Posts

Microsoft Security Bulletin Coverage (October 14, 2014)

/in /by

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of October, 2014. A list of issues reported, along with Dell SonicWALL coverage information are as follows:

MS14-056 Cumulative Security Update for Internet Explorer (2987107)

  • CVE-2014-4123 Internet Explorer Elevation of Privilege Vulnerability
    Local Elevation of Privilege
  • CVE-2014-4124 Internet Explorer Elevation of Privilege Vulnerability
    Local Elevation of Privilege
  • CVE-2014-4126 Internet Explorer Memory Corruption Vulnerability
    IPS: 5719 “Internet Explorer Memory Corruption Vulnerability (MS14-056) 5”
  • CVE-2014-4127 Internet Explorer Memory Corruption Vulnerability
    IPS: 5752 “Internet Explorer Memory Corruption Vulnerability (MS14-056) 7”
  • CVE-2014-4128 Internet Explorer Memory Corruption Vulnerability
    IPS: 5739 “Internet Explorer Memory Corruption Vulnerability (MS14-056) 6 “
  • CVE-2014-4129 Internet Explorer Memory Corruption Vulnerability
    IPS: 7454 “HTTP Client Shellcode Exploit 35a “
  • CVE-2014-4130 Internet Explorer Memory Corruption Vulnerability
    IPS: 5416 “HTTP Client Shellcode Exploit 15a “
  • CVE-2014-4132 Internet Explorer Memory Corruption Vulnerability
    IPS: 5694 “Internet Explorer Memory Corruption Vulnerability (MS14-056) 2”
  • CVE-2014-4133 Internet Explorer Memory Corruption Vulnerability
    SPY: 1027 “Malformed-File html.MP.48 “
  • CVE-2014-4134 Internet Explorer Memory Corruption Vulnerability
    SPY: 1051 “Malformed-File html.MP.49 “
  • CVE-2014-4137 Internet Explorer Memory Corruption Vulnerability
    IPS: 5695 “Internet Explorer Memory Corruption Vulnerability (MS14-056) 3”
  • CVE-2014-4138 Internet Explorer Memory Corruption Vulnerability
    IPS: 5696 “Internet Explorer Memory Corruption Vulnerability (MS14-056) 4”
  • CVE-2014-4140 Internet Explorer ASLR Bypass Vulnerability
    IPS: 5688 “Internet Explorer ASLR Bypass Vulnerability (MS14-056) “
  • CVE-2014-4141 Internet Explorer Memory Corruption Vulnerability
    IPS: 5690 “Internet Explorer Memory Corruption Vulnerability (MS14-056) 1”

MS14-057 Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414)

  • CVE-2014-4073 .NET ClickOnce Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-4121 .NET Framework Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-4122 .NET ASLR Vulnerability
    There are no known exploits in the wild.

MS14-058 Vulnerability in Kernel-Mode Driver Could Allow Remote Code Execution (3000061)

  • CVE-2014-4113 Win32k.sys Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-4148 TrueType Font Parsing Remote Code Execution Vulnerability
    There are no known exploits in the wild.

MS14-059 Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass (2990942)

  • CVE-2014-4075 MVC XSS Vulnerability
    There are no known exploits in the wild.

MS14-060 Vulnerability in Windows OLE Could Allow Remote Code Execution (3000869)

  • CVE-2014-4114 OLE Remote Code Execution Vulnerability
    SPY: 1061 “Malformed-File pps.MP.1 “

MS14-061 Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434)

  • CVE-2014-4117 Microsoft Word File Format Vulnerability
    There are no known exploits in the wild.

MS14-062 Vulnerability in Message Queuing Service Could Allow Elevation of Privilege (2993254)

  • CVE-2014-4971 MQAC Arbitrary Write Privilege Escalation Vulnerability
    There are no known exploits in the wild.

MS14-063 Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege (2998579)

  • CVE-2014-4115 Windows Disk Partition Driver Elevation of Privilege Vulnerability
    There are no known exploits in the wild.