Welcome to the third Microsoft Patch Tuesday of 2014. As the snow slowly starts melting in the Northern Hemisphere, we come to our second to last update for Windows XP. This month, all five bulletins affect Windows XP. For those of you that still have Windows XP systems in your environment, I highly recommend you talk to your McAfee sales team about Application Control. Application Control can provide your EOL systems protection against an unpatched vulnerability. Moving back to today’s patches, Microsoft has officially released 5 patches addressing 23 individual vulnerabilities.
Of the five releases, two are identified by Microsoft as “critical.” The remaining patches are labeled “important” by Microsoft. This month’s patches are as follows:
- MS14-012 Cumulative Security Update for Internet Explorer (2925418)
- MS14-013 Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2929961)
- MS14-014 Vulnerability in Silverlight Could Allow Security Feature Bypass (2932677)
- MS14-015 Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2930275)
- MS14-016 Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (2934418)
Looking over the patches, I would like to highlight the following two critical updates:
The first update I would like to highlight is one of the critical patches that affects multiple versions of Internet Explorer. This update resolves 18 CVEs in Internet Explorer versions 6-11 in which CVE-2014-0324 has been exploited in the wild targeting installations of Internet Explorer 8. All of the 18 take advantage of memory corruption vulnerabilities found in IE. With a properly crafted website or phishing email, an adversary may obtain complete remote access with the same privileges of the current logged on user. There is no doubt why Microsoft rushed to make this update part of the month’s allotment of patches. Immediate patching should be priority number one on all systems running IE 6-11.
The second critical patch addresses a vulnerability in Microsoft DirectShow that can be remotely triggered by malicious code planted in a specially-crafted JPEG image. Instant infection could occur if the attacker places the malicious image on a website or social media outlet. All Windows desktop and Windows Server systems in addition to Windows RT are affected and should be patched immediately. This patch should be the top priority of your patching cycle this month.
Aggregate coverage (combining host and network-based countermeasure together) is 19 out of 23. McAfee Vulnerability Manager has the ability to scan and detect all 23 vulnerabilities. Specifically, coverage for each of the four most critical related vulnerabilities (MS14-012 and MS14-013) is covered by the following McAfee endpoint security software and McAfee Enterprise Firewall:
- BOP (Buffer Overflow Protection ww/ VSE)
- App Control
Further research is being performed 24/7 by McAfee Labs and coverage may improve as additional results come in. As more details become available, you’ll find them on the McAfee Threat Center. You might also be interested in subscribing to McAfee Labs Security Advisories, where you can get real-time updates via email.