Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

May 2014 Patch Tuesday

May 13, 2014

  • Blog
  • Archive

May's Patch Tuesday contains eight bulletins addressing 13 issues, fixing Internet Explorer, SharePoint Server, Office, Group Policy Preferences, Windows, the .NET Framework, and iSCSI.

MS14-022 fixes three vulnerabilities in Microsoft SharePoint Server, the worst of which could be used to execute arbitrary code on a targeted SharePoint server. The attacker would need to be authenticated and have the ability to send maliciously crafted page content to the server. These vulnerabilities have not been publicly disclosed, nor have they been used in the wild. No non-patch mitigations exist, so it is strongly advised to deploy this patch as soon as possible.

MS14-023 addresses two vulnerabilities in Microsoft Office. One of the vulnerabilities, CVE-2014-1756, is a classic DLL preloading vulnerability, which means that an attacker can plant a malicious DLL into the same directory as a legitimate document. When the user opens the document, the malicious DLL will be executed, causing arbitrary code to be executed in the context of Office. This can be mitigated by blocking ports 139 and 445 at the perimeter firewall, preventing the WebClient service from running, and preventing DLLs from being loaded from WebDAV and remote shares. The other vulnerability addressed in this bulletin, can allow an attacker to impersonate a user authenticated against a Microsoft online service. Deploy this patch immediately to protect against attacks targeting these vulnerabilities; the DLL preloading vulnerability is very easy to exploit with publicly available, reliable, easy-to-use tools.

MS14-024 fixes an ASLR (address space layout randomization) bypass in MSCOMCTL, a shared common controls library used by Microsoft Office. While the vulnerability has not been publicly disclosed, it has been observed in targeted attacks in the wild. The vulnerability itself is not enough to gain remote code execution on a system, but when coupled with another remote code execution vulnerability, this ASLR bypass makes it far easier to achieve reliable code execution on affected systems. Administrators are advised to patch this vulnerability immediately to protect against active attacks.

MS14-025 fixes a publicly disclosed vulnerability in Group Policy Preferences. This vulnerability has been exploited in the wild. The vulnerability itself exists in the way that Active Directory distributes passwords, when configured using Group Policy preferences. Using this vulnerability, an attacker would be able to decrypt the passwords that are distributed and use them to authenticate against systems on the network, thereby elevating their privileges on the domain. Deploy this patch immediately to protect against active attacks.

MS14-026 addresses a vulnerability in the .NET Framework, which occurs when handling TypeFilterLevel checks on specially crafted objects. Attackers could exploit this in order to elevate their privileges and escape from any existing .NET trust restrictions. While no direct mitigation exists for this vulnerability, administrators can lessen the ease of exploitation by restricting access to the affected application to only authenticated users, by enabling security when registering a channel. Administrators are advised, however, to deploy this patch when possible.

MS14-027 fixes a privilege elevation vulnerability in Windows, which could allow attackers to elevate their privileges to the Local System account. The vulnerability lies within the way the ShellExecute Windows API handles file associations. While the vulnerability has not been publicly disclosed, it has been observed in targeted attacks in the wild. No non-patch mitigations exist. Administrators are encouraged to deploy this patch as soon as possible.

MS14-028 addresses two denial-of-service vulnerabilities that occur when handling iSCSI packets and connections. The vulnerabilities only exist when the server has the iSCSI target role enabled. Attackers that successfully exploit either of these vulnerabilities would be able to stop an affected server from responding by sending a large number of specially crafted packets to the affected server. Block TCP port 3260 at the perimeter firewall and allow list access to servers with the iSCSI role enabled to only specifically permitted clients. Deploy this patch when possible.

MS14-029 addresses two vulnerabilities that could be used to remotely execute code on a user's system. These vulnerabilities both affect Internet Explorer 6 through 11. While neither of these vulnerabilities were publicly disclosed, reports of targeted attacks have surfaced regarding CVE-2014-1815. Both of these vulnerabilities can be mitigated by blocking ActiveX controls and blocking or disabling Active Scripting in both Internet and Local intranet zones. Deploy this patch immediately to protect against active attacks.

Be sure to patch Office (MS14-023), MSCOMCTL (MS14-024), Group Policy Preferences (MS14-025), and Internet Explorer (MS14-029), followed by SharePoint Server (MS14-022) and Windows (MS14-027), followed lastly by the .NET Framework (MS14-026) and iSCSI (MS14-028). Also, be sure to join us for the Vulnerability Expert Forum tomorrow, Wednesday, May 14 at 1pm PT, where we cover these patches, as well as other security news.

>> Hello VEF Attendees! Participate in our monthly giveaway here. Answer the question in the comments to win a Nexus 7!

Internet Explorer has been getting attacked a lot in recent weeks, being the entry point in targeted attacks. It caused Microsoft to issue an out-of-band patch for IE, even for XP, which they said would receive no more patches. Has this caused your organization to reconsider moving to another default browser for security reasons?

Most insightful and/or awesome answer wins!

>> VEF News Articles

After Heartbleed, Tech Giants Fund Open Source Security

Canada Revenue Agency Hit by Heartbleed

Obama: NSA Must Reveal Bugs Like Heartbleed, Unless They Help the NSA

Coupling Functions Enable Secure Communications

How We Got Read Access on Google's Production Servers

Thank you to all who attended this month’s VEF! We appreciate all the questions and comments. If there was a question you asked that we did not answer on the VEF, or did not mention in this blog post, please contact us directly research@BeyondTrust.com.

Photograph of Scott Lang

Scott Lang, Sr. Director, Product Marketing at BeyondTrust

Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

A Zero Trust Approach to Windows & Mac Endpoint Security

Whitepapers

Mapping BeyondTrust Solutions to the Qatar National Information Assurance Policy v2.0

Whitepapers

KuppingerCole Executive Review - BeyondTrust Endpoint Privilege Management

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.