Beyondtrust

BeyondTrust Patch Tuesday

April 08, 2014

Microsoft Patch Tuesday

This month, Microsoft released four patches that repair a total of 11 vulnerabilities. All of the vulnerabilities this month are remote code execution vulnerabilities.

Administrators are advised to patch MS14-017 and MS14-018 immediately to prevent exploitation by attackers. Next, administrators should patch MS14-019 as soon as possible. Lastly, administrators should patch MS14-020 at their earliest convenience.

  • Web Event: Vulnerability Expert Forum (VEF)
  • Presenters: BeyondTrust Research Team
  • Date/Time: Wednesday, April 9, 2014 1pm PT/ 4pm ET

BULLETIN / ADVISORY DETAILS

MS14-017

Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution


Microsoft Rating:

Critical

CVE List:

CVE-2014-1757, CVE-2014-1758, and CVE-2014-1761

 

Analysis:

This bulletin addresses three remote code execution vulnerabilities in Microsoft Word and Office Web Apps, one was publicly disclosed and two were privately disclosed. The patch fixes various memory corruptions that occur when parsing Office files. An attacker that successfully exploited one of these vulnerabilities would gain user level access to the target machine. Targeted attacks have been observed exploiting CVE-2014-1761.

 

Recommendation:

Install the patch immediately to prevent exploitation by attackers. Until the patch can be deployed, install the Microsoft Fix it solution for CVE-2014-1761. Additionally, configure MOICE to be the handler for .doc files and use Microsoft Office File Block policy to prevent the opening of .rtf and .doc Office formats.

 

MS14-018

Cumulative Security Update for Internet Explorer


Microsoft Rating:

Critical

CVE List:

CVE-2014-0235, CVE-2014-1751, CVE-2014-1752, CVE-2014-1753, CVE-2014-1755, and CVE-2014-1760

 

Analysis:

This bulletin addresses six privately reported remote code execution vulnerabilities in Internet Explorer. The patch fixes how specially crafted web pages are parsed. An attacker that successfully exploited one of these vulnerabilities would gain user-level access to the target machine.

 

Recommendation:

Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, block ActiveX controls and block/disable Active Scripting in both Internet and Local intranet zones.

 

MS14-019

Vulnerability in Windows File Handling Component Could Allow Remote Code Execution


Microsoft Rating:

Important

CVE:

CVE-2014-0315

 

Analysis:

This bulletin addresses a publicly reported remote code execution vulnerability in the Windows file handling component. The patch restricts the path used for processing .BAT and .CMD files. An attacker that successfully exploited this vulnerability would gain user level access to the target machine.

 

Recommendation:

Deploy patches at the earliest convenience; no mitigation is available.

 

MS14-020

Vulnerability in Microsoft Publisher Could Allow Remote Code Execution


Microsoft Rating:

Important

CVE:

CVE-2014-1759

 

Analysis:

This bulletin addresses a privately reported remote code execution vulnerability in Microsoft Publisher. The patch fixes a pointer de-reference vulnerability that occurs when parsing Publisher files. An attacker that successfully exploited this vulnerability would gain user level access to the target machine.

 

Recommendation:

Deploy patches as soon as possible; no mitigation is available, other than not opening untrustworthy Publisher files.

 

Feedback

The BeyondTrust staff welcomes any comments, questions or suggestions from our readers. We hope that you will not hesitate to contact us with any feedback you may have. Send all feedback to communications@beyondtrust.com.

Disclaimer

The information within this advisory may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.

Notice

Permission is hereby granted for the redistribution of this newsletter electronically. It is not to be edited in any way without the express consent of BeyondTrust. If you wish to reprint the whole or any part of this newsletter in any other medium excluding electronic medium, please email communications@beyondtrust.com for permission.