. System memory may be corrupted in such a way that an attacker could execute arbitrary code.

  4. MS14-082 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3017349)

    Microsoft Office Component Use After Free Vulnerability (CVE-2014-6364) MS Rating: Important

    A remote code execution vulnerability exists in the context of the current user that is caused when Microsoft Word does not properly handle objects in memory while parsing specially crafted Office files.

  5. MS14-083 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (3017347)

    Global Free Remote Code Execution in Excel Vulnerability (CVE-2014-6360) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Excel does not properly handle objects in memory while parsing specially crafted Office files. System memory may be corrupted in such a way that an attacker could execute arbitrary code.

    Excel Invalid Pointer Remote Code Execution Vulnerability (CVE-2014-6361) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Excel does not properly handle objects in memory while parsing specially crafted Office files. System memory may be corrupted in such a way that an attacker could execute arbitrary code.

  6. MS14-084 Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3016711)

    VBScript Memory Corruption Vulnerability (CVE-2014-6363) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the VBScript engine, when rendered in Internet Explorer, handles objects in memory. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

  7. MS14-085 Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3013126)

    Information Disclosure Vulnerability (CVE-2014-6355) MS Rating: Important

    An information disclosure vulnerability exists in the Microsoft Graphics Component that could allow an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. The vulnerability is caused when the Microsoft Graphics Component improperly handles the decoding of JPEG images in memory. An attacker could use this information disclosure vulnerability to gain information about the system that could then be combined with other attacks to compromise the system.

More information on the vulnerabilities being addressed this month is available at Symantec’s free SecurityFocus portal and to our customers through the DeepSight Threat Management System.

Microsoft Patch Tuesday – November 2014

      No Comments on Microsoft Patch Tuesday – November 2014
This month the vendor is releasing fourteen bulletins covering a total of 33 vulnerabilities. Fourteen of this month’s issues are rated ’Critical’.

ms-tuesday-patch-key-concept-white-light 2_0.png

Hello, welcome to this month’s blog on the Microsoft patch release. This month the vendor is releasing fourteen bulletins covering a total of 33 vulnerabilities. Fourteen of this month’s issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft’s summary of the November releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms14-nov

The following is a breakdown of the issues being addressed this month:

  1. MS14-064 Vulnerabilities in Windows OLE Could Allow Remote Code Execution (3011443)

    Windows OLE Automation Array Remote Code Execution Vulnerability (CVE-2014-6332) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.

    Windows OLE Remote Code Execution Vulnerability (CVE-2014-6352) MS Rating: Important

    A remote code execution vulnerability exists in the context of the current user that is caused when a user downloads, or receives, and then opens a specially crafted Microsoft Office file that contains OLE objects.

  2. MS14-065 Cumulative Security Update for Internet Explorer (3003057)

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-4143) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-6337) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-6341) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-6342) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-6343) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-6344) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-6347) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-6348) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-6351) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-6353) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Elevation of Privilege Vulnerability (CVE-2014-6349) MS Rating: Important

    An elevation of privilege vulnerability exists when Internet Explorer does not properly validate permissions under specific conditions. An attacker who successfully exploited this vulnerability could run scripts run with elevated privileges.

    Internet Explorer Elevation of Privilege Vulnerability (CVE-2014-6350) MS Rating: Important

    An elevation of privilege vulnerability exists when Internet Explorer does not properly validate permissions under specific conditions. An attacker who successfully exploited this vulnerability could run scripts run with elevated privileges.

    Internet Explorer Cross-domain Information Disclosure Vulnerability (CVE-2014-6340) MS Rating: Important

    An information disclosure vulnerability exists when Internet Explorer does not properly enforce cross-domain policies. An attacker could exploit this issue to gain access to information in another domain or Internet Explorer zone.

    Internet Explorer Cross-domain Information Disclosure Vulnerability (CVE-2014-6345) MS Rating: Important

    An information disclosure vulnerability exists when Internet Explorer does not properly enforce cross-domain policies. An attacker could exploit this issue to gain access to information in another domain or Internet Explorer zone.

    Internet Explorer Cross-domain Information Disclosure Vulnerability (CVE-2014-6346) MS Rating: Important

    An information disclosure vulnerability exists when Internet Explorer does not properly enforce cross-domain policies. An attacker could exploit this issue to gain access to information in another domain or Internet Explorer zone.

    Internet Explorer Clipboard Information Disclosure Vulnerability (CVE-2014-6323) MS Rating: Important

    An information disclosure vulnerability exists when Internet Explorer does not properly restrict access to the clipboard of a user who visits a website. The vulnerability could allow data stored on the Windows clipboard to be accessed by a malicious site. An attacker could collect information from the clipboard of a user if that user visits the malicious site.

    Internet Explorer ASLR Bypass Vulnerability (CVE-2014-6339) MS Rating: Important

    A security feature bypass vulnerability exists when Internet Explorer does not use the Address Space Layout Randomization (ASLR) security feature, which could allow an attacker to more reliably predict the memory offsets of specific instructions in a given call stack.

  3. MS14-066 Vulnerability in Schannel Could Allow Remote Code Execution (2992611)

    Microsoft Schannel Remote Code Execution Vulnerability (CVE-2014-6321) MS Rating: Critical

    A remote code execution vulnerability exists in the Secure Channel (Schannel) security package due to the improper processing of specially crafted packets.

  4. MS14-067 Vulnerability in XML Core Services Could Allow Remote Code Execution (2993958)

    MSXML Remote Code Execution Vulnerability (CVE-2014-4118) MS Rating: Critical

    A remote code execution vulnerability exists when Microsoft XML Core Services (MSXML) improperly parses XML content, which can corrupt the system state in such a way as to allow an attacker to run arbitrary code. The vulnerability could allow a remote code execution if a user opens a specially crafted file or webpage.

  5. MS14-069 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3009710)

    Microsoft Office Double Delete Remote Code Execution Vulnerability (CVE-2014-6333) MS Rating: Important

    A remote code execution vulnerability exists in the context of the current user that is caused when Microsoft Word does not properly handle objects in memory while parsing specially crafted Office files.

    Microsoft Office Bad Index Remote Code Execution Vulnerability (CVE-2014-6334) MS Rating: Important

    A remote code execution vulnerability exists in the context of the current user that is caused when Microsoft Word improperly handles objects in memory while parsing specially crafted Office files. This could corrupt system memory in such a way as to allow an attacker to execute arbitrary code.

    Microsoft Office Invalid Pointer Remote Code Execution Vulnerability (CVE-2014-6335) MS Rating: Important

    A remote code execution vulnerability exists in the context of the local user that is caused when Microsoft Word improperly handles objects in memory while parsing specially crafted Office files. This could corrupt system memory in such a way as to allow an attacker to execute arbitrary code.

  6. MS14-070 Vulnerability in TCP/IP Could Allow Elevation of Privilege (2989935)

    TCP/IP Elevation of Privilege Vulnerability (CVE-2014-4076) MS Rating: Important

    An elevation of privilege vulnerability exists in the Windows TCP/IP stack (tcpip.sys, tcpip6.sys) that is caused when the Windows TCP/IP stack fails to properly handle objects in memory during IOCTL processing.

  7. MS14-071 Vulnerability in Windows Audio Service Could Allow Elevation of Privilege (3005607)

    Windows Audio Service Vulnerability (CVE-2014-6322) MS Rating: Important

    An elevation of privilege vulnerability exists in the Windows audio service component that could be exploited through Internet Explorer. The vulnerability is caused when Internet Explorer does not properly validate permissions under specific conditions, potentially allowing script to be run with elevated privileges.

  8. MS14-072 Vulnerability in .NET Framework Could Allow Elevation of Privilege (3005210)

    TypeFilterLevel Vulnerability (CVE-2014-4149) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that .NET Framework handles TypeFilterLevel checks for some malformed objects.

  9. MS14-073 Vulnerability in Microsoft SharePoint Foundation Could Allow Elevation of Privilege (3000431)

    SharePoint Elevation of Privilege Vulnerability (CVE-2014-4116) MS Rating: Important

    An elevation of privilege vulnerability exists when SharePoint Server does not properly sanitize page content in SharePoint lists. An authenticated attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user.

  10. MS14-074 Vulnerability in Remote Desktop Protocol could allow Security Feature Bypass (3003743)

    Remote Desktop Protocol (RDP) Failure to Audit Vulnerability (CVE-2014-6318) MS Rating: Important

    A security feature bypass vulnerability exists in Remote Desktop Protocol (RDP) when RDP does not properly log failed logon attempts. The vulnerability could allow an attacker to bypass the audit logon security feature. The security feature bypass by itself does not allow an arbitrary code execution. However, an attacker could use this bypass vulnerability in conjunction with another vulnerability.

  11. MS14-076 Vulnerability in Internet Information Services (IIS) Could Allow Security Feature Bypass (2982998)

    IIS Security Feature Bypass Vulnerability (CVE-2014-4078) MS Rating: Important

    A security feature bypass vulnerability exists in Internet Information Services (IIS) that is caused when incoming web requests are not properly compared against the ‘IP and domain restriction’ filtering list.

  12. MS14-077 Vulnerability in Active Directory Federation Services could allow Information Disclosure (3003381)

    Active Directory Federation Services Information Disclosure Vulnerability (CVE-2014-6331) MS Rating: Important

    An information disclosure vulnerability exists when Active Directory Federation Services (AD FS) fails to properly log off a user. The vulnerability could allow an unintentional information disclosure.

  13. MS14-078 Vulnerability in IME (Japanese) Could Allow Elevation of Privilege (2992719)

    Microsoft IME (Japanese) Elevation of Privilege Vulnerability (CVE-2014-4077) MS Rating: Moderate

    An elevation of privilege vulnerability exists in Microsoft IME for Japanese that is caused when a vulnerable sandboxed application uses Microsoft IME (Japanese).

  14. MS14-079 Vulnerability in Kernel-Mode Driver Could Allow Denial of Service (3002885)

    Denial of Service in Windows Kernel Mode Driver Vulnerability (CVE-2014-6317) MS Rating: Moderate

    A denial of service vulnerability exists in the Windows kernel-mode driver that is caused by the improper handling of TrueType font objects in memory.

More information on the vulnerabilities being addressed this month is available at Symantec’s free SecurityFocus portal and to our customers through the DeepSight Threat Management System.

Microsoft Patch Tuesday – October 2014

      No Comments on Microsoft Patch Tuesday – October 2014
This month the vendor is releasing eight bulletins covering a total of 24 vulnerabilities. Thirteen of this month’s issues are rated ’Critical’.

This month the vendor is releasing eight bulletins covering a total of 24 vulnerabilities. Thirteen of this month’s issues are rated ’Critical’.

?????????????Microsoft Patch Tuesday?- 2014 ? 5 ?

今月のマイクロソフトパッチリリースブログをお届けします。今月は、13 件の脆弱性を対象として 8 つのセキュリティ情報がリリースされています。このうち 3 件が「緊急」レベルです。

いつものことですが、ベストプラクティスとして以下のセキュリティ対策を講じることを推奨します。

  • ベンダーのパッチが公開されたら、できるだけ速やかにインストールする。
  • ソフトウェアはすべて、必要な機能を使える最小限の権限で実行する。
  • 未知の、または疑わしいソースからのファイルは扱わない。
  • 整合性が未知の、または疑わしいサイトには絶対にアクセスしない。
  • 特定のアクセスが必要な場合を除いて、ネットワークの周辺部では重要なシステムへの外部からのアクセスを遮断する。

マイクロソフトの 5 月のリリースに関する概要は、次のページで公開されています。
http://technet.microsoft.com/ja-jp/security/bulletin/ms14-may

今月のパッチで対処されている問題の一部について、詳しい情報を以下に示します。

  1. MS14-022 Microsoft SharePoint Server の脆弱性により、リモートでコードが実行される(2952166)

    SharePoint ページコンテンツの脆弱性(CVE-2014-0251)MS の深刻度: 重要

    Microsoft SharePoint Server に複数のリモートコード実行の脆弱性が存在します。認証された攻撃者が、関連するこれらの脆弱性のいずれかの悪用に成功すると、W3WP サービスアカウントのセキュリティコンテキストで任意のコードを実行できる場合があります。

    SharePoint XSS の脆弱性(CVE-2014-1754)MS の深刻度: 緊急

    Microsoft SharePoint Server に特権昇格の脆弱性が存在します。攻撃者がこの脆弱性の悪用に成功すると、クロスサイトスクリプティング攻撃を実行し、ログオンユーザーのセキュリティコンテキストでスクリプトを実行できる場合があります。

    Web Applications ページコンテンツの脆弱性(CVE-2014-1813)MS の深刻度: 重要

    Microsoft Web Applications にリモートコード実行の脆弱性が存在します。認証された攻撃者がこの脆弱性の悪用に成功すると、W3WP サービスアカウントのセキュリティコンテキストで任意のコードを実行できる場合があります。

  2. MS14-023 Microsoft Office の脆弱性により、リモートでコードが実行される(2961037)

    Microsoft Office の中国語文章校正の脆弱性(CVE-2014-1756)MS の深刻度: 重要

    影響を受ける Microsoft Office ソフトウェアがダイナミックリンクライブラリ(.dll)ファイルのロードを処理する方法に、リモートコード実行の脆弱性が存在します。攻撃者がこの脆弱性の悪用に成功すると、影響を受けるシステムを完全に制御できる恐れがあります。攻撃者はその後、プログラムのインストール、データの表示、変更、削除、完全なユーザー権限を持つ新しいアカウントの作成ができる場合があります。システムでのユーザー権限が低い設定のアカウントを持つユーザーは、管理者のユーザー権限で実行しているユーザーよりもこの脆弱性による影響が少ないと考えられます。

    トークン再使用の脆弱性(CVE-2014-1808)MS の深刻度: 重要

    悪質な Web サイト上にホストされている Office ファイルを開こうとしているとき、影響を受ける Microsoft Office ソフトウェアが特別に細工された応答を適切に処理できない場合に、情報漏えいの脆弱性が存在します。攻撃者がこの脆弱性の悪用に成功すると、標的となる Microsoft オンラインサービスで現在のユーザーの認証に使うアクセストークンを確認できる場合があります。

  3. MS14-024 Microsoft コモンコントロールの脆弱性により、セキュリティ機能が回避される(2961033)

    MSCOMCTL ASLR の脆弱性(CVE-2014-1809)MS の深刻度: 重要

    Microsoft Office ソフトウェアによって使用される MSCOMCTL コモンコントロールライブラリが ASLR(Address Space Layout Randomization)を適切に実装していないため、セキュリティ機能回避の脆弱性が存在します。この脆弱性により、攻撃者は広い範囲の脆弱性からユーザーを保護している ASLR セキュリティ機能を回避できるようになります。このセキュリティ機能の回避そのものによって任意のコードが実行されることはありませんが、攻撃者はこの ASLR 回避の脆弱性を、リモートでコード実行の脆弱性など別の脆弱性と組み合わせて使用し、ASLR 回避を利用することで、任意のコードを実行する可能性があります。

  4. MS14-025 グループポリシー基本設定の脆弱性により、特権が昇格される(2962486)

    グループポリシー基本設定のパスワードの特権昇格の脆弱性(CVE-2014-1812)MS の深刻度: 重要

    Active Directory がグループポリシー基本設定を使って構成されているパスワードを配布する方法に、特権昇格の脆弱性が存在します。認証された攻撃者がこの脆弱性の悪用に成功すると、パスワードを解読して利用し、ドメイン上で特権を昇格できる可能性があります。

  5. MS14-026 .NET Framework の脆弱性により、特権が昇格される(2958732)

    TypeFilterLevel の脆弱性(CVE-2014-1806)MS の深刻度: 重要

    .NET Framework が不正な形式の一部のオブジェクトに対して TypeFilterLevel チェックを処理する方法に、特権昇格の脆弱性が存在します。

  6. MS14-027 Windows シェルハンドラの脆弱性により、特権が昇格される(2962488)

    Windows シェルのファイル関連付けの脆弱性(CVE-2014-1807)MS の深刻度: 重要

    Windows シェルがファイルの関連付けを正しく処理しない場合に、特権昇格の脆弱性が存在します。攻撃者がこの脆弱性の悪用に成功すると、Local System アカウントのコンテキストで任意のコードを実行できる場合があります。攻撃者はその後、プログラムのインストール、データの表示、変更、削除、完全な管理者権限を持つ新しいアカウントの作成ができる場合があります。

  7. MS14-028 iSCSI の脆弱性により、サービス拒否が起こる(2962485)

    iSCSI ターゲットのリモートサービス拒否の脆弱性(CVE-2014-0255)MS の深刻度: 重要

    影響を受けるオペレーティングシステムが iSCSI パケットを処理する方法に、サービス拒否の脆弱性が存在します。攻撃者がこの脆弱性の悪用に成功すると、影響を受けるサービスが応答を停止する可能性があります。

    iSCSI ターゲットのリモートサービス拒否の脆弱性(CVE-2014-0256)MS の深刻度: 重要

    影響を受けるオペレーティングシステムが iSCSI 接続を処理する方法に、サービス拒否の脆弱性が存在します。攻撃者がこの脆弱性の悪用に成功すると、影響を受けるサービスが応答を停止する可能性があります。

  8. MS14-029  Internet Explorer 用のセキュリティ更新プログラム(2962482)

    Internet Explorer のメモリ破損の脆弱性(CVE-2014-0310)MS の深刻度: 緊急

    Internet Explorer のメモリ内のオブジェクトへのアクセスが不適切な場合に、リモートコード実行の脆弱性が存在します。この脆弱性によってメモリが破損し、攻撃者が現在のユーザーのコンテキストで任意のコードを実行できる場合があります。

    Internet Explorer のメモリ破損の脆弱性(CVE-2014-1815)MS の深刻度: 緊急

    Internet Explorer のメモリ内のオブジェクトへのアクセスが不適切な場合に、リモートコード実行の脆弱性が存在します。この脆弱性によってメモリが破損し、攻撃者が現在のユーザーのコンテキストで任意のコードを実行できる場合があります。

今月対処されている脆弱性についての詳しい情報は、シマンテックが無償で公開している SecurityFocus ポータルでご覧いただくことができ、製品をご利用のお客様は DeepSight Threat Management System を通じても情報を入手できます。

 

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/ja にアクセスしてください。

Microsoft Patch Tuesday – May 2014

Hello, welcome to this month’s blog on the Microsoft patch release. This month the vendor is releasing eight bulletins covering a total of 13 vulnerabilities. Three of this month’s issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft’s summary of the May releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms14-may

The following is a breakdown of the issues being addressed this month:

  1. MS14-022 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2952166)

    SharePoint Page Content Vulnerabilities (CVE-2014-0251) MS Rating: Important

    Multiple remote code execution vulnerabilities exist in Microsoft SharePoint Server. An authenticated attacker who successfully exploited any of these related vulnerabilities could run arbitrary code in the security context of the W3WP service account.

    SharePoint XSS Vulnerability (CVE-2014-1754) MS Rating: Critical

    An elevation of privilege vulnerability exists in Microsoft SharePoint Server. An attacker who successfully exploited this vulnerability could allow an attacker to perform cross-site scripting attacks and run script in the security context of the logged-on user.

    Web Applications Page Content Vulnerability (CVE-2014-1813) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Web Applications. An authenticated attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the W3WP service account.

  2. MS14-023 Vulnerability in Microsoft Office Could Allow Remote Code Execution (2961037)

    Microsoft Office Chinese Grammar Checking Vulnerability (CVE-2014-1756) MS Rating: Important

    A remote code execution vulnerability exists in the way that the affected Microsoft Office software handles the loading of dynamic-link library (.dll) files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Token Reuse Vulnerability (CVE-2014-1808) MS Rating: Important

    An information disclosure vulnerability exists when the affected Microsoft Office software does not properly handle a specially crafted response while attempting to open an Office file hosted on the malicious website. An attacker who successfully exploited this vulnerability could ascertain access tokens used to authenticate the current user on a targeted Microsoft online service.

  3. MS14-024 Vulnerability in a Microsoft Common Control Could Allow Security Feature Bypass (2961033)

    MSCOMCTL ASLR Vulnerability (CVE-2014-1809) MS Rating: Important

    A security feature bypass vulnerability exists because the MSCOMCTL common controls library used by Microsoft Office software does not properly implement Address Space Layout Randomization (ASLR). The vulnerability could allow an attacker to bypass the ASLR security feature, which helps protect users from a broad class of vulnerabilities. The security feature bypass by itself does not allow an arbitrary code execution. However, an attacker could use this ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability that could take advantage of the ASLR bypass to run arbitrary code.

  4. MS14-025 Vulnerability in Group Policy Preferences Could Allow Elevation of Privilege (2962486)

    Group Policy Preferences Password Elevation of Privilege Vulnerability (CVE-2014-1812) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that Active Directory distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploited the vulnerability could decrypt the passwords and use them to elevate privileges on the domain.

  5. MS14-026 Vulnerability in .NET Framework Could Allow Elevation of Privilege (2958732)

    TypeFilterLevel Vulnerability (CVE-2014-1806) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that the .NET Framework handles TypeFilterLevel checks for some malformed objects.

  6. MS14-027 Vulnerability in Windows Shell Handler Could Allow Elevation of Privilege (2962488)

    Windows Shell File Association Vulnerability (CVE-2014-1807) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows Shell improperly handles file associations. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the Local System account. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

  7. MS14-028 Vulnerability in iSCSI Could Allow Denial of Service (2962485)

    iSCSI Target Remote Denial of Service Vulnerability (CVE-2014-0255) MS Rating: Important

    A denial of service vulnerability exists in the way that affected operating systems handle iSCSI packets. An attacker who successfully exploited the vulnerability could cause the affected service or services to stop responding.

    iSCSI Target Remote Denial of Service Vulnerability (CVE-2014-0256) MS Rating: Important

    A denial of service vulnerability exists in the way that affected operating systems handle iSCSI connections. An attacker who successfully exploited the vulnerability could cause the affected service or services to stop responding.

  8. MS14-029 Security Security Update for Internet Explorer (2962482)

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-0310) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-1815) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

More information on the vulnerabilities being addressed this month is available at Symantec’s free SecurityFocus portal and to our customers through the DeepSight Threat Management System.