Adobe Flash Update

Published: 2014-11-11. Last Updated: 2014-11-11 19:51:11 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

Adobe today released a patch for Flash/Adobe Air which fixes 18 different vulnerabilities [1]. The Flash update is rated with a priority of "1" for Windows and OS X, indicating that limited exploitation has been observed. Please consult the advisory for details.

[1] http://helpx.adobe.com/security/products/flash-player/apsb14-24.html

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

Keywords: adobe flash patch
0 comment(s)

Microsoft November 2014 Patch Tuesday

Published: 2014-11-11. Last Updated: 2014-11-11 19:07:37 UTC
by Johannes Ullrich (Version: 1)
6 comment(s)

Important: Please note that Microsoft released EMET 5.1 yesterday to address conflicts between EMET 5.0 / IE 11 and the patches released here (likely MS14-065)

We are aware that bulletin numbers are skipped below. Not sure if they will come later. It is possible that I used a version of the bulletin page that wasn't quite ready yet. I will update this page as needed.

Overview of the November 2014 Microsoft patches and their status.

# Affected Contra Indications - KB Known Exploits Microsoft rating(**) ISC rating(*)
clients servers
MS14-064 Vulnerabilities in Windows OLE Could Allow Remote Code Execution
(ReplacesMS11-038 MS14-060 )
Microsoft Windows

CVE-2014-6332
CVE-2014-6352
KB 3011443 This fixes the OLE/PPT vuln that has been exploited and was partially fixed by MS14-060. Severity:Critical
Exploitability: 1
Critical Important
MS14-065 Cumulative Security Update for Internet Explorer
(ReplacesMS14-056 )
Microsoft Windows, Internet Explorer
, CVE-2014-4143, CVE-2014-6323, CVE-2014-6337, CVE-2014-6339, CVE-2014-6340, CVE-2014-6341, CVE-2014-6342, CVE-2014-6343, CVE-2014-6344, CVE-2014-6345, CVE-2014-6346, CVE-2014-6347, CVE-2014-6348, CVE-2014-6349, CVE-2014-6350, CVE-2014-6351, CVE-2014-6353
KB 3003057   Severity:Critical
Exploitability: 1
Critical Important
MS14-066 Vulnerability in Schannel Could Allow Remote Code Execution
(ReplacesMS10-085 MS12-049 )
Microsoft Windows

CVE-2014-6321
KB 2992611   Severity:Critical
Exploitability: 1
Important Critical
MS14-067 Vulnerability in XML Core Services Could Allow Remote Code Execution
(ReplacesMS14-005 MS14-033 )
Microsoft Windows

CVE-2014-4118
KB 2993958 . Severity:Critical
Exploitability: 2
Critical Critical
MS14-069 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
(ReplacesMS14-017 MS14-061 )
Microsoft Office

CVE-2014-6333
CVE-2014-6334
CVE-2014-6335
KB 3009710   Severity:Important
Exploitability: 1
Critical Important
MS14-070 Vulnerability in TCP/IP Could Allow Elevation of Privilege
(ReplacesMS09-048 )
Microsoft Windows

CVE-2014-4076
KB 2989935 vuln. publicly known Severity:Important
Exploitability: 2
Important Important
MS14-071 Vulnerability in Windows Audio Service Could Allow Elevation of Privilege
Microsoft Windows

CVE-2014-6322
KB 3005607   Severity:Important
Exploitability: 2
Important Important
MS14-072 Vulnerability in .NET Framework Could Allow Elevation of Privilege
(ReplacesMS14-026 )
Microsoft Windows, Microsoft .NET Framework

CVE-2014-4149
KB 3005210   Severity:Important
Exploitability: 2
Important Important
MS14-073 Vulnerability in Microsoft SharePoint Foundation Could Allow Elevation of Privilege
(ReplacesMS13-084 )
Microsoft Server Software

CVE-2014-4116
KB 3000431   Severity:Important
Exploitability: 2
Important Important
MS14-074 Vulnerability in Remote Desktop Protocol Could Allow Security Feature Bypass
(ReplacesMS10-085 MS14-030 )
Microsoft Windows

CVE-2014-6318
KB 3003743   Severity:Important
Exploitability: 3
Important Important
MS14-076 Vulnerability in Internet Information Services
Microsoft Windows

CVE-2014-4078
KB 2982998   Severity:Important
Exploitability: 3
Important Important
MS14-077 Vulnerability in Active Directory Federation Services Could Allow Information Disclosure
Microsoft Windows

CVE-2014-6331
KB 3003381   Severity:Important
Exploitability: 3
Important Important
MS14-078 Vulnerability in IME
Microsoft Windows,Microsoft Office

CVE-2014-4077
KB 3005210 already exploited Severity:Moderate
Exploitability: 0
Important Moderate
MS14-079 Vulnerability in Kernel Mode Driver Could Allow Denial of Service
(ReplacesMS14-058 )
Microsoft Windows

CVE-2014-6317
KB 3002885   Severity:Moderate
Exploitability: 3
Moderate Moderate
We will update issues on this page for about a week or so as they evolve.
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
  • We use 4 levels:
    • PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
    • Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
    • Important: Things where more testing and other measures can help.
    • Less Urt practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
    • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.

       

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

Keywords: mspatchday
6 comment(s)

Important EMET 5.1 Update. Apply before Patches today

Published: 2014-11-11. Last Updated: 2014-11-11 14:43:37 UTC
by Johannes Ullrich (Version: 1)
2 comment(s)

Microsoft yesterday release EMET 5.1 . One particular sentence in Microsoft's blog post suggests that you should apply this update (if you are using EMET) BEFORE you apply the Interent Explorer patch Microsoft is going to release in a couple of hours:

"If you are using Internet Explorer 11, either on Windows 7 or Windows 8.1, and have deployed EMET 5.0, it is particularly important to install EMET 5.1 as compatibility issues were discovered with the November Internet Explorer security update and the EAF+ mitigation."

For full details, and features added in EMET 5.1, see Microsoft's blog post [1]

[1] http://blogs.technet.com/b/srd/archive/2014/11/10/emet-5-1-is-available.aspx

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

Keywords:
2 comment(s)
ISC StormCast for Tuesday, November 11th 2014 http://isc.sans.edu/podcastdetail.html?id=4231

Comments


Diary Archives