Number: IRCNE2014082290
Date: 2014-08-12
According to “zdnet”, Microsoft has released security updates for Windows, OneNote 2007, SQL Server 2008 and above, SharePoint Server 2013 and Windows Media Center TV Pack.
The updates and the vulnerabilities they address are described in nine bulletins. Most (26) of the vulnerabilities are memory corruption vulnerabilities fixed in a Cumulative Update for Internet Explorer. All of these bugs are critical security vulnerabilities and all are exploitable, some only on older versions of Windows. One of the vulnerabilities has already been publicly disclosed and another is being exploited in the wild in limited attacks. The bulletins:
- MS14-051: Cumulative Security Update for Internet Explorer (2976627) — This update constitutes the bulk of this Patch Tuesday. Twenty-six vulnerabilities are all rated critical on Windows clients and moderate on Windows servers. Microsoft has fixed a large number of these Internet Explorer memory corruption vulnerabilities lately.
- MS14-043: Vulnerability in Windows Media Center Could Allow Remote Code Execution (2978742) — Only certain versions of Windows 7 and Windows 8.x are affected. See the bulletin for details.
- MS14-044: Vulnerabilities in SQL Server Could Allow Elevation of Privilege (2984340) — All versions since SQL Server 2008 are affected.
- MS14-045: Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2984615) — All versions of Windows are affected by three vulnerabilities that could result in elevation of privilege or Information Disclosure.
- MS14-046: Vulnerability in .NET Framework Could Allow Security Feature Bypass (2984625).Nearly all versions of Windows are affected.
- MS14-047: Vulnerability in LRPC Could Allow Security Feature Bypass (2978668) — A vulnerability in the handling of malformed RPC messages.
- MS14-048: Vulnerability in OneNote Could Allow Remote Code Execution (2977201).
- MS14-049: Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (2962490).
- MS14-050: Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege (2977202) .
Today Microsoft is also adding the ability to block old ActiveX controls to the Windows Update process. Initially, this feature will be used to block old versions of Java.
A new version of the Windows Malicious Software Removal Tool is also released today.
Finally, Microsoft has released a series of non-security updates. The details on many of them are not yet available.
- 3