NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

October 2014 Patch Tuesday

October 14, 2014

  • Blog
  • Archive
patch_tuesdayThis October Microsoft has released eight security bulletins that cover a variety of Windows technologies from client-application attacks that would be useful in drive-by web attacks to privilege escalation vulnerabilities useful as second stage payloads to elevate from a standard user to having increased Administrator privileges. We recommend patching MS14-056 (Internet Explorer) first and then prioritizing between Office and .NET based on your environmental usage while rounding things out with some of the privilege escalation vulnerabilities and lastly MS14-062 (MSMQ) depending if it is installed. MS14-056 – It seems massive Internet Explorer patches are the new norm on Patch Tuesday. This Patch Tuesday is no different with over 14 different vulnerabilities covering every version of Internet Explorer. This is another Patch Tuesday that easily fuels future drive-by web attacks for the months ahead. Beyond just code execution there also exists the ability to bypass ASLR (Address Space Layout Randomization) which is a helpful OS security migration for exploitation. This ASLR bypass can be used in conjunction with other vulnerabilities for more successful exploitation where it had might not been possible in the past. It should be noted that Microsoft’s EMET technology will help mitigate some of these attacks and even more importantly these client application vulnerabilities are a great reminder of the need for Least Privilege in making sure users are not running as Administrator. MS14-057 – What would be a Patch Tuesday these days without more .NET vulnerabilities? This time around there is both code execution and ASLR bypass vulnerabilities as we have seen in previous months. It is interesting to note that the code execution vulnerability affects a function (iriParsing) which is disabled by default in .NET 4.0 and later enabled by default (and cannot be disabled) in .NET 4.5. On a more interesting note is a privilege escalation vulnerability within Microsoft’s ClickOnce technology. This technology helps with easier deployment of applications through a web browser but restricting code to run in Protected Mode. This vulnerability will allow an attacker however to break out of that Protected Mode and therefore elevate privileges. Here to though it is worth researching Microsoft’s EMET technology as it looks to be helpful in mitigating some of these attacks. MS14-058 – TrueType Font functionality is the Patch Tuesday gift that keeps on giving. This bulletin fixes two privately reported vulnerabilities one which can be used in client-side code execution and a second which can be used locally for privilege escalation. These types of vulnerabilities are always useful as secondary payloads to gain elevate privileges after an initial client application exploitation. MS14-059 – Multiple versions of ASP.NET MVC are vulnerable to a cross-site scripting vulnerability. This is your standard XSS style attack in which an attacker can leverage the vulnerability to inject code into a victim’s web browser. Given the popularity of ASP.NET MVC this makes this particular XSS more interesting than normal. MS14-060 – We can’t help but remember the old days of Windows 3.1 anytime we see Windows OLE mentioned but in this case Microsoft is fixing a modern vulnerability in Windows OLE which can be leveraged for code execution. Specifically an attacker can embed a specifically crafted OLE object within a document that when opened by various Microsoft Office applications can lead to code execution. One of the good mitigations to put in place here is disabling the WebClient service. This is something we have mentioned on numerous previous blog posts and is a great area of attack surface to reduce in your environment via GPO. This vulnerability also represents another great example of client-application exploitation in the context of the current logged on user; so if you are not already implementing Least Privilege to make sure employees are not Admin by default you should get on it. MS14-061 – This vulnerability can be used for code execution against Microsoft Office, in particular Microsoft Word and also Microsoft Office Web Apps Server and other combinations relating to SharePoint. We have seen many previous Patch Tuesdays covering similar vulnerabilities and it seems there is no lack of vulnerabilities to be found here. This also is another vulnerability which allows execution for code with the same rights as the logged on user so again – remove those administrator credentials! MS14-062 – Microsoft’s Message Queuing Service is back in the bulletins after making a few appearances recently. This time the vulnerability is a local privilege escalation vulnerability that can allow a standard user to gain elevated rights through a malicious IOCTL request. This is a great vulnerability to pair with a client-application vulnerability in order to go from a standard user to elevated access. The good news here is this service is not enabled by default but given its frequently used in some distributed web apps and cloud services you will want to review your environment for exposure. MS14-063 – This is probably one of our favorite vulnerabilities this Patch Tuesday. The vulnerability is within Windows handling of FAT32 disk partitions. While this attack can only be exploited with physical access to a machine it can be done so simply by an attacker plugging a USB drive into a system regardless if that system is currently unlocked etc… This can be used in the same vein of what we saw previously in attacks such as Stuxnet that are looking to cross air gapped and related networks. In this particular case however only Windows Server 2003, 2008 and Windows Workstation Vista are affected. The following audits are available as of release 2825 to assist with identifying these threats: [MS14-056] - Cumulative Security Update for Internet Explorer (2987107) 35409 - Microsoft Cumulative Security Update for Internet Explorer (2987107) 35413 - Microsoft Cumulative Security Update for Internet Explorer (2987107) - IE8/2003 35420 - Microsoft Cumulative Security Update for Internet Explorer (2987107) - IE8 Other [MS14-057] - Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414) 35405 - Microsoft .NET Multiple Vulnerabilities (3000414) - KB2972106 35406 - Microsoft .NET Multiple Vulnerabilities (3000414) - KB2979575 35407 - Microsoft .NET Multiple Vulnerabilities (3000414) - KB2972107 35408 - Microsoft .NET Multiple Vulnerabilities (3000414) - KB2979578 35411 - Microsoft .NET Multiple Vulnerabilities (3000414) - KB2968292 35414 - Microsoft .NET Multiple Vulnerabilities (3000414) - KB2972098 35416 - Microsoft .NET Multiple Vulnerabilities (3000414) - KB2979568 35417 - Microsoft .NET Multiple Vulnerabilities (3000414) - KB2968294 35418 - Microsoft .NET Multiple Vulnerabilities (3000414) - KB2972100 35419 - Microsoft .NET Multiple Vulnerabilities (3000414) - KB2979570 35421 - Microsoft .NET Multiple Vulnerabilities (3000414) - KB2968295 35422 - Microsoft .NET Multiple Vulnerabilities (3000414) - KB2972101 35423 - Microsoft .NET Multiple Vulnerabilities (3000414) - KB2978042 35424 - Microsoft .NET Multiple Vulnerabilities (3000414) - KB2979571 35425 - Microsoft .NET Multiple Vulnerabilities (3000414) - KB2979577 35427 - Microsoft .NET Multiple Vulnerabilities (3000414) - KB2968296 35428 - Microsoft .NET Multiple Vulnerabilities (3000414) - KB2972103 35438 - Microsoft .NET Multiple Vulnerabilities (3000414) - KB2978041 35440 - Microsoft .NET Multiple Vulnerabilities (3000414) - KB2979573 35441 - Microsoft .NET Multiple Vulnerabilities (3000414) - KB2979576 35444 - Microsoft .NET Multiple Vulnerabilities (3000414) - KB2972105 35448 - Microsoft .NET Multiple Vulnerabilities (3000414) - KB2979574 [MS14-058] - Vulnerability in Kernel-Mode Driver Could Allow Remote Code Execution (3000061) 35415 - Microsoft Kernel-Mode Driver Remote Code Execution (3000061) [MS14-059] - Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass (2990942) 35434 - Microsoft ASP.NET MVC Security Feature Bypass (2990942) - MVC 2.0 35435 - Microsoft ASP.NET MVC Security Feature Bypass (2990942) - MVC 3.0 35436 - Microsoft ASP.NET MVC Security Feature Bypass (2990942) - MVC 4.0 35437 - Microsoft ASP.NET MVC Security Feature Bypass (2990942) - MVC 5.0 35439 - Microsoft ASP.NET MVC Security Feature Bypass (2990942) - MVC 5.1 [MS14-060] - Vulnerability in Windows OLE Could Allow Remote Code Execution (3000869) 35429 - Microsoft Windows OLE Remote Code Execution (3000869) [MS14-061] - Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434) 35426 - Microsoft Word and Office Web Apps Remote Code (3000434) - KB2883013 35430 - Microsoft Word and Office Web Apps Remote Code (3000434) - KB2883031 35431 - Microsoft Word and Office Web Apps Remote Code (3000434) - KB2883032 35432 - Microsoft Word and Office Web Apps Remote Code (3000434) - KB3004865 35433 - Microsoft Word and Office Web Apps Remote Code (3000434) - KB2883008 35442 - Microsoft Word and Office Web Apps Remote Code (3000434) - KB2883098 35443 - Microsoft Word and Office Web Apps Remote Code (3000434) - KB2889827 [MS14-062] - Vulnerability in Message Queuing Service Could Allow Elevation of Privilege (2993254) 35410 - Microsoft Message Queuing Service Elevation of Privilege (2993254) [MS14-063] - Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege (2998579) 35412 - Microsoft FAT32 Disk Partition Driver Elevation of Privilege (2998579)
Photograph of Scott Lang

Scott Lang, Sr. Director, Product Marketing at BeyondTrust

Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.