Microsoft Security Bulletin Coverage (August 12, 2014)

By

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of August, 2014. A list of issues reported, along with Dell SonicWALL coverage information are as follows:

MS14-043 Vulnerability in Windows Media Center Could Allow Remote Code Execution (2978742)

  • CVE-2014-4060 CSyncBasePlayer Use After Free Vulnerability
    There are no known exploits in the wild.

MS14-044 Vulnerabilities in SQL Server Could Allow Elevation of Privilege (2984340)

  • CVE-2014-1820 SQL Master Data Services XSS Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-4061 Microsoft SQL Server Stack Overrun Vulnerability
    There are no known exploits in the wild.

MS14-045 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2984615)

  • CVE-2014-0318 Win32k Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-1819 Font Double-Fetch Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-4064 Windows Kernel Pool Allocation Vulnerability
    There are no known exploits in the wild.

MS14-046 Vulnerability in .NET Framework Could Allow Security Feature Bypass (2984625)

  • CVE-2014-4062 .NET ASLR Vulnerability
    There are no known exploits in the wild.

MS14-047 Vulnerability in LRPC Could Allow Security Feature Bypass (2978668)

  • CVE-2014-0316 LRPC ASLR Bypass Vulnerability
    There are no known exploits in the wild.

MS14-048 Vulnerability in OneNote Could Allow Remote Code Execution (2977201)

  • CVE-2014-2815 OneNote Remote Code Execution Vulnerability
    There are no known exploits in the wild.

MS14-049 Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (2962490)

  • CVE-2014-1814 Windows Installer Repair Vulnerability
    There are no known exploits in the wild.

MS14-050 Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege (2977202)

  • CVE-2014-2816 SharePoint Page Content Vulnerability
    There are no known exploits in the wild.

MS14-051 Microsoft Security Bulletin MS14-051 – Critical

  • CVE-2014-2774 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-2784 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-2796 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-2808 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-2810 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-2811 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-2817 Internet Explorer Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-2818 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-2819 Internet Explorer Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-2820 Internet Explorer Memory Corruption Vulnerability
    IPS: 4841 “Internet Explorer Memory Corruption Vulnerability (MS14-051) 1”
  • CVE-2014-2821 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-2822 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-2823 Internet Explorer Memory Corruption Vulnerability
    IPS: 4846 “Internet Explorer Memory Corruption Vulnerability (MS14-051) 2”
  • CVE-2014-2824 Internet Explorer Memory Corruption Vulnerability
    IPS: 4860 “Internet Explorer Memory Corruption Vulnerability (MS14-051) 3”

  • CVE-2014-2825 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-2826 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-2827 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-4050 Internet Explorer Memory Corruption Vulnerability
    IPS: 4862 “Internet Explorer Memory Corruption Vulnerability (MS14-051) 4”
  • CVE-2014-4051 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-4052 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-4055 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-4056 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-4057 Internet Explorer Memory Corruption Vulnerability
    IPS: 4864 “Internet Explorer Memory Corruption Vulnerability (MS14-051) 5”
  • CVE-2014-4058 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-4063 Internet Explorer Memory Corruption Vulnerability
    IPS: 4927 “Internet Explorer Memory Corruption Vulnerability (MS14-051) 6”
  • CVE-2014-4067 Internet Explorer Memory Corruption Vulnerability
    There are no known exploits in the wild.
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.