MS Security Bulletin Summary - Feb 2014
FYI...
- https://technet.microsoft.com/en-us/...letin/ms14-feb
Feb 11, 2014 - "This bulletin summary lists security bulletins released for February 2014...
(Total of -7-)
Microsoft Security Bulletin MS14-010 - Critical
Cumulative Security Update for Internet Explorer (2909921)
- https://technet.microsoft.com/en-us/...letin/ms14-010
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS14-011 - Critical
Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390)
- https://technet.microsoft.com/en-us/...letin/ms14-011
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-007 - Critical
Vulnerability in Direct2D Could Allow Remote Code Execution (2912390)
- https://technet.microsoft.com/en-us/...letin/ms14-007
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-008 - Critical
Vulnerability in Microsoft Forefront Protection for Exchange Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/...letin/ms14-008
Critical - Remote Code Execution - May require restart - Microsoft Security Software
Microsoft Security Bulletin MS14-009 - Important
Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2916607)
- https://technet.microsoft.com/en-us/...letin/ms14-009
Important - Elevation of Privilege - May require restart - Microsoft Windows, Microsoft .NET Framework
Microsoft Security Bulletin MS14-005 - Important
Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2916036)
- https://technet.microsoft.com/en-us/...letin/ms14-005
Important - Information Disclosure - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-006 - Important
Vulnerability in IPv6 Could Allow Denial of Service (2904659)
- https://technet.microsoft.com/en-us/...letin/ms14-006
Important - Denial of Service - Requires restart - Microsoft Windows
___
Deployment Priority, Severity, and Exploit Index
- https://blogs.technet.com/cfs-file.a...Deployment.jpg
- https://blogs.technet.com/b/msrc/arc...y-updates.aspx
___
- https://secunia.com/advisories/56771/ - MS14-005 ...Reported as a 0-day.
- https://secunia.com/advisories/56775/ - MS14-006
- https://secunia.com/advisories/56781/ - MS14-007
- https://secunia.com/advisories/56788/ - MS14-008
- https://secunia.com/advisories/56793/ - MS14-009
- https://secunia.com/advisories/56796/ - MS14-010
- https://secunia.com/advisories/56814/ - MS14-011
___
February 2014 Office Updates Release
- https://blogs.technet.com/b/office_s...edirected=true
11 Feb 2014 - "... There are 0 security updates and 8 non-security updates...
NON-SECURITY UPDATES
To improve stability and performance for Office 2010
• Update for Microsoft SharePoint Workspace 2010 (KB2760601)
• Update for Microsoft InfoPath 2010 (KB2817396)
• Update for Microsoft InfoPath 2010 (KB2817369)
• Update for Microsoft Office 2010 (KB2837583)
• Update for Microsoft OneNote 2010 (KB2837595)
• Update for Microsoft Outlook 2010 (KB2687567)
• Update for Microsoft PowerPoint 2010 (KB2775360) ...
There are no Outlook Junk Email Filter updates for February. The next Outlook Junk Email Filters updates will ship in the March 2014 update...
There is no Click-to-Run 2013 update for February. The next Click-to-Run update will ship in the April 2014 update..."
Office 365 - Multi-Factor Authentication
- http://blogs.office.com/2014/02/10/m...or-office-365/
Feb 10, 2014
___
- http://krebsonsecurity.com/2014/02/s...kwave-windows/
Feb 11, 2014 - "... seven patch bundles addressing at least 31 vulnerabilities in Windows and related software... The cumulative, critical security update for all versions of Internet Explorer (MS14-010) fixes two dozen vulnerabilities, including one that Microsoft says has already been publicly disclosed. The other patch that Microsoft specifically called out — MS14-011 — addresses a vulnerability in VBScript that could cause problems for IE users..."
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=17615
Last Updated: 2014-02-11 18:11:29
.
MS Security Advisories - 02.11.2014
FYI...
Microsoft Security Advisory (2915720)
Changes in Windows Authenticode Signature Verification
- http://technet.microsoft.com/en-us/s...visory/2915720
Feb 11, 2014 - Ver: 1.2
Microsoft Security Advisory (2862973)
Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
- http://technet.microsoft.com/en-us/s...visory/2862973
Feb 11, 2014 - Ver: 2.0
:fear:
Install MS14-010 for IE when offered ...
FYI...
- http://windowssecrets.com/patch-watc...et-year-round/
Feb 12, 2014 - "... Patch Tuesday’s Internet Explorer patch fixes -24- vulnerabilities, most susceptible to remote code-execution exploits. KB 2909921 is a -critical- update for IE versions 6–11*, on -all- supported Windows workstations. If you’re still running IE9, KB 2909921 will fix a related VBScript threat. But all other supported versions of IE need KB 2928390 ...
What to do: Attacks using the vulnerabilities patched by KB 2909921 (MS14-010) could appear soon. Install this update when offered..."
* MS14-010: Cumulative security update for Internet Explorer ...
- http://technet.microsoft.com/security/bulletin/MS14-010
- http://support.microsoft.com/kb/2909921
Last Review: Feb 11, 2014 - Rev: 1.0
___
MS14-011 - VBScript Scripting Engine ...
- http://technet.microsoft.com/security/bulletin/MS14-011
- http://support.microsoft.com/kb/2928390
Last Review: Feb 11, 2014 - Rev: 1.0
:fear::fear:
IE10 0-day in-the-wild...
FYI...
IE10 0-Day found in Watering Hole Attack
- http://www.fireeye.com/blog/technica...-attack-2.html
Feb 13, 2014 - "FireEye Labs has identified a new Internet Explorer (IE) zero-day exploit hosted on a breached website based in the U.S. It’s a brand new zero-day that targets IE 10 users visiting the compromised website – a classic drive-by download attack. Upon successful exploitation, this zero-day attack will download a XOR encoded payload from a remote server, decode and execute it. This post was intended to serve as a warning to the general public. We are collaborating with the Microsoft Security team on research activities..."
- http://www.fireeye.com/blog/uncatego...s-website.html
Feb 13, 2014 - "... Mitigation: The exploit targets IE 10 with Adobe Flash. It aborts exploitation if the user is browsing with a different version of IE or has installed Microsoft’s Experience Mitigation Toolkit (EMET). So installing EMET or updating to IE 11 prevents this exploit from functioning..."
Related: http://www.fireeye.com/blog/technica...-pdf-time.html
Feb 13, 2013 - "... In response to the many requests we’ve received for more detailed information, we would like to let our readers know that we have been working with Adobe and have jointly agreed to refrain from posting the technical details of the zero-day at this time. This post was intended to serve as a warning to the general public. We will update this post with more information at a later time."
- https://isc.sans.edu/diary.html?storyid=17642
Last Updated: 2014-02-14 04:11:27 UTC
___
- http://www.securitytracker.com/id/1029765
> https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0322 - 9.3 (HIGH)
Updated: Feb 20 2014
Impact: Execution of arbitrary code via network, User access via network
Vendor Confirmed: Yes
Description: ... A specific exploit is active that targets version 10 but -exits- if Microsoft’s Experience Mitigation Toolkit (EMET) is detected...
This vulnerability is being actively exploited...
FireEye reported this vulnerability.
Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The "MSHTML Shim Workaround" Microsoft Fix it solution will prevent exploitation.
The vendor's advisory is available at:
- https://technet.microsoft.com/security/advisory/2934088
Microsoft Fix it 51007
Watering hole attack using IE 10 0-day
> http://www.symantec.com/connect/site...y-diagram1.png
15 Feb 2014
MS IE10 - CMarkup Use-After-Free vuln
- https://secunia.com/advisories/56974/
Last Update: 2014-02-20
Criticality: Extremely Critical
Where: From remote
Impact: System access
Solution: Apply FixIt.
Original Advisory: Microsoft (KB2934088):
Last Review: Feb 19, 2014 - Rev: 1.0
Enable MSHTML shim workaround - Microsoft Fix it 51007*
... Before you install this Fix it solution, you must first install the latest updates for Internet Explorer 9 or Internet Explorer 10. To install the most current update for Internet Explorer, go to the following Microsoft webpage:
- http://update.microsoft.com/microsoftupdate
* http://support.microsoft.com/kb/2934088#FixItForMe
CVE Reference: https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0322 - 9.3 (HIGH)
Last revised: 02/18/2014 - "... as exploited in the wild in January and February 2014."
.
- http://www.kb.cert.org/vuls/id/732479
Last revised: 19 Feb 2014
- http://arstechnica.com/security/2014...tack-ms-warns/
Feb 13 2014 - "... surreptitiously installed -malware- on computers running a fully patched version 10 of the Internet Explorer browser. The attacks also work on IE 9... strongly consider switching to another browser altogether. Google Chrome has long received high marks for security, as has Mozilla Firefox."
- http://www.theinquirer.net/inquirer/...ks-on-military
Feb 14 2014 - "... just avoid the Microsoft browser altogether by running an alternative like Google Chrome or Mozilla Firefox."
:fear::fear: :mad:
IE9,10 - MS Fix it 51007...
FYI...
Microsoft Security Advisory (2934088)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/s...visory/2934088
Feb 19, 2014
- http://support.microsoft.com/kb/2934088
Last Review: Feb 19, 2014 - Rev: 1.0
Enable MSHTML shim workaround - Microsoft Fix it 51007*
... Before you install this Fix it solution, you must first install the latest updates for Internet Explorer 9 or Internet Explorer 10. To install the most current update for Internet Explorer, go to the following Microsoft webpage:
- http://update.microsoft.com/microsoftupdate
* http://support.microsoft.com/kb/2934088#FixItForMe
- http://support.microsoft.com/kb/2909921 - MS14-010
Last Review: Mar 12, 2014 - Rev: 2.0
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0322 - 9.3 (HIGH)
Last revised: 03/06/2014 - "... as exploited in the wild in January and February 2014."
- http://atlas.arbor.net/briefs/index#-1535410988
High Severity
20 Feb 2014
"... 0day exploit code for Internet Explorer 10. IE 9 is also vulnerable. Earlier exploit activity around CVE-2014-0322 has also been observed. The actual exploit code has been made publicly available. A security bulletin and fix-it are available from Microsoft..."
___
- https://blogs.technet.com/b/msrc/arc...edirected=true
Feb 19, 2014 - "... impacts Internet Explorer 9 and 10. Internet Explorer 6, 7, 8 and 11 are -not- affected..."
:fear::fear:
MS Security Advisories - 2.19-20.2014 ...
FYI...
Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.microsoft.com/en-us/s...visory/2755801
Updated: Feb 20, 2014 - "... Microsoft released an update (2934802) for Internet Explorer 10 on Windows 8, Windows Server 2012, and Windows RT, and for Internet Explorer 11 on Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities described in Adobe Security bulletin APSB14-07. For more information about this update, including download links, see Microsoft Knowledge Base Article 2934802*.
Prerequisite: This update is not cumulative and requires that cumulative update 2916626**, released on January 14, 2014, be installed. The previous update (2929825), released on February 4, 2014, is not a dependency; the fixes it contains have been rolled into this current update (2934802).
Note: Updates for Windows RT and Windows RT 8.1 are available via Windows Update**..."
* https://support.microsoft.com/kb/2934802
** https://support.microsoft.com/kb/2916626
*** http://update.microsoft.com/microsoftupdate
- https://secunia.com/advisories/57067/
Release Date: 2014-02-21
Criticality: Highly Critical
Where: From remote
Impact: Exposure of sensitive information, System access...
For more information: https://secunia.com/SA57057/
Solution: Apply updates...
___
Microsoft Security Advisory (2934088)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/s...visory/2934088
Feb 19, 2014
- http://support.microsoft.com/kb/2934088
Last Review: Feb 19, 2014 - Rev: 1.0
Enable MSHTML shim workaround - Microsoft Fix it 51007*
... Before you install this Fix it solution, you must first install the latest updates for Internet Explorer 9 or Internet Explorer 10. To install the most current update for Internet Explorer, go to the following Microsoft webpage:
- http://update.microsoft.com/microsoftupdate
* http://support.microsoft.com/kb/2934088#FixItForMe
- http://support.microsoft.com/kb/2909921 - MS14-010
Last Review: Feb 11, 2014 - Rev: 1.0
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-0322 - 9.3 (HIGH)
Last revised: 02/21/2014 - "... as exploited in the wild in January and February 2014"
- http://atlas.arbor.net/briefs/index#-1535410988
High Severity
20 Feb 2014
"... 0day exploit code for Internet Explorer 10. IE 9 is also vulnerable. Earlier exploit activity around CVE-2014-0322 has also been observed. The actual exploit code has been made publicly available. A security bulletin and fix-it are available from Microsoft..."
:fear::fear:
MS Security Advisory 2014.02.27 ...
FYI...
Microsoft Security Advisory (2871690)
Update to Revoke Non-compliant UEFI Modules
- http://technet.microsoft.com/en-us/s...visory/2871690
Updated: Feb 27, 2014 Ver: 2.0 - "Microsoft is announcing the availability of an update for Windows 8 and Windows Server 2012 that revokes the digital signatures for nine private, third-party UEFI (Unified Extensible Firmware Interface) modules that could be loaded during UEFI Secure Boot. When the update is applied, the affected UEFI modules will no longer be trusted and will no longer load on systems where UEFI Secure Boot is enabled. The affected UEFI modules consist of specific Microsoft-signed modules that are either not in compliance with our certification program or their authors have requested that the packages be revoked. At the time of this release, these UEFI modules are not known to be available publicly...
... The -rereleased- update* addresses an issue where specific third-party BIOS versions did not properly validate the signature of the original update... The 2871777 update** is a -prerequisite- and must be applied before this update can be installed..."
* https://support.microsoft.com/kb/2871690
Last Review: Feb 27, 2014 - Rev: 2.0
Also see: Known issues with this security update...
** https://support.microsoft.com/kb/2871777
Last Review: Sep 18, 2013 - Rev: 6.0
Applies to: Win8, winSvr2012
:fear:
MS Security Advisory 2.28.2014 ...
FYI...
Microsoft Security Advisory (2862152)
Vulnerability in DirectAccess and IPsec Could Allow Security Feature Bypass
- http://technet.microsoft.com/en-us/s...visory/2862152
Published: Nov 12, 2013 | Updated: Feb 28, 2014 Ver: 1.1 - "Microsoft is announcing the availability of an update for all supported releases of Windows to address a vulnerability in how server connections are authenticated to clients in either DirectAccess or IPsec site-to-site tunnels. An attacker who successfully exploited the vulnerability could use a specially crafted DirectAccess server to pose as a legitimate DirectAccess Server in order to establish connections with legitimate DirectAccess clients. The attacker-controlled system, appearing to be a legitimate server, could cause a client system to automatically authenticate and connect with the attacker-controlled system, allowing the attacker to intercept the target user's network traffic and potentially determine their encrypted domain credentials. Microsoft is not aware of any active attacks that are exploiting this vulnerability as of the release of this advisory.
Recommendation: Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service*.
Note: In addition to installing the update, additional administrative steps are required to be protected from the vulnerability described in this advisory. Please see the Suggested Actions section of this advisory for more information... customers must also follow the configuration guidance provided in Microsoft Knowledge Base Article 2862152** to be fully protected from the vulnerability..."
• V1.0 (November 12, 2013): Advisory published.
• V1.1 (February 28, 2014): Advisory -revised- to announce a detection change in the 2862152 update for Windows 8.1 for 32-bit Systems, Windows 8.1 for x64-based Systems, Windows Server 2012 R2, and Windows RT 8.1. This is a detection change only. There were no changes to the update files. Customers who have already successfully updated their systems do not need to take any action.
* http://update.microsoft.com/microsoftupdate/
** http://support.microsoft.com/kb/2862152
Last Review: Dec 2, 2013 - Rev: 2.0
.
MS Security Bulletin Summary - March 2014
FYI...
- https://technet.microsoft.com/en-us/...letin/ms14-mar
March 11, 2014 - "This bulletin summary lists security bulletins released for March 2014...
(Total of -5-)
Microsoft Security Bulletin MS14-012 - Critical
Cumulative Security Update for Internet Explorer (2925418)
- https://technet.microsoft.com/en-us/...letin/ms14-012
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS14-013 - Critical
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2929961)
- https://technet.microsoft.com/en-us/...letin/ms14-013
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS14-014 - Important
Vulnerability in Silverlight Could Allow Security Feature Bypass (2932677)
- https://technet.microsoft.com/en-us/...letin/ms14-014
Important - Security Feature Bypass - Does not require restart - Microsoft Silverlight
Microsoft Security Bulletin MS14-015 - Important
Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2930275)
- https://technet.microsoft.com/en-us/...letin/ms14-015
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS14-016 - Important
Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (2934418)
- https://technet.microsoft.com/en-us/...letin/ms14-016
Important - Security Feature Bypass - Requires restart - Microsoft Windows
___
Description of the Office updates: March 11, 2014
- http://support.microsoft.com/kb/2937335
"... Microsoft released the following nonsecurity updates... We recommend that you install all updates that apply to you..."
- https://blogs.technet.com/b/office_s...e-release.aspx
11 Mar 2014 - "... There are no security updates and 10 non-security updates..."
___
- http://krebsonsecurity.com/2014/03/a...urity-updates/
11 Mar 2014 - "... five bulletins address -23- distinct security weaknesses... The Internet Explorer patch is rated -critical- for virtually all supported versions of IE, and plugs at least -18- security holes, including a severe weakness in IE 9 and 10 that is already being exploited in targeted attacks..."
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=17795
Last Updated: 2014-03-11 17:23:47 UTC
___
- https://blogs.technet.com/b/msrc/arc...y-updates.aspx
Deployment Priority, Severity, and Exploit Index
- https://blogs.technet.com/resized-im...Deployment.jpg
- http://blogs.technet.com/b/srd/archi...y-updates.aspx
11 Mar 2014
___
- https://secunia.com/advisories/56974/ - MS14-012
- https://secunia.com/advisories/57325/ - MS14-013
- http://www.securitytracker.com/id/1029902 - MS14-014
- https://secunia.com/advisories/57330/ - MS14-015
- http://www.securitytracker.com/id/1029901 - MS14-016
.
MS Security Advisories - 3.11.2014 ...
FYI...
Microsoft Security Advisory (2934088)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/s...visory/2934088
Updated: March 11, 2014 - "... We have issued MS14-012* to address this issue. For more information about this issue, including download links for an available security update, please review MS14-012..."
* https://technet.microsoft.com/en-us/...letin/ms14-012
Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.microsoft.com/en-us/s...visory/2755801
Updated: March 11, 2014 Version: 21.0 - "... announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11..."
:fear: