Assessing Risk for the October 2014 Security Updates

Security Research & Defense / By / June 20, 2019

Today we released eight security bulletins addressing 24 unique CVE’s. Three bulletins have a maximum severity rating of Critical, and five have a maximum severity rating of Important. This table is designed to help you prioritize the deployment of updates appropriately for your environment.

Bulletin

Most likely attack vector

Max Bulletin Severity

Max exploitability

Platform mitigations and key notes

MS14-058

(Kernel mode drivers [win32k.sys])

Attacker loads a malicious font on the user’s computer using an Office document or web browser which results in remote code execution.

Critical

0

Exploitation of CVE-2014-4148 and CVE-2014-4113 detected in the wild.  CVE-2014-4148 is used for remote code execution. CVE-2014-4113 is used for elevation of privilege.

 CVE-2014-4113 is not exploitable on 32bit platforms if NULL-page mapping mitigation is enabled (configurable on Windows 7, enabled by default on Windows 8 an above).

MS14-056

(Internet Explorer)

Victim browses to a malicious webpage.

Critical

0

Exploitation of CVE-2014-4123 detected in the wild. Used as a sandbox escape.

No remote code execution vulnerabilities being addressed in this update are known to be under active attack.

MS14-057

(.NET Framework)

An attacker sends malicious data to a vulnerable web application.

Critical

1

MS14-060

(Windows OLE Component)

Victim opens malicious Office document that exploits the vulnerability resulting in a malicious executable being run.

Important

0

Exploitation of CVE-2014-4114 detected in the wild.

 Using a non-administrator account or setting UAC to “Always Prompt” helps mitigate the impact of this vulnerability.

MS14-061

(Word)

Victim opens a malicious Word document.

Important

1

 

MS14-062

(Kernel mode drivers [msmq.sys])

Attacker running code at low privilege runs exploit binary to elevate to SYSTEM.

Important

1

This vulnerability only affects Windows Server 2003.

MS14-063

(Kernel mode drivers [fastfat.sys])

Important

2

 

Requires the ability to physically plug a USB stick in to the computer.

MS14-059

(ASP.NET MVC)

Victim opens a malicious link

Important

3

This is a Cross Site Scripting vulnerability. The XSS Filter, which is enabled by default in IE8-IE11 in the Internet Zone, prevents attempts to exploit this vulnerability.

 

– Joe Bialek and Suha Can, MSRC Engineering