April 8, 2014 at 22:27Microsoft released a set of updates, April 2014
The company has released a series of updates for its products that fix 11 unique vulnerabilities in Microsoft Windows, Internet Explorer, and Office products. All fixes close vulnerabilities like Remote Code Execution , two of them have the status Critical and two more Important. The MS14-017 update closes the well-known vulnerability CVE-2014-1761 in all supported versions of MS Word 2003-2013. We wrote earlier that attackers used an exploit for this vulnerability to attack MS Word 2010 users who use the insecure mscomctl.ocx library compiled without ASLR support. Word 2013 users are protected from such “Security Feature Bypass” vulnerabilities because Microsoft supports this product.forced inclusion of ASLR for all modules loaded into memory (enforce ASLR randomization natively).
This patch tuesday also contains the MS14-018 update for all versions of Internet Explorer 6-11 on all operating systems from Windows XP to Windows 8 / 8.1. Attackers can take advantage of a specially prepared web page for remote code execution in a browser (drive-by download). The update fixes six memory-corruption vulnerabilities in IE. To apply the fixes you need a reboot. This is the latest patch tuesday, in which the company releases updates for Windows XP and MS Office 2003.
Update MS14-017closes three vulnerabilities in all versions of Office: CVE-2014-1757, CVE-2014-1758, CVE-2014-1761. The first vulnerability is present in the Office File Format Converter component; attackers can prepare a special document through which code can be executed on a remote system. Using the second RCE stack-overflow vulnerability in Word 2003, attackers could also execute remote code on the system. The vulnerability is exploited in-the-wild .
The MS14-019 update fixes one Remote Code Execution vulnerability CVE-2014-0315 in the Windows File Handling component on all Windows XP - 8 / 8.1 operating systems. Vulnerability exists in the mechanism of processing batch .bat and .cmd files. Attackers can provoke remote code execution when opening a certain file of this type over the network by substituting cmd.exe for their copy of the file (CMD hijack) in the current directory (CWD). When CreateProcess executes such files, it can invoke the cmd interpreter from the CWD directory, that is, a spoofed file. Exploit code likely .
The MS14-020 update closes one arbitrary-pointer-dereference vulnerability CVE-2014-1759 in MS Publisher 2003 and 2007. Attackers can provoke remote code execution using a specially prepared file for Publisher. Exploit code likely .
1 - Exploit code likely
The probability of exploiting the vulnerability is very high, attackers can use the exploit, for example, to remotely execute code.
2 - Exploit code would be difficult to build The
likelihood of exploitation is medium, since attackers are unlikely to achieve a sustainable exploitation situation, as well as due to the technical features of the vulnerability and complexity of the exploit development.
3 - Exploit code unlikely The
probability of exploitation is minimal and attackers are unlikely to be able to develop successfully working code and use this vulnerability to conduct an attack.
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
be secure.
This patch tuesday also contains the MS14-018 update for all versions of Internet Explorer 6-11 on all operating systems from Windows XP to Windows 8 / 8.1. Attackers can take advantage of a specially prepared web page for remote code execution in a browser (drive-by download). The update fixes six memory-corruption vulnerabilities in IE. To apply the fixes you need a reboot. This is the latest patch tuesday, in which the company releases updates for Windows XP and MS Office 2003.
Update MS14-017closes three vulnerabilities in all versions of Office: CVE-2014-1757, CVE-2014-1758, CVE-2014-1761. The first vulnerability is present in the Office File Format Converter component; attackers can prepare a special document through which code can be executed on a remote system. Using the second RCE stack-overflow vulnerability in Word 2003, attackers could also execute remote code on the system. The vulnerability is exploited in-the-wild .
The MS14-019 update fixes one Remote Code Execution vulnerability CVE-2014-0315 in the Windows File Handling component on all Windows XP - 8 / 8.1 operating systems. Vulnerability exists in the mechanism of processing batch .bat and .cmd files. Attackers can provoke remote code execution when opening a certain file of this type over the network by substituting cmd.exe for their copy of the file (CMD hijack) in the current directory (CWD). When CreateProcess executes such files, it can invoke the cmd interpreter from the CWD directory, that is, a spoofed file. Exploit code likely .
The MS14-020 update closes one arbitrary-pointer-dereference vulnerability CVE-2014-1759 in MS Publisher 2003 and 2007. Attackers can provoke remote code execution using a specially prepared file for Publisher. Exploit code likely .
1 - Exploit code likely
The probability of exploiting the vulnerability is very high, attackers can use the exploit, for example, to remotely execute code.
2 - Exploit code would be difficult to build The
likelihood of exploitation is medium, since attackers are unlikely to achieve a sustainable exploitation situation, as well as due to the technical features of the vulnerability and complexity of the exploit development.
3 - Exploit code unlikely The
probability of exploitation is minimal and attackers are unlikely to be able to develop successfully working code and use this vulnerability to conduct an attack.
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
be secure.