December 2014 Patch Tuesday

This month marks the final Patch Tuesday of 2014. Most of what is being patched this month includes Internet Explorer, Exchange, Office, etc… and continues a trend of the greatest hits collection of commonly attacked Microsoft software. Probably the one thing that broke the mold this month is that for once there is not some sort of kernel privilege escalation vulnerability, as we commonly see. The Internet Explorer vulnerabilities are of course the ones to patch first followed by the Office related vulnerabilities. Looking forward to 2015 and seeing what vulnerabilities await for us and how things shape up with Windows 8 having some distance on it now and Windows 10 looming around the corner. MS14-075 – This bulletin was originally supposed to be released along with other security bulletins back in November. It is finally seeing the light of day now as a fix for Microsoft Exchange server that can allow attackers to send email that appears from other users. This is in particular a problem for OWA and a good reminder to be careful where you hang OWA servers off the Internet. Secondarily this bulletin fixes some XSS flaws. MS14-080 – Internet Explorer makes its monthly Patch Tuesday rounds with this month seeing over 14 privately reported vulnerabilities resolved. Indeed this is another big patch that covers most all supported versions of Internet Explorer with bugs severe enough for Remote Code Execution. And what would an Internet Explorer bulletin be without also including an ASLR bypass. MS14-081 – Microsoft Word and Office Web Apps also get some fix ups this Patch Tuesday. These vulnerabilities can lead to Remote Code Execution in the context of the currently logged on user. So as always we hope you have implemented least privilege in your environment and users are not running with Administrator level privileges; local or otherwise. This affects even the latest major version releases of Office which is not always typical. MS14-082 – Another Microsoft Office Word related vulnerability that also leads to remote code execution. And this also affects even the latest major version release of Office. See above. MS14-083 – And here we have yet another Microsoft Office vulnerability this time in Excel. And indeed this also affects even the latest major release version. Also results in remote code execution in the context of the currently logged on user and so running with least privilege will be helpful here also. MS14-084 – This bulletin contains a fix for a VBScript Engine remote code execution flaw. This vulnerability can be useful in web-based drive-by attack scenarios. Given this is a client-application vulnerability it also results in code execution in the context of the currently logged on user – which none of your users are hopefully. MS14-085 – Probably one of the more interesting bulletins from a technical perspective this resolves a weakness within Windows JPEG processing that can result in information disclosure. This bug itself does not result in code execution but rather is helpful for an attacker that is trying to bypass ASLR protection schemes as part of a larger overall exploit. The following vulnerability audits have been released in audits revision 2857: [MS14-075] - Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3009712) 43868 - Microsoft Exchange Server Privilege Escalation (3009712) - KB2996150 - 2007 43871 - Microsoft Exchange Server Privilege Escalation (3009712) - KB2986475 - 2010 43873 - Microsoft Exchange Server Privilege Escalation (3009712) - KB3011140 - 2013 SP1 43915 - Microsoft Exchange Server Privilege Escalation (3009712) - KB3011140 - 2013 CU6 [MS14-080] - Cumulative Security Update for Internet Explorer (3008923) 43859 - Microsoft Cumulative Security Update for Internet Explorer (3008923) [MS14-081] - Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow Remote Code Execution (3017301) 43866 - Microsoft Word and Office Web Apps Remote Code (3017301) - KB2920793 43867 - Microsoft Word and Office Web Apps Remote Code (3017301) - KB2899519 43869 - Microsoft Word and Office Web Apps Remote Code (3017301) - KB2910916 43870 - Microsoft Word and Office Web Apps Remote Code (3017301) - KB3018888 43872 - Microsoft Word and Office Web Apps Remote Code (3017301) - KB2899581 43874 - Microsoft Word and Office Web Apps Remote Code (3017301) - KB2899518 43875 - Microsoft Word and Office Web Apps Remote Code (3017301) - KB2889851 43878 - Microsoft Word and Office Web Apps Remote Code (3017301) - KB2883050 43879 - Microsoft Word and Office Web Apps Remote Code (3017301) - KB2910892 43880 - Microsoft Word and Office Web Apps Remote Code (3017301) - KB2920729 43881 - Microsoft Word and Office Web Apps Remote Code (3017301) - KB2920792 43890 - Microsoft Word and Office Web Apps Remote Code (3017301) - KB2920729 x64 43893 - Microsoft Word and Office Web Apps Remote Code (3017301) - KB2920792 x64 [MS14-082] - Vulnerability in Microsoft Office Could Allow Remote Code Execution (3017349) 43896 - Microsoft Office Remote Code Execution (3017349) - 2007 43897 - Microsoft Office Remote Code Execution (3017349) - 2007 x64 43898 - Microsoft Office Remote Code Execution (3017349) - 2010 43899 - Microsoft Office Remote Code Execution (3017349) - 2010 x64 43900 - Microsoft Office Remote Code Execution (3017349) - 2013 43901 - Microsoft Office Remote Code Execution (3017349) - 2013 x64 [MS14-083] - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (3017347) 43860 - Microsoft Excel Remote Code Execution (3017347) - KB2984942 - Excel 2007 43861 - Microsoft Excel Remote Code Execution (3017347) - KB2910902 - Excel 2010 43862 - Microsoft Excel Remote Code Execution (3017347) - KB2910929 - Excel 2013 43864 - Microsoft Excel Remote Code Execution (3017347) - KB2920790 - Compatibility 43865 - Microsoft Excel Remote Code Execution (3017347) - KB2920790 - Compatibility x64 [MS14-084] - Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3016711) 43876 - Microsoft VBScript Scripting Engine Remote Code Execution - KB3012168 43877 - Microsoft VBScript Scripting Engine Remote Code Execution - KB3012172 - 2003 43887 - Microsoft VBScript Scripting Engine Remote Code Execution - KB3012172 - Vis/2008 43888 - Microsoft VBScript Scripting Engine Remote Code Execution - KB3012176 - 2003 43889 - Microsoft VBScript Scripting Engine Remote Code Execution - KB3012176 - Other 43891 - Microsoft VBScript Scripting Engine Remote Code Execution - KB3012172 - CORE 43892 - Microsoft VBScript Scripting Engine Remote Code Execution - KB3012176 - CORE [MS14-085] - Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3013126) 43882 - Microsoft Graphics Component Information Disclosure (3013126)