Today we released fourteen security bulletins addressing 33 unique CVE’s. Four bulletins have a maximum severity rating of Critical, eight have a maximum severity rating of Important, and two have a maximum severity rating of Moderate. This table is designed to help you prioritize the deployment of updates appropriately for your environment.
Bulletin |
Most likely attack vector |
Max Bulletin Severity |
Deployment Priority |
Platform mitigations and key notes |
|
MS14-064 (Windows OLE Component |
User opens malicious Office document. |
Critical |
0
|
1 |
CVE-2014-6352 used in limited, targeted attacks in the wild. |
MS14-066 (SChannel) |
A malicious user sends specially crafted packets to an exposed service. |
Critical |
1 |
1 |
Internally found during a proactive security assessment. |
MS14-065 |
User browses to a malicious webpage. |
Critical |
1 |
1 |
|
MS14-069 |
User opens malicious Word document. |
Important |
1 |
2 |
Office 2010 and later versions are not affected by any of the vulnerabilities in this bulletin. |
MS14-067 |
User browses to a malicious webpage. |
Critical |
2 |
2 |
Only MSXML 3 is vulnerable. |
MS14-073 |
User opens a malicious link. |
Important |
2 |
2 |
This is a Cross Site Scripting vulnerability. |
MS14-078 (IME) |
User opens a malicious PDF document with Adobe Reader. |
Moderate |
0 |
3 |
CVE-2014-4077 used in one targeted attack in the wild to bypass Adobe Reader Sandbox via binary hijacking using malicious DIC file. |
MS14-071 (Windows Audio Service) |
User browses to a malicious webpage. |
Important |
2 |
3 |
Local elevation of privilege only, could potentially be utilized as a sandbox escape. |
MS14-070 (tcpip.sys) |
An authenticated Windows user runs a malicious program on the target system. |
Important |
2 |
3 |
Local elevation of privilege only. |
MS14-072 (.NET Framework) |
Attacker sends malicious data to a vulnerable web application. |
Important |
2 |
3 |
Applications not using .NET Remoting are not vulnerable. |
MS14-076 (IIS) |
A whitelist-only site could be accessed by an attacker not connected to the proper domain. A blacklist could be similarly bypassed. |
Important |
3 |
3 |
The vulnerability manifests itself in configurations where the Domain Name Restrictions whitelist and blacklist features are used with entries that contain wildcards. IP Address Restrictions are not affected |
MS14-074 (RDP) |
An authorization audit log could be bypassed in some scenarios. |
Important |
3 |
3 |
The vulnerability only applies to failed AuthZ scenarios, and not to failed AuthN. For example, if a valid user logon is attempted for a user that does not have privilege to RDP into a server, that event log may not be recorded. Event logs will still be recorded if an invalid user or password is presented. |
MS14-077 (ADFS) |
An authenticated user could not be logged out in some configurations. |
Important |
3 |
3 |
Manifests itself in a specific configuration where the ADFS server is configured to use a SAML Relying Party with no sign-out endpoint configured. |
MS14-079 (Kernel Mode Drivers [win32k.sys]) |
User browses to malicious webpage. |
Moderate |
3 |
3 |
The vulnerability leads to denial of service only. |
– Suha Can, MSRC Engineering