Original Publication Date: December 17, 2014
Microsoft published its monthly Security Bulletin on December 09, 2014. Seven bulletins were released that addressed a total of 23 vulnerabilities. The bulletins described vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Office and Microsoft Exchange. The vulnerabilities could allow an attacker to execute remote code, cause privilege elevation or information disclosure.
Cyberoam Threat Research Labs is currently studying the vulnerabilities. The Security Advisory will be updated as additional information is available.
The following table provides general information on the vulnerabilities described in the Microsoft Security Bulletins.
Microsoft Security Bulletin
Microsoft Security Bulletin MS14-075
Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege
An attacker could host a website that is used to attempt to exploit this vulnerability.
Microsoft Exchange Server
Microsoft Security Bulletin MS14-080
Cumulative Security Update for Internet Explorer
An attacker could post on a website specially crafted content that is designed to exploit this vulnerability. The attacker would then have to convince the user to view the content on the affected website. If the user then browses to the website, the XSS filter disables HTML attributes in the specially crafted content, creating a condition that could allow malicious script to run in the wrong security context, leading to information disclosure.
Microsoft Security Bulletin MS14-081
Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow Remote Code Execution
Microsoft Security Bulletin MS14-082
Vulnerability in Microsoft Office Could Allow Remote Code Execution
A remote code execution vulnerability exists in the context of the current user that is caused when Microsoft Word does not properly handle objects in memory while parsing specially crafted Office files. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user.
Microsoft Security Bulletin MS14-083
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
An attacker could exploit the vulnerability by sending a specially crafted file to the user and by convincing the user to open the file in an affected version of Microsoft Office software.
Microsoft Security Bulletin MS14-084
Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution
Microsoft Security Bulletin MS14-085
Vulnerabilty in Microsoft Graphics Component Could Allow Information Disclosure
An attacker could use this information disclosure vulnerability to gain information about the system that could then be combined with other attacks to compromise the system.
December 17, 2014
Initial public release containing information on the the vulnerabilities described in the Microsoft Security Bulletins.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.