Security News

Microsoft Security Bulletin Coverage (October 14, 2014)

By

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of October, 2014. A list of issues reported, along with Dell SonicWALL coverage information are as follows:

MS14-056 Cumulative Security Update for Internet Explorer (2987107)

  • CVE-2014-4123 Internet Explorer Elevation of Privilege Vulnerability
    Local Elevation of Privilege
  • CVE-2014-4124 Internet Explorer Elevation of Privilege Vulnerability
    Local Elevation of Privilege
  • CVE-2014-4126 Internet Explorer Memory Corruption Vulnerability
    IPS: 5719 “Internet Explorer Memory Corruption Vulnerability (MS14-056) 5”
  • CVE-2014-4127 Internet Explorer Memory Corruption Vulnerability
    IPS: 5752 “Internet Explorer Memory Corruption Vulnerability (MS14-056) 7”
  • CVE-2014-4128 Internet Explorer Memory Corruption Vulnerability
    IPS: 5739 “Internet Explorer Memory Corruption Vulnerability (MS14-056) 6 “
  • CVE-2014-4129 Internet Explorer Memory Corruption Vulnerability
    IPS: 7454 “HTTP Client Shellcode Exploit 35a “
  • CVE-2014-4130 Internet Explorer Memory Corruption Vulnerability
    IPS: 5416 “HTTP Client Shellcode Exploit 15a “
  • CVE-2014-4132 Internet Explorer Memory Corruption Vulnerability
    IPS: 5694 “Internet Explorer Memory Corruption Vulnerability (MS14-056) 2”
  • CVE-2014-4133 Internet Explorer Memory Corruption Vulnerability
    SPY: 1027 “Malformed-File html.MP.48 “
  • CVE-2014-4134 Internet Explorer Memory Corruption Vulnerability
    SPY: 1051 “Malformed-File html.MP.49 “
  • CVE-2014-4137 Internet Explorer Memory Corruption Vulnerability
    IPS: 5695 “Internet Explorer Memory Corruption Vulnerability (MS14-056) 3”
  • CVE-2014-4138 Internet Explorer Memory Corruption Vulnerability
    IPS: 5696 “Internet Explorer Memory Corruption Vulnerability (MS14-056) 4”
  • CVE-2014-4140 Internet Explorer ASLR Bypass Vulnerability
    IPS: 5688 “Internet Explorer ASLR Bypass Vulnerability (MS14-056) “
  • CVE-2014-4141 Internet Explorer Memory Corruption Vulnerability
    IPS: 5690 “Internet Explorer Memory Corruption Vulnerability (MS14-056) 1”

MS14-057 Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414)

  • CVE-2014-4073 .NET ClickOnce Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-4121 .NET Framework Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-4122 .NET ASLR Vulnerability
    There are no known exploits in the wild.

MS14-058 Vulnerability in Kernel-Mode Driver Could Allow Remote Code Execution (3000061)

  • CVE-2014-4113 Win32k.sys Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-4148 TrueType Font Parsing Remote Code Execution Vulnerability
    There are no known exploits in the wild.

MS14-059 Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass (2990942)

  • CVE-2014-4075 MVC XSS Vulnerability
    There are no known exploits in the wild.

MS14-060 Vulnerability in Windows OLE Could Allow Remote Code Execution (3000869)

  • CVE-2014-4114 OLE Remote Code Execution Vulnerability
    SPY: 1061 “Malformed-File pps.MP.1 “

MS14-061 Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434)

  • CVE-2014-4117 Microsoft Word File Format Vulnerability
    There are no known exploits in the wild.

MS14-062 Vulnerability in Message Queuing Service Could Allow Elevation of Privilege (2993254)

  • CVE-2014-4971 MQAC Arbitrary Write Privilege Escalation Vulnerability
    There are no known exploits in the wild.

MS14-063 Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege (2998579)

  • CVE-2014-4115 Windows Disk Partition Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories
New variant of the shellcode malware GuLoader spotted in the wild
Apache Airflow DAG Injection Vulnerability
New LockXX Ransomware Targets Users Who Speak Standard Chinese, English
A multifunction trojan targeting Linux hosts has been seen in the wild
ProFTPD SQL Injection Vulnerability (Feb 20, 2009)
NTP Daemon decodearr Function Buffer Overflow
The holiday season has passed (Feb 03, 2011)
Microsoft Security Bulletin Coverage (Jun 12, 2012)