Original Publication Date: 19-08-2014
Microsoft published its monthly Security Bulletin on August 12, 2014. Nine bulletins were released that addressed a total of 34 vulnerabilities. The bulletins described vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Mircrosoft Office, Mircosoft Server Software, Microsoft SQL Server and Microsoft .NET Framework. The vulnerabilities could allow an attacker to execute remote code, cause privilege elevation, or bypass Security feature.
Cyberoam Threat Research Labs is currently studying the vulnerabilities. The Security Advisory will be updated as additional information is available.
The following table provides general information on the vulnerabilities described in the Microsoft Security Bulletins.
Microsoft Security Bulletin
Microsoft Security Bulletin MS14-043
Vulnerability in Windows Media Center Could Allow Remote Code Execution
An attacker could exploit this vulnerability by placing specially crafted Office files on a remote share or by attaching them to an email. When a user double-clicks the specially crafted file from a computer containing Windows Media Center, the malicious code may be able to run.
Microsoft Security Bulletin MS14-044
Vulnerability in SQL Server Could Allow Elevation of Privilege
An attacker could exploit the vulnerability by sending a specially crafted link to the user and convincing the user to click the link. An attacker could also host a website that contains a webpage designed to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability.
Microsoft SQL Server
Microsoft Security Bulletin MS14-045
Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application designed to increase privileges.
Microsoft Security Bulletin MS14-046
Vulnerability in .NET Framework Could Allow Security Feature Bypass
An attacker could tie this security feature bypass vulnerability to an additional vulnerability, usually a remote code execution vulnerability. The additional vulnerability would take advantage of the security feature bypass for exploitation. For example, a remote code execution vulnerability that is blocked by ASLR, could be exploited after a successful ASLR bypass.
Microsoft Security Bulletin MS14-047
Vulnerability in LRPC Could Allow Security Feature Bypass
Microsoft Security Bulletin MS14-048
Vulnerability in OneNote Could Allow Remote Code Execution
Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft OneNote.
Microsoft OneNote 2007 and Above
Microsoft Security Bulletin MS14-049
Vulnerability in Windows Installer Service Could Allow Elevation of Privilege
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take complete control over the affected system.
Microsoft Security Bulletin MS14-050
Vulnerability in Mircrosoft SharePoint Server Could Allow Elevation of Privilege
An attacker could create a specially crafted app designed to exploit this vulnerability, and then convince users to install the specially crafted app.
Microsoft Security Bulletin MS14-051
Cumulative Security Update for Internet Explorer
An attacker could host a website that is used to attempt to exploit these vulnerabilities. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit these vulnerabilities. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action.
Microsoft Windows, Internet Explorer
19 August 2014
Initial public release containing information on the the vulnerabilities described in the Microsoft Security Bulletins.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.