Microsoft Security Bulletin Coverage (October 14, 2014)
Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of October, 2014. A list of issues reported, along with Dell SonicWALL coverage information are as follows:
MS14-056 Cumulative Security Update for Internet Explorer (2987107)
- CVE-2014-4123 Internet Explorer Elevation of Privilege Vulnerability
Local Elevation of Privilege - CVE-2014-4124 Internet Explorer Elevation of Privilege Vulnerability
Local Elevation of Privilege - CVE-2014-4126 Internet Explorer Memory Corruption Vulnerability
IPS: 5719 “Internet Explorer Memory Corruption Vulnerability (MS14-056) 5” - CVE-2014-4127 Internet Explorer Memory Corruption Vulnerability
IPS: 5752 “Internet Explorer Memory Corruption Vulnerability (MS14-056) 7” - CVE-2014-4128 Internet Explorer Memory Corruption Vulnerability
IPS: 5739 “Internet Explorer Memory Corruption Vulnerability (MS14-056) 6 “ - CVE-2014-4129 Internet Explorer Memory Corruption Vulnerability
IPS: 7454 “HTTP Client Shellcode Exploit 35a “ - CVE-2014-4130 Internet Explorer Memory Corruption Vulnerability
IPS: 5416 “HTTP Client Shellcode Exploit 15a “ - CVE-2014-4132 Internet Explorer Memory Corruption Vulnerability
IPS: 5694 “Internet Explorer Memory Corruption Vulnerability (MS14-056) 2” - CVE-2014-4133 Internet Explorer Memory Corruption Vulnerability
SPY: 1027 “Malformed-File html.MP.48 “ - CVE-2014-4134 Internet Explorer Memory Corruption Vulnerability
SPY: 1051 “Malformed-File html.MP.49 “ - CVE-2014-4137 Internet Explorer Memory Corruption Vulnerability
IPS: 5695 “Internet Explorer Memory Corruption Vulnerability (MS14-056) 3” - CVE-2014-4138 Internet Explorer Memory Corruption Vulnerability
IPS: 5696 “Internet Explorer Memory Corruption Vulnerability (MS14-056) 4” - CVE-2014-4140 Internet Explorer ASLR Bypass Vulnerability
IPS: 5688 “Internet Explorer ASLR Bypass Vulnerability (MS14-056) “ - CVE-2014-4141 Internet Explorer Memory Corruption Vulnerability
IPS: 5690 “Internet Explorer Memory Corruption Vulnerability (MS14-056) 1”
MS14-057 Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414)
- CVE-2014-4073 .NET ClickOnce Elevation of Privilege Vulnerability
There are no known exploits in the wild. - CVE-2014-4121 .NET Framework Remote Code Execution Vulnerability
There are no known exploits in the wild. - CVE-2014-4122 .NET ASLR Vulnerability
There are no known exploits in the wild.
MS14-058 Vulnerability in Kernel-Mode Driver Could Allow Remote Code Execution (3000061)
- CVE-2014-4113 Win32k.sys Elevation of Privilege Vulnerability
There are no known exploits in the wild. - CVE-2014-4148 TrueType Font Parsing Remote Code Execution Vulnerability
There are no known exploits in the wild.
MS14-059 Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass (2990942)
- CVE-2014-4075 MVC XSS Vulnerability
There are no known exploits in the wild.
MS14-060 Vulnerability in Windows OLE Could Allow Remote Code Execution (3000869)
- CVE-2014-4114 OLE Remote Code Execution Vulnerability
SPY: 1061 “Malformed-File pps.MP.1 “
MS14-061 Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434)
- CVE-2014-4117 Microsoft Word File Format Vulnerability
There are no known exploits in the wild.
MS14-062 Vulnerability in Message Queuing Service Could Allow Elevation of Privilege (2993254)
- CVE-2014-4971 MQAC Arbitrary Write Privilege Escalation Vulnerability
There are no known exploits in the wild.
MS14-063 Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege (2998579)
- CVE-2014-4115 Windows Disk Partition Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.