Microsoft Patches OLE Zero Day, Recommends EMET 5.1 Before Applying IE ...


by Michael Mimoso Follow @mike_mimoso


A busy Microsoft Patch Tuesday arrived today with an extra sense of urgency and a complication.


Among 14 bulletins, four of which are rated critical by Microsoft, is a patch for the OLE zero-day vulnerability being used in a number of targeted attacks. The zero-day is being spread via email messages containing malicious Office file attachments. The disclosure, the second against OLE since Oct. 14, was partially addressed when Microsoft issued a FixIt tool as a temporary mitigation.


Related Posts

The OLE vulnerability affected all supported releases of Windows and allowed attackers to remotely control infected computers and execute code. The announcement followed a report by iSIGHT Partners revealing that the Sandworm APT group was exploiting another hole in OLE to attack government agencies and energy utilities.


OLE, or Microsoft Windows Object Linking and Embedding, allows for embedding and linking to documents and other objects.


MS14-064 addresses both vulnerabilities in question, CVE-2014-6332 and CVE-2014-6352. The first CVE occurs when Internet Explorer improperly access objects in memory, Microsoft said. The second patch modifies the way Windows validates the use of memory when OLE objects are accessed, Microsoft said.


The use of Microsoft's Enhanced Mitigation Experience Toolkit (EMET) was also recommended as a temporary stopgap. Microsoft on Monday released EMET 5.1, and updated a number of the mitigations available, including the resolution of a race condition in the Mandatory ASLR mitigation and the hardening of several other mitigations against reported bypasses.


The most important updates, however, have to do with compatibility with a number of ubiquitous applications, including Internet Explorer, Adobe Reader and Flash, and Mozilla Firefox.


In fact, Microsoft recommends that EMET 5.0 users upgrade to 5.1 immediately before proceeding with the application of today's patches.


'If you are using Internet Explorer 11, either on Windows 7 or Windows 8.1, and have deployed EMET 5.0, it is particularly important to install EMET 5.1 as compatibility issues were discovered with the November Internet Explorer security update and the EAF+ mitigation,' Microsoft said in an advisory. 'Alternatively, you can temporarily disable EAF+ on EMET 5.0.'


As is becoming the norm, Microsoft also released a cumulative update for IE. Today's bulletin, MS14-065, patches 17 vulnerabilities, many of which allow remote code execution. The update is rated critical going back to IE 6.


'The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory, by adding additional permission validations to Internet Explorer, and by helping to ensure that affected versions of Internet Explorer properly implement the ASLR security feature,' Microsoft said.


Microsoft also patched a remote code execution vulnerability in Microsoft Secure Channel, or Schannel, a Windows encryption security package used for SSL and TLS connections. MS14-066 patches an issue in the way Schannel processes specially crafted packets, Microsoft said.


'The fixes in this bulletin are the result of an internal code review at Microsoft that uncovered a number of memory corruption issues in Schannel in both server and client roles,' said Qualys CTO Wolfgang Kandek. 'The vulnerabilities are private as they were found by Microsoft internally and while Microsoft considers it technically challenging to code an exploit it is only a matter of time and resources, it is prudent to install this bulletin in your next patch cycle.'


MS14-067 is the final bulletin ranked critical by Microsoft. The vulnerability can be exploited by a malicious website designed to invoke Microsoft XML Core Services through IE, Microsoft said. MSXML improperly parses XML content, which can then in turn corrupt the system state and enable remote code execution, Microsoft said.


One bulletin rated important by Microsoft is MS14-069, which patches vulnerabilities in Microsoft Word 2007 and allows for remote code execution. Because it's limited to Office 2007 and cannot be automatically exploited remotely and requires user action, Microsoft rated it important.


'The attack scenario here is a malicious document that the attacker prepares to exploit the vulnerability. Attackers then send the document directly or a link to their targets and use social engineering techniques, such as legitimate sounding file names and content descriptions that are likely interest the targets in question,' Kandek said. 'If you run newer versions of Microsoft Office you are not vulnerable, but users of Office 2007 should place high priority on this bulletin.'


The remaining bulletins are all rated important by Microsoft:


MS14-070 is an elevation of privilege vulnerability in TCP/IP MS14-071 is an elevation of privilege vulnerability in Windows Audio Service MS14-072 is an elevation of privilege vulnerability in the .NET framework MS14-073 is an elevation of privilege vulnerability in SharePoint Foundation MS14-074 is a security feature bypass in Remote Desktop Protocol MS14-076 is a security feature bypass in Internet Information Services MS14-077 is an information disclosure vulnerability in Active Directory Federation Services MS14-078 is an elevation of privilege vulnerability in IME (Japanese)

Comments

Post a Comment

Popular posts from this blog

5 Reasons iPhone 6 Won't Be Popular

Image
The majority of users are waiting for the next smartphone from Apple - iPhone 6 – this year. Unfortunately, the hype around iPhone began to gradually subside with each passing year after the 4th model launched. Therefore, it is possible that the sixth iPhone model of  will not be nearly as popular as it was in the beginning. Global audience perceived iPhone 4S and iPhone 5 much cooler than its early models New iPhones will not cause that “wow”-effect, which was in the beginning, when Steve Jobs' presentations caused a delight and admiration of every new Apple gadget. Some leaked photos of iPhone 5S prototype show that it does not differ from its predecessor at all. Therefore, all hopes for something radically new in design and features are laid on iPhone 6. And if Apple is no longer holds its standards, that seem to be a little bit old-fashioned already, it is unlikely that iPhone 6 will be interesting for people next year. 5 main reasons can be found to think like
Read more

Eset nod32 ativirus 6 free usernames and passwords

Image
                              Hi friends,after little long time I'm going to write again about eset nod 32 antivirus.As I told in previous post if you are user on windows 8 Eset nod 32 is the best antivirus for your personal computer.the latest product eset nod 32 antivirus 6 has special features with 100% really working.Not need to purchase full version from buying it.Download the eset nod 32 trial version and activate your est antivirus from below updated usernames and passwords. Firstly I would like to tell something about est nod32 antivirus 6. The latest product having: Eset smarter scan  Scan while downloading something Anti-Theft Idle-state scanning Clean and safe E-mail Removable media security system tools         Download Eset nod32 antivirus 6 Trial version Here     After downloading Eset nod32 Antivirus activate it using below usernames and passwords. Username: EAV-30326836                                       Password: ccka4dvsuv Expire: 16-10-2013 Username:EAV-79084
Read more

Apple's self

USA TODAY Apple's self-driving car racing toward reality, report saysUSA TODAYSAN FRANCISCO - Apple's self-driving car effort, code-named Project Titan , is more reality than rumor, according to documents obtained by the British newspaper The Guardian. Engineers working for the Cupertino-based tech hardware giant met in May with ...Apple Is Getting Closer to a Self-Driving CarTIMEApple is reportedly looking at places to test its self-driving carThe VergeApple eyes former naval base in California to test 'Project Titan' self ...Apple InsiderThe Independent -Business Insider -Cult of Macall 10 news articles »
Read more