Beyondtrust

BeyondTrust Patch Tuesday

March 11, 2014

Microsoft Patch Tuesday

This month, Microsoft released five patches that repair a total of 23 vulnerabilities. Of these vulnerabilities, there were 19 remote code execution vulnerabilities, one elevation of privilege vulnerability, one information disclosure vulnerability, and two security feature bypass vulnerabilities.

Administrators are advised to patch MS14-012 immediately to prevent exploitation by attackers. Next, administrators should patch MS14-013, MS14-014, and MS14-015 as soon as possible. Lastly, administrators should patch MS14-016 at their earliest convenience.

  • Web Event: Vulnerability Expert Forum (VEF)
  • Presenters: BeyondTrust Research Team
  • Date/Time: Wednesday, March 12, 2014 1pm PT/ 4pm ET

BULLETIN / ADVISORY DETAILS

MS14-012

Cumulative Security Update for Internet Explorer


Microsoft Rating:

Critical

CVE List:

CVE-2014-0297, CVE-2014-0298, CVE-2014-0299, CVE-2014-0302, CVE-2014-0303, CVE-2014-0304, CVE-2014-0305, CVE-2014-0306, CVE-2014-0307, CVE-2014-0308, CVE-2014-0309, CVE-2014-0311, CVE-2014-0312, CVE-2014-0313, CVE-2014-0314, CVE-2014-0321, CVE-2014-0322, and CVE-2014-0324

 

Analysis:

This bulletin addresses one publicly disclosed and 17 privately reported remote code execution vulnerabilities in Internet Explorer. The patch fixes many memory corruption vulnerabilities that occur when parsing HTML and executing JavaScript code. An attacker that successfully exploited any of these vulnerabilities would gain user level access to the target machine. Note: targeted attacks have been observed that leverage CVE-2014-0322 and CVE-2014-0324.

 

Recommendation:

Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, apply the MSHTML shim workaround to mitigate CVE-2014-0322, and block ActiveX controls and block/disable Active Scripting in both Internet and Local intranet zones.

 

MS14-013

Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution


Microsoft Rating:

Critical

CVE:

CVE-2014-0301

 

Analysis:

This bulletin addresses a privately reported remote code execution vulnerability in DirectShow. The patch fixes how JPEG images are parsed. An attacker that successfully exploited this vulnerability would gain user level access to the target machine.

 

Recommendation:

Deploy patches as soon as possible; no mitigation is available.

 

MS14-014

Vulnerability in Silverlight Could Allow Security Feature Bypass


Microsoft Rating:

Important

CVE:

CVE-2014-0319

 

Analysis:

This bulletin addresses a privately reported security feature bypass vulnerability in Silverlight. The patch fixes how ASLR and DEP are implemented in Silverlight. An attacker that successfully exploited this vulnerability, along with a second exploit providing remote code execution would gain user level access to the target machine.

 

Recommendation:

Deploy patches as soon as possible. Until the patch can be installed, block Silverlight from running in browsers that support it, such as Internet Explorer, Firefox, and Chrome.

 

MS14-015

Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege


Microsoft Rating:

Important

CVE List:

CVE-2014-0300 and CVE-2014-0323

 

Analysis:

This bulletin addresses one publicly reported information disclosure vulnerability and a privately reported elevation of privilege vulnerability in Windows kernel-mode drivers. The patch fixes how in-memory objects are handled. A locally authenticated attacker that successfully exploited the elevation of privilege vulnerability would gain kernel level access to the target machine.

 

Recommendation:

Deploy patches as soon as possible; no mitigation is available.

 

MS14-016

Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass


Microsoft Rating:

Important

CVE:

CVE-2014-0317

 

Analysis:

This bulletin addresses a privately reported security feature bypass vulnerability in the Security Account Manager Remote (SAMR) protocol. The patch fixes the way user account lockout states are validated. An attacker that successfully exploited this vulnerability would be able to brute force user accounts indefinitely without causing the target accounts to become locked out.

 

Recommendation:

Deploy patches as soon as possible; no mitigation is available.

 

Feedback

The BeyondTrust staff welcomes any comments, questions or suggestions from our readers. We hope that you will not hesitate to contact us with any feedback you may have. Send all feedback to communications@beyondtrust.com.

Disclaimer

The information within this advisory may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.

Notice

Permission is hereby granted for the redistribution of this newsletter electronically. It is not to be edited in any way without the express consent of BeyondTrust. If you wish to reprint the whole or any part of this newsletter in any other medium excluding electronic medium, please email communications@beyondtrust.com for permission.