Beyondtrust

BeyondTrust Patch Tuesday

January 14, 2014

Microsoft Patch Tuesday

This month, Microsoft released four patches that repair a total of six vulnerabilities. Of these vulnerabilities, there were three remote code execution vulnerabilities, two elevation of privilege vulnerabilities, and a denial-of-service vulnerability.

Administrators are advised to patch MS14-002 immediately to prevent exploitation by attackers. Next, administrators should patch MS14-001 and MS14-003 as soon as possible. Lastly, administrators should patch MS14-004 at their earliest convenience.

  • Web Event: Vulnerability Expert Forum (VEF)
  • Presenters: BeyondTrust Research Team
  • Date/Time: Wednesday, January 15, 2014 1pm PT/ 4pm ET

BULLETIN / ADVISORY DETAILS

MS14-001

Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution


Microsoft Rating:

Important

CVE List:

CVE-2014-0258, CVE-2014-0259, and CVE-2014-0260

 

Analysis:

This bulletin addresses three privately reported remote code execution vulnerabilities in Microsoft Word and Office Web Apps. The patch fixes three memory corruption vulnerabilities that occur when parsing specially crafted Word documents. An attacker that successfully exploited one of these vulnerabilities would gain user level access to the target machine.

 

Recommendation:

Deploy patches as soon as possible. Until the patch can be installed, use MOICE to handle .doc files on the system, or use the Office File Block policy to prevent opening .doc and .dot files altogether.

 

MS14-002

Vulnerability in Windows Kernel Could Allow Elevation of Privilege


Microsoft Rating:

Important

CVE:

CVE-2013-5065

 

Analysis:

This bulletin addresses a publicly reported and exploited elevation of privilege vulnerability in NDProxy, a Windows driver. The patch fixes an array indexing vulnerability that occurs when processing certain IO Control codes. A local attacker that successfully exploited this vulnerability would gain kernel level access to the target machine.

 

Recommendation:

Install the patch immediately to prevent exploitation by attackers. Attacks have been observed in the wild and easy-to-use exploits for this vulnerability are publicly available. Until the patch can be installed, it is possible to reroute the NDProxy service to null.sys; note: this will break functionality required by services like VPN, remote access service, and more, so careful consideration should be used prior to implementing this workaround.

 

MS14-003

Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege


Microsoft Rating:

Important

CVE:

CVE-2014-0262

 

Analysis:

This bulletin addresses a privately reported elevation of privilege vulnerability in Windows kernel-mode drivers. The patch fixes how Windows uses window handle thread-owned objects. A local attacker that successfully exploited this vulnerability would gain kernel level access to the target machine.

 

Recommendation:

Deploy patches as soon as possible; no mitigation is available.

 

MS14-004

Vulnerability in Microsoft Dynamics AX Could Allow Denial of Service


Microsoft Rating:

Important

CVE:

CVE-2014-0261

 

Analysis:

This bulletin addresses a privately reported denial of service vulnerability in Microsoft Dynamics AX. The patch fixes how Dynamics AX handles user input. An attacker that successfully exploited this vulnerability would be able to cause the server to stop responding to client requests.

 

Recommendation:

Deploy patches as soon as possible; no mitigation is available.

 

Feedback

The BeyondTrust staff welcomes any comments, questions or suggestions from our readers. We hope that you will not hesitate to contact us with any feedback you may have. Send all feedback to communications@beyondtrust.com.

Disclaimer

The information within this advisory may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.

Notice

Permission is hereby granted for the redistribution of this newsletter electronically. It is not to be edited in any way without the express consent of BeyondTrust. If you wish to reprint the whole or any part of this newsletter in any other medium excluding electronic medium, please email communications@beyondtrust.com for permission.