New Windows vulnerabilities exploited by cybercriminals

    Yesterday only for Windows, 4 0day vulnerabilities were released that were already closed by Microsoft with the planned patch tuesday. In addition to the previously mentioned Remote Code Execution vulnerability CVE-2014-4114 in the OLE component of the package manager, it became known about another RCE vulnerability and two Local Privilege Escalation vulnerabilities that are present in the win32k.sys driver and Internet Explorer browser. Vulnerabilities are used by attackers in targeted attacks and are presented in the table below.

    In total, over the past patch tuesday, Microsoft has closed 24 vulnerabilities in Windows, IE, Office, .NET Framework, and ASP .NET products. To do this, 8 updates were released, three of which have Critical status and five Important. In addition, the new Internet Explorer 11 security option, called the “ActiveX control blocking feature” , which we wrote about in detail here , has been expanded to block obsolete Silverlight plugins.

    Update MS14-056fixes 14 vulnerabilities in all supported versions of Internet Explorer 6-11 for all operating systems from Windows Server 2003 to the latest Windows 8.1 & RT. The two vulnerabilities CVE-2014-4123 and CVE-2014-4124 are of type Elevation of Privelege and can be used by attackers to bypass sandbox mode in IE7-11. Vulnerability CVE-2014-4140 allows attackers to bypass ASLR in the context of a running browser tab process. Other vulnerabilities are of the type memory-corruption and allow an attacker to remotely execute code through a specially crafted web page. Critical. Exploitation Detected .

    Update MS14-057fixes three vulnerabilities in all supported versions of the .NET Framework. The vulnerability CVE-2014-4073 is of type Elevation of Privelege and can be used by attackers to increase their privileges from Internet Explorer when working with ClickOnce content , i.e. attackers can bypass the sandboxing mode of the browser when the user activates the corresponding content on the web page. Vulnerability CVE-2014-4121 allows attackers to remotely execute code on a vulnerable system when viewing malicious .NET content (application) in a browser. The latest vulnerability CVE-2014-4122 allows attackers to bypass ASLR, which greatly facilitates the task of remote code execution in the browser. Critical. Exploitation Less Likely .

    Update MS14-058fixes two vulnerabilities in the Win32k.sys driver. See table above. Critical. Exploitation Detected .

    The MS14-059 update fixes one CVE-2014-4075 Security Feature Bypass vulnerability in all versions of the ASP.NET MVC framework. The vulnerability allows an attacker to conduct a successful XSS attack on a user by injecting a malicious script into a web page viewed by the user. Important Exploitation Unlikely.

    The MS14-060 update fixes the known vulnerability CVE-2014-4114 in Windows, see the table above. Important Exploitation Detected.

    Update MS14-061fixes vulnerability CVE-2014-4117 in Office. All supported versions of Word 2007-2013 are subject to correction. Attackers can remotely execute code through a specially crafted document. Such a document can be sent to the victim’s email in the attachment to the message. Important Exploitation More Likely.

    Update MS14-062 fixes one vulnerability CVE-2014-4971 of type Local Privelege Escalation in the Message Queuing service (MSMQ) on Windows Server 2003. An attacker can elevate his privileges to the system level by sending a special IOCTL request to the Mqac.sys driver, which contains the vulnerability (executable files Spuninst.exe, Mqac.sys, Mqqm.dll are subject to correction). Important Exploitation More Likely.

    The MS14-063 update fixes one CVE-2014-4115 vulnerability like Local Privelege Escalation in the FAT32 file system driver, Fastfat.sys. The vulnerability allows an attacker to overwrite part of the buffer in system memory. An attacker could exploit this vulnerability by connecting a USB device with a partition formatted for the FAT32 file system to the computer. Important Exploitation Less Likely.

    0 - Exploitation Detected
    Vulnerability exploited in-the-wild. That is, it has been established that attackers used the exploit for this vulnerability to successfully attack users. Highest hazard index.

    1 - Exploitation More Likely
    The probability of exploiting the vulnerability is very high, attackers can use the exploit, for example, to remotely execute code.

    2 - Exploitation Less Likely The
    likelihood of exploitation is medium, since attackers are unlikely to achieve a sustainable exploitation situation, as well as due to the technical features of the vulnerability and complexity of the exploit development.

    3 - Exploit code unlikely The
    probability of exploitation is minimal and attackers are unlikely to be able to develop successfully working code and use this vulnerability to conduct an attack.

    We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).

    be secure.

    Also popular now: