Number: IRCNE2014092311
Date: 2014/09/10
According to “zdnet”, Microsoft has released four security bulletins and updates to address them. A total of 42 vulnerabilities are addressed in these updates.
- MS14-052: Cumulative Security Update for Internet Explorer (2977629) — This update fixes 37 vulnerabilities, one of them publicly-disclosed back in February. The other 36 are all memory corruption vulnerabilities. The worst of them could allow an attacker to run code on the user's system in the context of the user. All versions of Windows other than the Server Core versions are affected by these bugs.
- MS14-053: Vulnerability in .NET Framework Could Allow Denial of Service (2990931) — This is a single vulnerability which affects all current versions of the Microsoft .NET Framework except version 3.5 Service Pack 1. All versions of Windows, including the Server Core versions except for the non-R2 versions of Windows Server 2008 are affected by this vulnerability.
- MS14-054: Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (2988948) — An attacker who logged on to the system and ran a malicious program could elevate privilege to that of the local system account. This single vulnerability affects only the current generations of Windows: Windows RT, Windows 8.x and Windows Server 2012 and Windows Server 2012 R2, including Server Core.
- MS14-055: Vulnerabilities in Microsoft Lync Server Could Allow Denial of Service (2990928) — An attacker who sends a specially-crafted request to Microsoft Lync Server 2010 or 2013 could cause a denial of service in the server.
At the same time, Microsoft has released 11 non-security updates and a new version of the Windows Malicious Software Removal Tool.
- 2