2 min read

Microsoft Issues Nine Patches for 37 Bugs

Lucian Ciolacu

August 13, 2014

Microsoft Issues Nine Patches for 37 Bugs

Microsoft has issued nine patches for 37 issues in Windows, Office, SQL Server, Net Framework and SharePoint Server, according to the company`s August security bulletin.

The advisory patches fix severe vulnerabilities such as remote code execution, privilege escalation and security feature bypass.

“The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer,” the IE security update (MS14-051) said. “An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.”

There are 26 patched Internet Explorer flaws in total, ranging from IE 6 to IE 11, as only one was disclosed and 25 others undisclosed.

Another remote code execution flaw was found in Windows Media Center that could allow an attacker to gain the same rights as the affected user.

Denial of Service Attack through IPv6 Router Advertisement Vulnerability

.NET Framework didn’t escape the patching this time, as a security bypass vulnerability was found and its details are undisclosed. An attacker could bypass the Address Space Layout Randomization (ASLR) via a specially crafted website.

“The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, that could take advantage of the ASLR bypass to run arbitrary code,” said the MS14-046 security bulletin.

The last critical vulnerabilities are privilege escalation flaws found in the Kernel-Mode Drivers. The exploit could allow an attacker to escalate privileges if he “logs on to the system and runs a specially crafted application.” This time the attacker “must have valid logon credentials and be able to log on locally” to exploit it.

Microsoft Windows users are advised to apply the latest update for their own security. These patched vulnerabilities are rated as severe and their exploitation could be damaging.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read