Today we released eight security bulletins addressing 24 unique CVE’s. Three bulletins have a maximum severity rating of Critical, and five have a maximum severity rating of Important. This table is designed to help you prioritize the deployment of updates appropriately for your environment.
Bulletin |
Most likely attack vector |
Max Bulletin Severity |
Platform mitigations and key notes |
|
MS14-058 (Kernel mode drivers [win32k.sys]) |
Attacker loads a malicious font on the user’s computer using an Office document or web browser which results in remote code execution. |
Critical |
0 Exploitation of CVE-2014-4148 and CVE-2014-4113 detected in the wild. CVE-2014-4148 is used for remote code execution. CVE-2014-4113 is used for elevation of privilege. |
CVE-2014-4113 is not exploitable on 32bit platforms if NULL-page mapping mitigation is enabled (configurable on Windows 7, enabled by default on Windows 8 an above). |
MS14-056 (Internet Explorer) |
Victim browses to a malicious webpage. |
Critical |
0 Exploitation of CVE-2014-4123 detected in the wild. Used as a sandbox escape. |
No remote code execution vulnerabilities being addressed in this update are known to be under active attack. |
MS14-057 (.NET Framework) |
An attacker sends malicious data to a vulnerable web application. |
Critical |
1 |
|
MS14-060 (Windows OLE Component) |
Victim opens malicious Office document that exploits the vulnerability resulting in a malicious executable being run. |
Important |
0 Exploitation of CVE-2014-4114 detected in the wild. |
Using a non-administrator account or setting UAC to “Always Prompt” helps mitigate the impact of this vulnerability. |
MS14-061 (Word) |
Victim opens a malicious Word document. |
Important |
1 |
|
MS14-062 (Kernel mode drivers [msmq.sys]) |
Attacker running code at low privilege runs exploit binary to elevate to SYSTEM. |
Important |
1 |
This vulnerability only affects Windows Server 2003. |
MS14-063 (Kernel mode drivers [fastfat.sys]) |
Important |
2 |
Requires the ability to physically plug a USB stick in to the computer. |
|
MS14-059 (ASP.NET MVC) |
Victim opens a malicious link |
Important |
3 |
This is a Cross Site Scripting vulnerability. The XSS Filter, which is enabled by default in IE8-IE11 in the Internet Zone, prevents attempts to exploit this vulnerability.
|
– Joe Bialek and Suha Can, MSRC Engineering