Posts

Microsoft Security Bulletin Coverage (December 09, 2014)

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of December, 2014. A list of issues reported, along with Dell SonicWALL coverage information are as follows:

MS14-075 Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3009712)

  • CVE-2014-6319 Outlook Web Access Token Spoofing Vulnerability
    There are no known exploits in the wild.
  • CVE-2014-6325 OWA XSS Vulnerability
    IPS: 6098 “Cross-Site Scripting (XSS) Attack 48”
  • CVE-2014-6326 OWA XSS Vulnerability
    IPS: 6107 “Cross-Site Scripting (XSS) Attack 49”
  • CVE-2014-6336 Exchange URL Redirection Vulnerability
    IPS: 6099 “Microsoft Exchange URL Redirection Vulnerability”

MS14-080 Cumulative Security Update for Internet Explorer (3008923)

  • CVE-2014-6327 Internet Explorer Memory Corruption Vulnerability
    IPS: 6097 “Internet Explorer Memory Corruption Vulnerability (MS14-080) 3”
  • CVE-2014-6328 Internet Explorer XSS Filter Bypass Vulnerability
    IPS: 6105 “Internet Explorer XSS Filter Bypass Vulnerability “
  • CVE-2014-6329 Internet Explorer Memory Corruption Vulnerability
    IPS: 3552 “Internet Explorer Memory Corruption Vulnerability (MS14-080) 2”
  • CVE-2014-6330 Internet Explorer Memory Corruption Vulnerability
    IPS: 6518 “Internet Explorer Memory Corruption Vulnerability (MS14-080) 1 “
  • CVE-2014-6363 VBScript Memory Corruption Vulnerability
    IPS: 5665 “Internet Explorer VBScript Memory Corruption Vulnerability (MS14-080)”
  • CVE-2014-6365 Internet Explorer XSS Filter Bypass Vulnerability
    SPY: 3253 “Malformed-File html.MP.52”
  • CVE-2014-6366 Internet Explorer Memory Corruption Vulnerability
    SPY: 3254 “Malformed-File html.MP.54”
  • CVE-2014-6368 Internet Explorer ASLR Bypass Vulnerability
    IPS: 6093 “Internet Explorer Memory Corruption Vulnerability (MS14-080) 4 “
  • CVE-2014-6369 Internet Explorer Memory Corruption Vulnerability
    IPS: 6094 “Internet Explorer Memory Corruption Vulnerability (MS14-080) 5”
  • CVE-2014-6373 Internet Explorer Memory Corruption Vulnerability
    SPY: 3258 “Malformed-File html.MP.56”
  • CVE-2014-6374 Internet Explorer Memory Corruption Vulnerability
    SPY: 3259 “Malformed-File html.MP.57”
  • CVE-2014-6375 Internet Explorer Memory Corruption Vulnerability
    IPS: 6106 “Internet Explorer Memory Corruption Vulnerability (MS14-080) 7”
  • CVE-2014-6376 Internet Explorer Memory Corruption Vulnerability
    SPY: 3260 ” Malformed-File html.MP.58″
  • CVE-2014-8966 Internet Explorer Memory Corruption Vulnerability
    IPS: 6095 “Internet Explorer Memory Corruption Vulnerability (MS14-080) 6”

MS14-081 Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow Remote Code Execution (3017301)

  • CVE-2014-6356 Index Remote Code Execution Vulnerability
    SPY: 3262 “Malformed-File doc.MP.19”
  • CVE-2014-6357 Use After Free Word Remote Code Execution Vulnerability
    SPY: 3263 “Malformed-File rtf.MP.5_2”

MS14-082 Vulnerability in Microsoft Office Could Allow Remote Code Execution (3017349)

  • CVE-2014-6364 Microsoft Office Component Use After Free Vulnerability
    SPY: 3264 “Malformed-File doc.MP.20”

MS14-083 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (3017347)

  • CVE-2014-6360 Global Free Remote Code Execution in Excel Vulnerability
    SPY: 3265 “Malformed-File xls.MP.43 “
  • CVE-2014-6361 Excel Invalid Pointer Remote Code Execution Vulnerability
    SPY: 3266 “Malformed-File xls.MP.44 “

MS14-084 Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3016711)

  • CVE-2014-6363 VBScript Memory Corruption Vulnerability
    IPS: 5665 “Internet Explorer VBScript Memory Corruption Vulnerability (MS14-080)”

MS14-085 Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3013126)

  • CVE-2014-6355 Information Disclosure Vulnerability
    SPY: 3261 “Malformed-File html.MP.59”

3266