Microsoft Security Bulletin Coverage (Feb 11, 2014)

By

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of February, 2014. A list of issues reported, along with Dell SonicWALL coverage information follows:

MS14-005 Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2916036)

  • CVE-2014-0266 MSXML Information Disclosure Vulnerability
    IPS: 5933 Microsoft XML Core Services Information Disclosure (MS14-005)

MS14-006 Vulnerability in IPv6 Could Allow Denial of Service (2904659)

  • CVE-2014-0254 TCP/IP Version 6 (IPv6) Denial of Service Vulnerability
    There are no known exploits in the wild.

MS14-007 Vulnerability in Direct2D Could Allow Remote Code Execution (2912390)

  • CVE-2014-0263 Microsoft Graphics Component Memory Corruption Vulnerability
    IPS: 5927 Microsoft Graphics Component Memory Corruption (MS14-007)

MS14-008 Vulnerability in Microsoft Forefront Protection for Exchange Could Allow Remote Code Execution (2927022)

  • CVE-2014-0294 RCE Vulnerabilities
    There are no known exploits in the wild.

MS14-009 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2916607)

  • CVE-2014-0253 POST Request DoS Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-0257 Type Traversal Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-0295 VSAVB7RT ASLR Vulnerability
    There are no known exploits in the wild.

MS14-010 Cumulative Security Update for Internet Explorer (2909921)

  • CVE-2014-0268 Internet Explorer Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-0271 VBScript Memory Corruption Vulnerability
    IPS: 9997 Windows IE VBScript Memory Corruption Vulnerability (MS14-010)
  • CVE-2014-0293 Internet Explorer Cross-domain Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-0267 Internet Explorer Memory Corruption Vulnerability
    IPS: 5707 Windows IE Memory Corruption Vulnerability (MS14-010) 1
  • CVE-2014-0269 Internet Explorer Memory Corruption Vulnerability
    IPS: 5708 Windows IE Memory Corruption Vulnerability (MS14-010) 18
  • CVE-2014-0270 Internet Explorer Memory Corruption Vulnerability
    IPS: 5709 Windows IE Memory Corruption Vulnerability (MS14-010) 19
  • CVE-2014-0272 Internet Explorer Memory Corruption Vulnerability
    IPS: 7633 HTTP Client Shellcode Exploit 80
  • CVE-2014-0273 Internet Explorer Memory Corruption Vulnerability
    IPS: 9998 Windows IE Memory Corruption Vulnerability (MS14-010) 2
  • CVE-2014-0274 Internet Explorer Memory Corruption Vulnerability
    IPS: 5734 Windows IE Memory Corruption Vulnerability (MS14-010) 3
  • CVE-2014-0275 Internet Explorer Memory Corruption Vulnerability
    IPS: 5774 Windows IE Memory Corruption Vulnerability (MS14-010) 7
  • CVE-2014-0276 Internet Explorer Memory Corruption Vulnerability
    IPS: 5747 Windows IE Memory Corruption Vulnerability (MS14-010) 4
  • CVE-2014-0277 Internet Explorer Memory Corruption Vulnerability
    IPS: 5781 Windows IE Memory Corruption Vulnerability (MS14-010) 8
  • CVE-2014-0278 Internet Explorer Memory Corruption Vulnerability
    IPS: 5782 Windows IE Memory Corruption Vulnerability (MS14-010) 9
  • CVE-2014-0279 Internet Explorer Memory Corruption Vulnerability
    IPS: 5795 Windows IE Memory Corruption Vulnerability (MS14-010) 11
  • CVE-2014-0280 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-0281 Internet Explorer Memory Corruption Vulnerability
    IPS: 5914 Windows IE Memory Corruption Vulnerability (MS14-010) 14
  • CVE-2014-0283 Internet Explorer Memory Corruption Vulnerability
    IPS: 5920 Windows IE Memory Corruption Vulnerability (MS14-010) 15
  • CVE-2014-0284 Internet Explorer Memory Corruption Vulnerability
    IPS: 5805 Windows IE Memory Corruption Vulnerability (MS14-010) 12
  • CVE-2014-0285 Internet Explorer Memory Corruption Vulnerability
    IPS: 5925 Windows IE Memory Corruption Vulnerability (MS14-010) 16
  • CVE-2014-0286 Internet Explorer Memory Corruption Vulnerability
    IPS: 5894 Windows IE Memory Corruption Vulnerability (MS14-010) 13
  • CVE-2014-0287 Internet Explorer Memory Corruption Vulnerability
    IPS: 5926 Windows IE Memory Corruption Vulnerability (MS14-010) 17
  • CVE-2014-0288 Internet Explorer Memory Corruption Vulnerability
    IPS: 5793 Windows IE Memory Corruption Vulnerability (MS14-010) 10
  • CVE-2014-0289 Internet Explorer Memory Corruption Vulnerability
    IPS: 5764 Windows IE Memory Corruption Vulnerability (MS14-010) 6
  • CVE-2014-0290 Internet Explorer Memory Corruption Vulnerability
    IPS: 5748 Windows IE Memory Corruption Vulnerability (MS14-010) 5

MS14-011 Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390)

  • CVE-2014-0271 VBScript Memory Corruption Vulnerability
    IPS: 9997 Windows IE VBScript Memory Corruption Vulnerability (MS14-010)
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.