Another Update Tuesday has arrived, this time bringing us a total of nine bulletins covering a total of 37 CVEs. Two bulletins are marked critical: one for Media Center and the other for Internet Explorer, while the rest are marked "important".
MS14-043 covers Media Center and fixes a single use-after-free vulnerability (CVE-2014-4060). This vulnerability could allow remote code execution if a user opens a malicious Office file using Windows Media Center. It affects both Windows 7 and 8.
The second critical bulletin is the IE bulletin (MS14-051), providing fixes for a total of 26 CVEs. As is usual most of the fixes are for use-after-free vulnerabilities. One of the vulnerabilities that is being fixed is CVE-2014-2817 which is currently being attacked in the wild.
The rest of the bulletins are marked as important and cover a range of software:
MS14-044 fixes CVE-2014-4061 and CVE-2014-1820 where attacks against SQL server could allow for, respectively, a Denial of Service attack due to a stack overrun or an Elevation of Privilege if a user visits a malicious website due to an XSS.
The next bulletin (MS14-045) deals with Windows kernel-mode drivers and resolves two vulnerabilities that could result in an escalation of privilege (CVE-2014-0318 and CVE-2014-1819) and one information disclosure vulnerability (CVE-2014-4064). One of the EOP vulnerabilities is the result of a double fetch relating to a font (CVE-2014-1819), allowing an attacker who provides a malicious font to gain privileges. All three vulnerabilities are classified as having a low chance of being exploited.
.NET (MS14-046) suffers from a vulnerability that could allow an attacker to bypass ASLR (CVE-2014-4062). The use of EMET lowers the risk of a potential attack though. Similarly, an ASLR bypass (CVE-2014-0362) exists in LRPC (MS14-047) but is considered to be hard to exploit.
After last month’s bulletin that fixed a vulnerability in Windows Journal (MS14-038), Microsoft is now fixing a vulnerability in their other note-taking application OneNote 2007 (MS14-048). An attacker could achieve remote code execution when exploiting this vulnerability (CVE-2014-2815). As was the case in last month’s bulletin, the vulnerability occurs when a user opens a specially crafted file.
MS14-049 handles a single vulnerability in Windows Installer (CVE-2014-1814) that could allow for an Elevation of Privileges.
The final bulletin for this month is MS14-050and fixes CVE-2014-2816 in SharePoint. This vulnerability could allow for Elevation of Privileges when exploited. To exploit it, attackers would have to get the user to install a malicious app, which would then allow them to access the SharePoint site as that user.
Talos is providing the following SIDs to address these issues: SID 31619-31622, 31625-31630, 31634-31635.