Cybersecurity Insurance Checklist - Meet Insurance Requirements with BeyondTrust PAM Download for Free

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

December 2014 Patch Tuesday

December 9, 2014

  • Blog
  • Archive
This month marks the final Patch Tuesday of 2014. Most of what is being patched this month includes Internet Explorer, Exchange, Office, etc… and continues a trend of the greatest hits collection of commonly attacked Microsoft software. Probably the one thing that broke the mold this month is that for once there is not some sort of kernel privilege escalation vulnerability, as we commonly see. The Internet Explorer vulnerabilities are of course the ones to patch first followed by the Office related vulnerabilities. Looking forward to 2015 and seeing what vulnerabilities await for us and how things shape up with Windows 8 having some distance on it now and Windows 10 looming around the corner. MS14-075 – This bulletin was originally supposed to be released along with other security bulletins back in November. It is finally seeing the light of day now as a fix for Microsoft Exchange server that can allow attackers to send email that appears from other users. This is in particular a problem for OWA and a good reminder to be careful where you hang OWA servers off the Internet. Secondarily this bulletin fixes some XSS flaws. MS14-080 – Internet Explorer makes its monthly Patch Tuesday rounds with this month seeing over 14 privately reported vulnerabilities resolved. Indeed this is another big patch that covers most all supported versions of Internet Explorer with bugs severe enough for Remote Code Execution. And what would an Internet Explorer bulletin be without also including an ASLR bypass. MS14-081 – Microsoft Word and Office Web Apps also get some fix ups this Patch Tuesday. These vulnerabilities can lead to Remote Code Execution in the context of the currently logged on user. So as always we hope you have implemented least privilege in your environment and users are not running with Administrator level privileges; local or otherwise. This affects even the latest major version releases of Office which is not always typical. MS14-082 – Another Microsoft Office Word related vulnerability that also leads to remote code execution. And this also affects even the latest major version release of Office. See above. MS14-083 – And here we have yet another Microsoft Office vulnerability this time in Excel. And indeed this also affects even the latest major release version. Also results in remote code execution in the context of the currently logged on user and so running with least privilege will be helpful here also. MS14-084 – This bulletin contains a fix for a VBScript Engine remote code execution flaw. This vulnerability can be useful in web-based drive-by attack scenarios. Given this is a client-application vulnerability it also results in code execution in the context of the currently logged on user – which none of your users are hopefully. MS14-085 – Probably one of the more interesting bulletins from a technical perspective this resolves a weakness within Windows JPEG processing that can result in information disclosure. This bug itself does not result in code execution but rather is helpful for an attacker that is trying to bypass ASLR protection schemes as part of a larger overall exploit. The following vulnerability audits have been released in audits revision 2857: [MS14-075] - Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege (3009712) 43868 - Microsoft Exchange Server Privilege Escalation (3009712) - KB2996150 - 2007 43871 - Microsoft Exchange Server Privilege Escalation (3009712) - KB2986475 - 2010 43873 - Microsoft Exchange Server Privilege Escalation (3009712) - KB3011140 - 2013 SP1 43915 - Microsoft Exchange Server Privilege Escalation (3009712) - KB3011140 - 2013 CU6 [MS14-080] - Cumulative Security Update for Internet Explorer (3008923) 43859 - Microsoft Cumulative Security Update for Internet Explorer (3008923) [MS14-081] - Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow Remote Code Execution (3017301) 43866 - Microsoft Word and Office Web Apps Remote Code (3017301) - KB2920793 43867 - Microsoft Word and Office Web Apps Remote Code (3017301) - KB2899519 43869 - Microsoft Word and Office Web Apps Remote Code (3017301) - KB2910916 43870 - Microsoft Word and Office Web Apps Remote Code (3017301) - KB3018888 43872 - Microsoft Word and Office Web Apps Remote Code (3017301) - KB2899581 43874 - Microsoft Word and Office Web Apps Remote Code (3017301) - KB2899518 43875 - Microsoft Word and Office Web Apps Remote Code (3017301) - KB2889851 43878 - Microsoft Word and Office Web Apps Remote Code (3017301) - KB2883050 43879 - Microsoft Word and Office Web Apps Remote Code (3017301) - KB2910892 43880 - Microsoft Word and Office Web Apps Remote Code (3017301) - KB2920729 43881 - Microsoft Word and Office Web Apps Remote Code (3017301) - KB2920792 43890 - Microsoft Word and Office Web Apps Remote Code (3017301) - KB2920729 x64 43893 - Microsoft Word and Office Web Apps Remote Code (3017301) - KB2920792 x64 [MS14-082] - Vulnerability in Microsoft Office Could Allow Remote Code Execution (3017349) 43896 - Microsoft Office Remote Code Execution (3017349) - 2007 43897 - Microsoft Office Remote Code Execution (3017349) - 2007 x64 43898 - Microsoft Office Remote Code Execution (3017349) - 2010 43899 - Microsoft Office Remote Code Execution (3017349) - 2010 x64 43900 - Microsoft Office Remote Code Execution (3017349) - 2013 43901 - Microsoft Office Remote Code Execution (3017349) - 2013 x64 [MS14-083] - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (3017347) 43860 - Microsoft Excel Remote Code Execution (3017347) - KB2984942 - Excel 2007 43861 - Microsoft Excel Remote Code Execution (3017347) - KB2910902 - Excel 2010 43862 - Microsoft Excel Remote Code Execution (3017347) - KB2910929 - Excel 2013 43864 - Microsoft Excel Remote Code Execution (3017347) - KB2920790 - Compatibility 43865 - Microsoft Excel Remote Code Execution (3017347) - KB2920790 - Compatibility x64 [MS14-084] - Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (3016711) 43876 - Microsoft VBScript Scripting Engine Remote Code Execution - KB3012168 43877 - Microsoft VBScript Scripting Engine Remote Code Execution - KB3012172 - 2003 43887 - Microsoft VBScript Scripting Engine Remote Code Execution - KB3012172 - Vis/2008 43888 - Microsoft VBScript Scripting Engine Remote Code Execution - KB3012176 - 2003 43889 - Microsoft VBScript Scripting Engine Remote Code Execution - KB3012176 - Other 43891 - Microsoft VBScript Scripting Engine Remote Code Execution - KB3012172 - CORE 43892 - Microsoft VBScript Scripting Engine Remote Code Execution - KB3012176 - CORE [MS14-085] - Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure (3013126) 43882 - Microsoft Graphics Component Information Disclosure (3013126)
Photograph of Scott Lang

Scott Lang, Sr. Director, Product Marketing at BeyondTrust

Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Microsoft Vulnerabilities Report 2021

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.