Headline
Assessing Risk for the October 2014 Security Updates
Today we released eight security bulletins addressing 24 unique CVE’s. Three bulletins have a maximum severity rating of Critical, and five have a maximum severity rating of Important. This table is designed to help you prioritize the deployment of updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max exploitability Platform mitigations and key notes MS14-058(Kernel mode drivers [win32k.
Today we released eight security bulletins addressing 24 unique CVE’s. Three bulletins have a maximum severity rating of Critical, and five have a maximum severity rating of Important. This table is designed to help you prioritize the deployment of updates appropriately for your environment.
Bulletin
Most likely attack vector
Max Bulletin Severity
Max exploitability
Platform mitigations and key notes
MS14-058(Kernel mode drivers [win32k.sys])
Attacker loads a malicious font on the user’s computer using an Office document or web browser which results in remote code execution.
Critical
0Exploitation of CVE-2014-4148 and CVE-2014-4113 detected in the wild. CVE-2014-4148 is used for remote code execution. CVE-2014-4113 is used for elevation of privilege.
CVE-2014-4113 is not exploitable on 32bit platforms if NULL-page mapping mitigation is enabled (configurable on Windows 7, enabled by default on Windows 8 an above).
MS14-056(Internet Explorer)
Victim browses to a malicious webpage.
Critical
0Exploitation of CVE-2014-4123 detected in the wild. Used as a sandbox escape.
No remote code execution vulnerabilities being addressed in this update are known to be under active attack.
MS14-057(.NET Framework)
An attacker sends malicious data to a vulnerable web application.
Critical
1
MS14-060(Windows OLE Component)
Victim opens malicious Office document that exploits the vulnerability resulting in a malicious executable being run.
Important
0Exploitation of CVE-2014-4114 detected in the wild.
Using a non-administrator account or setting UAC to “Always Prompt” helps mitigate the impact of this vulnerability.
MS14-061(Word)
Victim opens a malicious Word document.
Important
1
MS14-062(Kernel mode drivers [msmq.sys])
Attacker running code at low privilege runs exploit binary to elevate to SYSTEM.
Important
1
This vulnerability only affects Windows Server 2003.
MS14-063(Kernel mode drivers [fastfat.sys])
Important
2
Requires the ability to physically plug a USB stick in to the computer.
MS14-059(ASP.NET MVC)
Victim opens a malicious link
Important
3
This is a Cross Site Scripting vulnerability. The XSS Filter, which is enabled by default in IE8-IE11 in the Internet Zone, prevents attempts to exploit this vulnerability.
- Joe Bialek and Suha Can, MSRC Engineering