Microsoft Patch Tuesday – May 2014

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing eight bulletins covering a total of 13 vulnerabilities. Three of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the May releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms14-may

The following is a breakdown of the issues being addressed this month:

  1. MS14-022 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2952166)

    SharePoint Page Content Vulnerabilities (CVE-2014-0251) MS Rating: Important

    Multiple remote code execution vulnerabilities exist in Microsoft SharePoint Server. An authenticated attacker who successfully exploited any of these related vulnerabilities could run arbitrary code in the security context of the W3WP service account.

    SharePoint XSS Vulnerability (CVE-2014-1754) MS Rating: Critical

    An elevation of privilege vulnerability exists in Microsoft SharePoint Server. An attacker who successfully exploited this vulnerability could allow an attacker to perform cross-site scripting attacks and run script in the security context of the logged-on user.

    Web Applications Page Content Vulnerability (CVE-2014-1813) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Web Applications. An authenticated attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the W3WP service account.

  2. MS14-023 Vulnerability in Microsoft Office Could Allow Remote Code Execution (2961037)

    Microsoft Office Chinese Grammar Checking Vulnerability (CVE-2014-1756) MS Rating: Important

    A remote code execution vulnerability exists in the way that the affected Microsoft Office software handles the loading of dynamic-link library (.dll) files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Token Reuse Vulnerability (CVE-2014-1808) MS Rating: Important

    An information disclosure vulnerability exists when the affected Microsoft Office software does not properly handle a specially crafted response while attempting to open an Office file hosted on the malicious website. An attacker who successfully exploited this vulnerability could ascertain access tokens used to authenticate the current user on a targeted Microsoft online service.

  3. MS14-024 Vulnerability in a Microsoft Common Control Could Allow Security Feature Bypass (2961033)

    MSCOMCTL ASLR Vulnerability (CVE-2014-1809) MS Rating: Important

    A security feature bypass vulnerability exists because the MSCOMCTL common controls library used by Microsoft Office software does not properly implement Address Space Layout Randomization (ASLR). The vulnerability could allow an attacker to bypass the ASLR security feature, which helps protect users from a broad class of vulnerabilities. The security feature bypass by itself does not allow an arbitrary code execution. However, an attacker could use this ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability that could take advantage of the ASLR bypass to run arbitrary code.

  4. MS14-025 Vulnerability in Group Policy Preferences Could Allow Elevation of Privilege (2962486)

    Group Policy Preferences Password Elevation of Privilege Vulnerability (CVE-2014-1812) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that Active Directory distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploited the vulnerability could decrypt the passwords and use them to elevate privileges on the domain.

  5. MS14-026 Vulnerability in .NET Framework Could Allow Elevation of Privilege (2958732)

    TypeFilterLevel Vulnerability (CVE-2014-1806) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that the .NET Framework handles TypeFilterLevel checks for some malformed objects.

  6. MS14-027 Vulnerability in Windows Shell Handler Could Allow Elevation of Privilege (2962488)

    Windows Shell File Association Vulnerability (CVE-2014-1807) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows Shell improperly handles file associations. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the Local System account. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

  7. MS14-028 Vulnerability in iSCSI Could Allow Denial of Service (2962485)

    iSCSI Target Remote Denial of Service Vulnerability (CVE-2014-0255) MS Rating: Important

    A denial of service vulnerability exists in the way that affected operating systems handle iSCSI packets. An attacker who successfully exploited the vulnerability could cause the affected service or services to stop responding.

    iSCSI Target Remote Denial of Service Vulnerability (CVE-2014-0256) MS Rating: Important

    A denial of service vulnerability exists in the way that affected operating systems handle iSCSI connections. An attacker who successfully exploited the vulnerability could cause the affected service or services to stop responding.

  8. MS14-029 Security Security Update for Internet Explorer (2962482)

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-0310) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2014-1815) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.