December 10, 2014 at 15:57Microsoft and Adobe Released Update Set, December 2014
Microsoft released the latest planned set of security updates this year. As part of it, 24 vulnerabilities were closed in such products as MS Windows, Internet Explorer, Office, and Exchange Server (three updates with Critical status and four Important). As usual, one of the MS14-080 updates fixes vulnerabilities in Internet Explorer that could be used by cybercriminals to remotely install malicious code into the system. However, within the scope of this patch tuesday, no vulnerabilities were exploited that were used by attackers in real cyber attacks ( exploited ). To use MS14-080, a reboot is required.
Another critical update, MS14-084, fixes memory-corruption vulnerability CVE-2014-6363in the VBScript Scripting Engine (vbscript.dll) component that is used by Internet Explorer to execute VBScript scripts. This year, vbscript.dll has been patched more than once.
The MS14-080 update fixes fourteen vulnerabilities in Internet Explorer, most of which are of the Remote Code Execution type and can be used by attackers to install malware into the system. One of the vulnerabilities CVE-2014-6368 could be used to bypass ASLR in the context of the browser process (Internet Explorer ASLR Bypass Vulnerability).
Update MS14-081fixes two vulnerabilities CVE-2014-6356 (invalid index) and CVE-2014-6357 (use-after-free) in Office 2007-2010-2013 (Word & Web Apps). Both vulnerabilities are of the Remote Code Execution type and can be used by attackers to install malware through a specially crafted Office file. Critical. Exploitation More Likely .
The MS14-082 update fixes the CVE-2014-6364 RCE vulnerability of type use-after-free in MS Office 2007-2010-2013. As in the previous case, attackers can remotely execute malicious code using a specially prepared Office document. Important Exploitation More Likely .
Update MS14-083also fixes vulnerabilities in Office (MS Excel 2007-2010-2013) that could lead to remote code execution. Two vulnerabilities are exposed to correction: CVE-2014-6360 and CVE-2014-6361. Important Exploitation Less Likely .
Update MS14-075fixes four different vulnerabilities in the product MS Exchange Server 2007-2010-2013 and the online access service Outlook Web App (OWA). An Information Disclosure (Outlook Web App Token Spoofing) vulnerability CVE-2014-6319 can be used by attackers to gain unauthorized information from an Exchange server and allow them to send emails on behalf of one of the Exchange Server users. Two other vulnerabilities CVE-2014-6325 and CVE-2014-6326 (Outlook Web App XSS) of the Elevation of Privilege type are also present in the Exchange Server; upon successful exploitation, an attacker can perform a wide range of actions on a user's account, including reading it messages and change access rights. The latest vulnerability CVE-2014-6336 is of type information disclosure. Due to an error in the implementation of the OWA mechanism for working with redirect tokens when redirecting a user to URL links, this can be used by attackers to redirect the user to an arbitrary domain. ImportantExploitation Less Likely .
The MS14-085 update fixes one vulnerability CVE-2014-6355 of type Information Disclosure in the Graphics component (MS Graphics Component - windowscodecs.dll). Using a specially crafted JPEG image file that can be placed on a website, an attacker can find out information about a vulnerable system. This vulnerability can be used in conjunction with other RCE vulnerabilities when attacking Internet Explorer, as it will help attackers bypass ASLR. Important Exploitation Less Likely .
1 - Exploitation More Likely The
probability of exploiting the vulnerability is very high, attackers can use the exploit, for example, to remotely execute code.
2 - Exploitation Less Likely
The likelihood of exploitation is average, since attackers are unlikely to be able to achieve a sustainable exploitation situation, as well as due to the technical features of the vulnerability and the complexity of the exploit development.
3 - Exploit code unlikely The
probability of exploitation is minimal and attackers are unlikely to be able to develop successfully working code and use this vulnerability to conduct an attack.
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
Adobe has also updated its products Flash Player ( APSB14-27 ), Acrobat & Reader ( APSB14-28), as well as ColdFusion ( APSB14-29 ).
As part of APSB14-27, the company fixed six vulnerabilities in its Flash Player. One of the vulnerabilities CVE-2014-9163 was spotted in exploitation by attackers. Most closed vulnerabilities relate to one or another type of memory-corruption and buffer-overflow. They can be used by attackers to remotely execute code on a vulnerable system.
The APSB14-28 update fixes 20 vulnerabilities in Reader & Acrobat. Vulnerabilities can also be used to remotely execute code on a system from attackers. The current versions of these products are listed in the table below.
We also recommend updating your Flash Player. Browsers such as Internet Explorer 10 & 11 on Windows 8 / 8.1 and Google Chrome update their versions of Flash Player automatically. For IE, see the updated Security Advisory 2755801 . Check your version of Flash Player for relevance here , the table below shows these versions for various browsers.
be secure.
Another critical update, MS14-084, fixes memory-corruption vulnerability CVE-2014-6363in the VBScript Scripting Engine (vbscript.dll) component that is used by Internet Explorer to execute VBScript scripts. This year, vbscript.dll has been patched more than once.
The MS14-080 update fixes fourteen vulnerabilities in Internet Explorer, most of which are of the Remote Code Execution type and can be used by attackers to install malware into the system. One of the vulnerabilities CVE-2014-6368 could be used to bypass ASLR in the context of the browser process (Internet Explorer ASLR Bypass Vulnerability).
Update MS14-081fixes two vulnerabilities CVE-2014-6356 (invalid index) and CVE-2014-6357 (use-after-free) in Office 2007-2010-2013 (Word & Web Apps). Both vulnerabilities are of the Remote Code Execution type and can be used by attackers to install malware through a specially crafted Office file. Critical. Exploitation More Likely .
The MS14-082 update fixes the CVE-2014-6364 RCE vulnerability of type use-after-free in MS Office 2007-2010-2013. As in the previous case, attackers can remotely execute malicious code using a specially prepared Office document. Important Exploitation More Likely .
Update MS14-083also fixes vulnerabilities in Office (MS Excel 2007-2010-2013) that could lead to remote code execution. Two vulnerabilities are exposed to correction: CVE-2014-6360 and CVE-2014-6361. Important Exploitation Less Likely .
Update MS14-075fixes four different vulnerabilities in the product MS Exchange Server 2007-2010-2013 and the online access service Outlook Web App (OWA). An Information Disclosure (Outlook Web App Token Spoofing) vulnerability CVE-2014-6319 can be used by attackers to gain unauthorized information from an Exchange server and allow them to send emails on behalf of one of the Exchange Server users. Two other vulnerabilities CVE-2014-6325 and CVE-2014-6326 (Outlook Web App XSS) of the Elevation of Privilege type are also present in the Exchange Server; upon successful exploitation, an attacker can perform a wide range of actions on a user's account, including reading it messages and change access rights. The latest vulnerability CVE-2014-6336 is of type information disclosure. Due to an error in the implementation of the OWA mechanism for working with redirect tokens when redirecting a user to URL links, this can be used by attackers to redirect the user to an arbitrary domain. ImportantExploitation Less Likely .
The MS14-085 update fixes one vulnerability CVE-2014-6355 of type Information Disclosure in the Graphics component (MS Graphics Component - windowscodecs.dll). Using a specially crafted JPEG image file that can be placed on a website, an attacker can find out information about a vulnerable system. This vulnerability can be used in conjunction with other RCE vulnerabilities when attacking Internet Explorer, as it will help attackers bypass ASLR. Important Exploitation Less Likely .
1 - Exploitation More Likely The
probability of exploiting the vulnerability is very high, attackers can use the exploit, for example, to remotely execute code.
2 - Exploitation Less Likely
The likelihood of exploitation is average, since attackers are unlikely to be able to achieve a sustainable exploitation situation, as well as due to the technical features of the vulnerability and the complexity of the exploit development.
3 - Exploit code unlikely The
probability of exploitation is minimal and attackers are unlikely to be able to develop successfully working code and use this vulnerability to conduct an attack.
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
Adobe has also updated its products Flash Player ( APSB14-27 ), Acrobat & Reader ( APSB14-28), as well as ColdFusion ( APSB14-29 ).
As part of APSB14-27, the company fixed six vulnerabilities in its Flash Player. One of the vulnerabilities CVE-2014-9163 was spotted in exploitation by attackers. Most closed vulnerabilities relate to one or another type of memory-corruption and buffer-overflow. They can be used by attackers to remotely execute code on a vulnerable system.
The APSB14-28 update fixes 20 vulnerabilities in Reader & Acrobat. Vulnerabilities can also be used to remotely execute code on a system from attackers. The current versions of these products are listed in the table below.
We also recommend updating your Flash Player. Browsers such as Internet Explorer 10 & 11 on Windows 8 / 8.1 and Google Chrome update their versions of Flash Player automatically. For IE, see the updated Security Advisory 2755801 . Check your version of Flash Player for relevance here , the table below shows these versions for various browsers.
be secure.