FacebookPixel

AUGUST 2014

 

Bulletin ID

Bulletin Title and Executive Summary

Maximum Severity Rating and Vulnerability Impact

Restart Requirement

Affected Software

MS14-051

Cumulative Security Update for Internet Explorer (2976627) 

This security update resolves one publicly disclosed and twenty-five privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Critical 
Remote Code Execution

Requires restart

Microsoft Windows, 
Internet Explorer

MS14-043

Vulnerability in Windows Media Center Could Allow Remote Code Execution (2978742) 

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that invokes Windows Media Center resources. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Critical 
Remote Code Execution

May require restart

Microsoft Windows

MS14-048

Vulnerability in OneNote Could Allow Remote Code Execution (2977201) 

This security update resolves a privately reported vulnerability in Microsoft OneNote. The vulnerability could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft OneNote. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Important 
Remote Code Execution

May require restart

Microsoft Office

MS14-044

Vulnerabilities in SQL Server Could Allow Elevation of Privilege (2984340) 

This security update resolves two privately reported vulnerabilities in Microsoft SQL Server (one in SQL Server Master Data Services and the other in the SQL Server relational database management system). The more severe of these vulnerabilities, affecting SQL Server Master Data Services, could allow elevation of privilege if a user visits a specially crafted website that injects a client-side script into the user's instance of Internet Explorer. In all cases, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes them to the attacker's website, or by getting them to open an attachment sent through email.

Important 
Elevation of Privilege

May require restart

Microsoft SQL Server

MS14-045

Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2984615) 

This security update resolves three privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities.

Important 
Elevation of Privilege

Requires restart

Microsoft Windows

MS14-049

Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (2962490) 

This security update resolves a privately disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application that attempts to repair a previously-installed application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

Important 
Elevation of Privilege

May require restart

Microsoft Windows

MS14-050

Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege (2977202) 

This security update resolves one privately reported vulnerability in Microsoft SharePoint Server. An authenticated attacker who successfully exploited this vulnerability could use a specially crafted app to run arbitrary JavaScript in the context of the user on the current SharePoint site.

Important 
Elevation of Privilege

May require restart

Microsoft Server Software

MS14-046

Vulnerability in .NET Framework Could Allow Security Feature Bypass (2984625) 

This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow security feature bypass if a user visits a specially crafted website. In a web-browsing attack scenario, an attacker who successfully exploited this vulnerability could bypass the Address Space Layout Randomization (ASLR) security feature, which helps protect users from a broad class of vulnerabilities. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, that could take advantage of the ASLR bypass to run arbitrary code.

Important 
Security Feature Bypass

May require restart

Microsoft Windows,
Microsoft .NET Framework

MS14-047

Vulnerability in LRPC Could Allow Security Feature Bypass (2978668) 

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker uses the vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, that takes advantage of the ASLR bypass to run arbitrary code.

Important 
Security Feature Bypass

Requires restart

Microsoft Windows