Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

November 2014 Patch Tuesday

November 11, 2014

  • Blog
  • Archive
patch_tuesdayThis month brings a massive number of bulletins and vulnerabilities covering a wide array of Microsoft products. As with most months some of the more critical vulnerabilities to patch immediately are within Internet Explorer and kernel privilege escalation vulnerabilities. There are also a lot of other unique vulnerabilities that will vary on criticality depending on your environment so please read below to determine what to patch first, and as always, if you have any questions do not hesitate to contact our research group directly. MS14-064 – OLE suffers from a couple of vulnerabilities this month. This can allow for code execution in the context of the currently logged on user via Internet Explorer or Microsoft Office. You can help mitigate this vulnerability by making sure users are not running as Administrator. MS14-065 – Patches 17 different vulnerabilities within Internet Explorer. This continues the monthly trend of a massive number of critical IE vulnerabilities being fixed. Also this month beyond your standard code execution vulnerabilities is the ability to bypass ASLR which as we have covered in previous months is a helpful security bypass feature, for attackers of course. Same story here on removing Administrator privileges being a helpful mitigation so that attackers are left executing with lower privileges in some scenarios. MS14-066 – Is a vulnerability within Schannel that can allow for remote code execution against Windows servers. This bulletin does not include many details so we will probably take a closer look to see what is under the hood on this one. MS14-067 – Affects XML Core Services 3.0 which again allows for code execution in the context of the currently logged on user. Wait for it … Have you removed Admin privileges from standard accounts in your environment? Surely your sales department is still not local admin and therefore making an attacker’s job even easier? MS14-068 – Microsoft seems to have pushed back the release date on this bulletin as currently they simply say; Release date to be determined. MS14-069 – Covers 3 different Microsoft Office vulnerabilities that allow for remote code execution against systems. This vulnerability affects older components and Office 2007 and is a great reminder of making sure you are running the latest major version release of software from Microsoft. And this vulnerability also allows for execution of code as the currently logged on user rights. You know what that means… MS14-070 – This fixes a publicly disclosed vulnerability in TCP/IP which allows for an attacker to run code in the context of another process. This can be used therefore to elevate privileges on systems where an attacker already has access to go from standard user account to having full access to a system. MS14-071 – Even Windows Audio has a vulnerability this month and it is an interesting one. An attacker cannot directly use this vulnerability so much as it is great when combined with another vulnerability that would normally result in execution as a low integrity process. Such as the case in a lot of Internet Explorer vulnerabilities one could combine this to then elevate their privileges to execute in Medium Integrity within Internet Explorer to therefore have further access to a system. MS14-072 - .NET Remoting can lead to an elevation of privilege. This is a vulnerability that is going to affect some types of custom .NET applications that specifically leverage .NET Remoting. Microsoft suggests moving to more modern communications technologies such as WCF and we could not agree more. MS14-073 – Another Patch Tuesday another SharePoint vulnerability. This is similar to previous vulnerabilities that we have seen that result in elevation of privilege against SharePoint. Essentially allowing an attacker to execute browser script code in the same context of the currently logged on SharePoint user. MS14-074 – Represents a unique vulnerability within RDP that can allow an attacker to bypass audit logging events. What this means is that an attacker could brute force passwords against RDP without actually triggering any failed login authentication audits. This isn’t the most critical of vulnerabilities this month but as we have seen a lot of RDP brute force attacks in the past it is one to make sure to patch. MS14-075 – Microsoft seems to have pushed back the release date on this bulletin as currently they simply say; Release date to be determined. MS14-076 – Fixes a vulnerability within Microsoft IIS that can be used to bypass the IP and Domain restrictions feature of IIS. This specifically means if you had setup an IIS website to block specific IP’s or Domains that an attacker could bypass that restriction and connect to your IIS website anyways. Hopefully you are not only counting on this feature alone though to control network level access to your IIS websites… MS14-77 – Active Directory Federation Services suffers from an information disclosure vulnerability in which if a user fails to properly log off it a session an attacker can later reopen the application to get user details. This is not a critical attack but is interesting that such a basic type of vulnerability was left around in ADFS. MS14-078 – IME for Japanese is vulnerable to a privilege escalation vulnerability. Any sandboxed application can be broken out of and this vulnerability is made worse by environments where applications and users are given local administrator access. This vulnerability is nuanced but there have been reporters of limited attacks in the wild according to Microsoft. MS14-079 – What would a Patch Tuesday month be without ending things off with yet another Kernel-Mode Driver – TrueType font vulnerability? Luckily this month the vulnerability is a denial of service that results in a system stopping responding or restarting vs. code execution. That being said however an attacker can deliver the attack via network shares, websites, or emails and while some user interaction is required it is still a straight forward path to DoS in some scenarios but shouldn’t matter in the real world as you are not surfing the web and reading email on your servers’ right? The following vulnerability audits have been released in audits revision 2849: [MS14-064] - Vulnerabilities in Windows OLE Could Allow Remote Code Execution (3011443) 43610 - Microsoft Windows OLE Remote Code Execution (3011443) - KB3006226 43612 - Microsoft Windows OLE Remote Code Execution (3011443) - KB3010788 [MS14-065] - Cumulative Security Update for Internet Explorer (3003057) 43620 - Microsoft Cumulative Security Update for Internet Explorer (3003057) [MS14-066] - Vulnerability in Schannel Could Allow Remote Code Execution (2992611) 43608 - Microsoft Schannel Remote Code Execution Vulnerability (2992611) [MS14-067] - Vulnerability in XML Core Services Could Allow Remote Code Execution (2993958) 43616 - Microsoft XML Core Services Remote Code Execution (2993958) - 2003 43617 - Microsoft XML Core Services Remote Code Execution (2993958) - Vista/2008 43618 - Microsoft XML Core Services Remote Code Execution (2993958) - 7/2008R2/8/2012 43619 - Microsoft XML Core Services Remote Code Execution (2993958) - 8.1/2012R2 [MS14-069] - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3009710) 43622 - Microsoft Office Remote Code Execution (3009710) - Office 2007 43624 - Microsoft Office Remote Code Execution (3009710) - Compatibility Pack 43639 - Microsoft Office Remote Code Execution (3009710) - Word Viewer 43641 - Microsoft Office Remote Code Execution (3009710) - Word Viewer x64 43642 - Microsoft Office Remote Code Execution (3009710) - Compatibility Pack x64 [MS14-070] - Vulnerability in TCP/IP Could Allow Elevation of Privilege (2989935) 43613 - Microsoft TCP/IP Elevation of Privilege Vulnerability (2989935) [MS14-071] - Vulnerability in Windows Audio Service Could Allow Elevation of Privilege (3005607) 43614 - Microsoft Audio Service Privilege Escalation (3005607) [MS14-072] - Vulnerability in .NET Framework Could Allow Elevation of Privilege (3005210) 43625 - Microsoft .NET Framework Elevation of Privilege (3005210) - KB2978114 43626 - Microsoft .NET Framework Elevation of Privilege (3005210) - KB2978124 43627 - Microsoft .NET Framework Elevation of Privilege (3005210) - KB2978125 43628 - Microsoft .NET Framework Elevation of Privilege (3005210) - KB2978116 43629 - Microsoft .NET Framework Elevation of Privilege (3005210) - KB2978128 43630 - Microsoft .NET Framework Elevation of Privilege (3005210) - KB2978120 43631 - Microsoft .NET Framework Elevation of Privilege (3005210) - KB2978121 43632 - Microsoft .NET Framework Elevation of Privilege (3005210) - KB2978127 43633 - Microsoft .NET Framework Elevation of Privilege (3005210) - KB2978122 43634 - Microsoft .NET Framework Elevation of Privilege (3005210) - KB2978126 [MS14-073] - Vulnerability in Microsoft SharePoint Foundation Could Allow Elevation of Privilege (3000431) 43638 - Microsoft SharePoint Foundation Elevation of Privilege (3000431) [MS14-074] - Vulnerability in Remote Desktop Protocol Could Allow Security Feature Bypass (3003743) 43611 - Microsoft Remote Desktop Protocol Security Feature Bypass (3003743) [MS14-076] - Vulnerability in Internet Information Services (IIS) Could Allow Security Feature Bypass (2982998) 43607 - Microsoft Internet Information Services (IIS) Security Feature Bypass (2982998) [MS14-077] - Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (3003381) 43615 - Microsoft ADFS Information Disclosure (3003381) - 2012/2012R2 43643 - Microsoft ADFS Information Disclosure (3003381) - 2008/2008R2 [MS14-078] - Vulnerability in IME (Japanese) Could Allow Elevation of Privilege (2992719) 43621 - Microsoft IME (Japanese) Elevation of Privilege (2992719) - Vista/2K8/7/2K8R2 43623 - Microsoft IME (Japanese) Elevation of Privilege (2992719) - 2003 43640 - Microsoft IME (Japanese) Elevation of Privilege (2992719) - Office 2007 [MS14-079] - Vulnerability in Kernel Mode Driver Could Allow Denial of Service (3002885) 43609 - Microsoft Kernel-Mode Driver Denial of Service (3002885)
Photograph of Scott Lang

Scott Lang, Sr. Director, Product Marketing at BeyondTrust

Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts

Rising CISOs: Ransomware, Cyber Extortion, Cloud Compromise, oh my!

Whitepapers

A Zero Trust Approach to Windows & Mac Endpoint Security

Whitepapers

Mapping BeyondTrust Solutions to the Qatar National Information Assurance Policy v2.0

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.