MS Security Advisories - May 13, 2014
FYI...
Microsoft Security Advisory 2871997
Update to Improve Credentials Protection and Management
- https://technet.microsoft.com/en-us/library/security/2871997
May 13, 2014 - "Microsoft is announcing the availability of an update for supported editions of Windows 8, Windows RT, Windows Server 2012, Windows 7, and Windows Server 2008 R2 that improves credential protection and domain authentication controls to reduce credential theft. This update provides additional protection for the Local Security Authority (LSA), adds a restricted admin mode for Credential Security Support Provider (CredSSP), introduces support for the protected account-restricted domain user category, and enforces stricter authentication policies for Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 machines as clients.
Recommendation. Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service..."
- https://support.microsoft.com/kb/2871997
Microsoft Security Advisory 2962824
Update Rollup of Revoked Non-Compliant UEFI Modules
- https://technet.microsoft.com/en-us/library/security/2962824
May 13, 2014 - "With this advisory, Microsoft is revoking the digital signature for four private, third-party UEFI (Unified Extensible Firmware Interface) modules that could be loaded during UEFI Secure Boot. These UEFI (Unified Extensible Firmware Interface) modules are partner modules distributed in backup and recovery software. When the update is applied, the affected UEFI modules will no longer be trusted and will no longer load on systems where UEFI Secure Boot is enabled. The affected UEFI modules consist of specific Microsoft-signed modules that are not in compliance with our certification program and are being revoked at the request of the author. Microsoft is not aware of any misuse of the affected UEFI modules..."
- https://support.microsoft.com/kb/2962824
Microsoft Security Advisory 2960358
Update for Disabling RC4 in .NET TLS
- https://technet.microsoft.com/en-us/library/security/2960358
May 13, 2014 - "Microsoft is announcing the availability of an update for Microsoft .NET Framework that disables RC4 in Transport Layer Security (TLS) through the modification of the system registry. Use of RC4 in TLS could allow an attacker to perform man-in-the-middle attacks and recover plaintext from encrypted sessions.
Recommendation. Microsoft recommends that customers download and test the update before deploying it in their environments as soon as possible..."
- https://support.microsoft.com/kb/2960358
Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/library/security/2755801
Updated: May 13, 2014 Ver: 24.0 - "Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11..."
- https://support.microsoft.com/kb/2957151
Microsoft Security Advisory 2269637
Insecure Library Loading Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/library/security/2269637
Updated: May 13, 2014 Ver: 19.0 - "Microsoft is aware that research has been published detailing a remote attack vector for a class of vulnerabilities that affects how applications load external libraries. This issue is caused by specific insecure programming practices that allow so-called "binary planting" or "DLL preloading attacks". These practices could allow an attacker to remotely execute arbitrary code in the context of the user running the vulnerable application when the user opens a file from an untrusted location. This issue is caused by applications passing an insufficiently qualified path when loading an external library. Microsoft has issued guidance to developers in the MSDN article, Dynamic-Link Library Security, on how to correctly use the available application programming interfaces to prevent this class of vulnerability. Microsoft is also actively reaching out to third-party vendors through the Microsoft Vulnerability Research Program to inform them of the mitigations available in the operating system. Microsoft is also actively investigating which of its own applications may be affected. In addition to this guidance, Microsoft is releasing a tool that allows system administrators to mitigate the risk of this new attack vector by altering the library loading behavior system-wide or for specific applications. This advisory describes the functionality of this tool and other actions that customers can take to help protect their systems...
V19.0 (May 13, 2014): Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS14-023, "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution."
:fear:
FYI...
Microsoft Security Advisory 2871997
Update to Improve Credentials Protection and Management
- https://technet.microsoft.com/en-us/library/security/2871997
May 13, 2014 - "Microsoft is announcing the availability of an update for supported editions of Windows 8, Windows RT, Windows Server 2012, Windows 7, and Windows Server 2008 R2 that improves credential protection and domain authentication controls to reduce credential theft. This update provides additional protection for the Local Security Authority (LSA), adds a restricted admin mode for Credential Security Support Provider (CredSSP), introduces support for the protected account-restricted domain user category, and enforces stricter authentication policies for Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 machines as clients.
Recommendation. Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service..."
- https://support.microsoft.com/kb/2871997
Microsoft Security Advisory 2962824
Update Rollup of Revoked Non-Compliant UEFI Modules
- https://technet.microsoft.com/en-us/library/security/2962824
May 13, 2014 - "With this advisory, Microsoft is revoking the digital signature for four private, third-party UEFI (Unified Extensible Firmware Interface) modules that could be loaded during UEFI Secure Boot. These UEFI (Unified Extensible Firmware Interface) modules are partner modules distributed in backup and recovery software. When the update is applied, the affected UEFI modules will no longer be trusted and will no longer load on systems where UEFI Secure Boot is enabled. The affected UEFI modules consist of specific Microsoft-signed modules that are not in compliance with our certification program and are being revoked at the request of the author. Microsoft is not aware of any misuse of the affected UEFI modules..."
- https://support.microsoft.com/kb/2962824
Microsoft Security Advisory 2960358
Update for Disabling RC4 in .NET TLS
- https://technet.microsoft.com/en-us/library/security/2960358
May 13, 2014 - "Microsoft is announcing the availability of an update for Microsoft .NET Framework that disables RC4 in Transport Layer Security (TLS) through the modification of the system registry. Use of RC4 in TLS could allow an attacker to perform man-in-the-middle attacks and recover plaintext from encrypted sessions.
Recommendation. Microsoft recommends that customers download and test the update before deploying it in their environments as soon as possible..."
- https://support.microsoft.com/kb/2960358
Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/library/security/2755801
Updated: May 13, 2014 Ver: 24.0 - "Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11..."
- https://support.microsoft.com/kb/2957151
Microsoft Security Advisory 2269637
Insecure Library Loading Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/library/security/2269637
Updated: May 13, 2014 Ver: 19.0 - "Microsoft is aware that research has been published detailing a remote attack vector for a class of vulnerabilities that affects how applications load external libraries. This issue is caused by specific insecure programming practices that allow so-called "binary planting" or "DLL preloading attacks". These practices could allow an attacker to remotely execute arbitrary code in the context of the user running the vulnerable application when the user opens a file from an untrusted location. This issue is caused by applications passing an insufficiently qualified path when loading an external library. Microsoft has issued guidance to developers in the MSDN article, Dynamic-Link Library Security, on how to correctly use the available application programming interfaces to prevent this class of vulnerability. Microsoft is also actively reaching out to third-party vendors through the Microsoft Vulnerability Research Program to inform them of the mitigations available in the operating system. Microsoft is also actively investigating which of its own applications may be affected. In addition to this guidance, Microsoft is releasing a tool that allows system administrators to mitigate the risk of this new attack vector by altering the library loading behavior system-wide or for specific applications. This advisory describes the functionality of this tool and other actions that customers can take to help protect their systems...
V19.0 (May 13, 2014): Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS14-023, "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution."
:fear: