Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
1
Monthly Security
Bulletin Briefing
CSS Security Worldwide Programs
August 2014
• Teresa GhiorzoeSecurity Program Manager- GBS LATAM
• Daniel Mauser
Senior Technical Lead - LATAM CTS
Blog de Segurança: http://blogs.technet.com/b/risco/
Twitter: LATAMSRC
Email: [email protected]
CSS Security Worldwide ProgramsSlide 2
Security Bulletin Release OverviewAugust 2014
Other content
• Product Support Lifecycle Info
Appendix
• Public Webcast Details
• Manageability Tools Reference
• Related Resources
Critical Important
2 7
New
Security
Bulletins9
Rereleased
Security
Bulletins1
Rereleased
Security
Advisories1
CSS Security Worldwide ProgramsSlide 3
Security Bulletin Release OverviewAugust 2014
Bulletin Impact Component Severity PriorityExploit
Index
Publicly
Known
Publicly
Exploited
MS14-043
Remote
Code
Execution
Media Center Critical 1 2 No No
MS14-044Elevation of
PrivilegeSQL Important 3 2 No No
MS14-045Elevation of
PrivilegeKMD Important 2 2 No No
MS14-046Security
Bypass.Net Important 2 2 No No
MS14-047Security
BypassRPC Important 2 3 No No
MS14-048
Remote
Code
Execution
OneNote Important 1 2 No No
MS14-049Elevation of
Privilege
Windows
InstallerImportant 3 2 No No
MS14-050Elevation of
PrivilegeSharePoint Important 3 2 No No
MS14-051
Remote
Code
Execution
IE Critical 1 0 Yes Yes
Exploitability Index: 0 – Exploit Detected | 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected
CSS Security Worldwide ProgramsSlide 4
Affected Software:• Windows Vista
• Windows 7
• Windows 8, Windows 8.1
Severity | Critical
Deployment
Priority
Update
Replacement
More Information
and / or
Known Issues
1 None None
Restart Requirement
• A restart may be
required
Uninstall Support
• Use the Add or Remove
Programs Control Panel
applet.
Detection and Deployment
WU MU MBSA WSUS ITMU SCCMOnly Windows Media Center TV Pack for Windows Vista is
affected. This was on OEM only version of Windows VIstaYes Yes Yes Yes Yes Yes
Vulnerability in Windows Media Center Could Allow Remote
Code Execution (2978742)MS14-043
CSS Security Worldwide Programs
Exploitability Index (XI): 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected
DoS Rating: T - Temporary (DoS ends when attack ceases) | P - Permanent (Administrative action required to recover) | * - Not Applicable
Slide 5
Vulnerability in Windows Media Center Could Allow Remote
Code Execution (2978742)MS14-043
Vulnerability Details:
• A remote code execution vulnerability exists in Windows Media Center, which could be exploited by convincing a user to
open a specially crafted Microsoft Office file that invokes a COM object (CSyncBasePlayer).
CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory
CVE-2014-4060 Critical Remote Code Execution 2 2 * No No None
Attack Vectors
• Email: an attacker could exploit the
vulnerability by sending a specially
crafted Office file to the user and by
convincing the user to open the file.
• Attacker places specially crafted Office
file on a remote share and convinces
user to open the file from that location.
Mitigations
Microsoft has not identified any
mitigating factors for this vulnerability.
Workarounds
Microsoft has not identified any
workarounds for this vulnerability.
Exploitability Index (XI): 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected
DoS Rating: T - Temporary (DoS ends when attack ceases) | P - Permanent (Administrative action required to recover) | * - Not Applicable
CSS Security Worldwide ProgramsSlide 6
Vulnerabilities in SQL Server Could Allow Elevation of
Privilege (2984340)MS14-044
Affected Software• SQL Server 2008
• SQL Server 2008 R2
• SQL Server 2012
• SQL Server 2014 x64
Severity | Important
Deployment
Priority
Update
Replacement
More Information
and / or
Known Issues
3 MS12-070 or
None
Minor versioning
issues see
KB2977326
Restart Requirement
• A server restart may be
required. SQL instance
will need to be restarted.
Uninstall Support
• Use Add or Remove
Programs in Control PanelDetection and Deployment
WU MU MBSA WSUS ITMU SCCMMaster Data Services (MDS) is the SQL Server solution for
master data management. Master data management
(MDM) describes the efforts made by an organization to
discover and define non-transactional lists of data, with
the goal of compiling maintainable master lists. No Yes Yes Yes Yes Yes
CSS Security Worldwide ProgramsSlide 7
Vulnerabilities in SQL Server Could Allow Elevation of
Privilege (2984340)MS14-044
Vulnerability Details
• An XSS vulnerability exists in SQL Master Data Services (MDS) that could allow an attacker to inject a client-side script into the
user's instance of Internet Explorer. The script could spoof content, disclose information, or take any action that the user could take
on the site on behalf of the targeted user.
• A denial of service vulnerability exists in SQL Server. An attacker who successfully exploited this vulnerability could cause the server
to stop responding until a manual reboot is initiated
CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory
CVE-2014-1820 Important Elevation of Privilege 2 NA * No No None
CVE-2014-4061 Important Denial of Service 3 3 P No No None
Attack Vector
• CVE-2014-1820: Attacker hosts a
malicious website utilizing the
vulnerability, then convinces users to
visit the site.
• Attacker takes advantage of
compromised websites and/or sites
hosting ads from other providers.
• CVE-2014-4061: Attacker sends
specially crafted T-SQL statement to
SQL server
Mitigations
• CVE-2014-1820: Attacker would have to
convince users to take action, typically by
getting them to click a link in an email
message or in an Instant Messenger
message that takes users to the attacker's
website, or by getting them to open an
attachment sent through email. No way
for attacker to force user to view malicious
content.
• CVE-2014-1820: XSS filter prevents attack
from sites in Internet Zone
• CVE-2014-4061: no mitigations
Workarounds
• CVE-2014-1820: Enable XSS filter in
Intranet zone as well (default is
Internet zone only)
• CVE-2014-4061 no workarounds
Exploitability Index (XI): 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected
DoS Rating: T - Temporary (DoS ends when attack ceases) | P - Permanent (Administrative action required to recover) | * - Not Applicable
Affected Software
• Windows Server 2003
• Windows Vista
• Windows Server 2008
• Windows 7
• Windows Server 2008 R2
• Windows 8 and 8.1
• Windows Server 2012 and 2012 R2
• Windows RT and RT 8.1
Severity | Important
Deployment
Priority
Update
Replacement
More Information
and / or
Known Issues
2MS14-015
MS13-081
MS14-039
MS13-046
MS14-036
Yes – see below
and appendix
Restart Requirement
• Restart required
Uninstall Support
• Use Add or Remove Programs
in Control Panel
Detection and Deployment
WU MU MBSA WSUS ITMU SCCM Fonts installed to a location other than default directory
cannot be modified when they ae loaded into any active
session. See KBKB2982791 for details.Yes Yes Yes Yes Yes Yes
CSS Security Worldwide ProgramsSlide 8
Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation
of Privilege (2984615)MS14-045
Note: Windows RT devices can only be serviced with Windows Update, Microsoft Update, and the Windows Store.
Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation
of Privilege (2984615)
CSS Security Worldwide Programs
Vulnerability Details
• An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles window handle thread-
owned objects. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could
then install programs; view, change, or delete data; or create new accounts with full administrative rights.
• An elevation of privilege vulnerability exists in the way that the affected component handles objects from specially crafted font
files. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated privileges.
• An information disclosure vulnerability exists in the way Windows kernel memory is managed. An attacker who successfully
exploited this vulnerability could use it to disclose memory addresses or other sensitive kernel information.
CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory
CVE-2014-0318 Important Elevation of Privilege 3 3 P No No None
CVE-2014-1819 Important Elevation of Privilege 2 2 P No No None
CVE-2014-4064 Important Information Disclosure 3 3 * No No None
Attack VectorsAn attacker would first have to log on to
the system. An attacker could then run a
specially crafted application that could
exploit the vulnerability and take complete
control over the affected system.
Mitigations
An attacker must have valid logon
credentials and be able to log on locally to
exploit this vulnerability.
Workarounds
Microsoft has not identified any
workarounds for these vulnerabilities.
Exploitability Index (XI): 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected
DoS Rating: T - Temporary (DoS ends when attack ceases) | P - Permanent (Administrative action required to recover) | * - Not Applicable
Slide 9
MS14-045
Affected Software
• Microsoft .NET Framework 2.0 SP2
• Microsoft .NET Framework 3.0 SP2
• Microsoft .NET Framework 3.5
• Microsoft .NET Framework 3.5.1
On all supported editions of:
• Windows Vista
• Windows Server 2008
• Windows 7
• Windows Server 2008 R2
• Windows 8 and 8.1
• Windows Server 2012 and 2012 R2
Severity | Important
Deployment
PriorityUpdate Replacement
More Information
and / or
Known Issues
2 See BulletinNone
Restart Requirement
• A restart may be required
Uninstall Support
• Use Add or Remove Programs in
Control Panel
.NET Framework 1.1 is also vulnerable but it is infeasible to build a fix
since Windows Server 2003 does not support ASLR architecture needed
to address the issue.
WU MU MBSA WSUS ITMU SCCM
Yes Yes Yes Yes Yes Yes
CSS Security Worldwide ProgramsSlide 10
Vulnerability in .NET Framework Could Allow Security Feature
Bypass (2984625) MS14-046
Vulnerability in Microsoft XML Core Services Could Allow
Information Disclo
CSS Security Worldwide Programs
Vulnerability Details
• A security feature bypass vulnerability exists in the Microsoft .NET Framework that could allow an attacker to bypass the Address
Space Layout Randomization (ASLR) security feature, which helps protect users from a broad class of vulnerabilities.
CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory
CVE-2014-4062 Important Security Feature Bypass NA 2 * No No No
Attack Vectors• Attacker hosts a malicious website
utilizing the vulnerability, then convinces
users to visit the site.
• Attacker takes advantage of
compromised websites and/or sites
hosting ads from other providers.
Mitigations
EMET 4.1 and 5.0 are effective against
these attacks
Workarounds
Install the Force ASLR feature hotfix and
enable the IFEO registry entry. See
KB2639308.
Exploitability Index (XI): 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected
DoS Rating: T - Temporary (DoS ends when attack ceases) | P - Permanent (Administrative action required to recover) | * - Not Applicable
Slide 11
MS14-046 Vulnerability in .NET Framework Could Allow Security Feature
Bypass (2984625)
Affected Software
• Windows 7
• Windows Server 2008 R2
• Windows 8 and 8.1
• Windows Server 2012 and 2012 R2
• Windows RT and RT 8.1
Severity | Important
Deployment
Priority
Update
Replacement
More Information
and / or
Known Issues
2 MS13-062 None
Restart Requirement
• A restart is required
Uninstall Support
• Use Add or Remove Programs
in Control Panel
Detection and Deployment
WU MU MBSA WSUS ITMU SCCM Note: Windows RT devices can only be serviced
with Windows Update, Microsoft Update, and the
Windows StoreYes Yes Yes Yes Yes Yes
CSS Security Worldwide ProgramsSlide 12
Vulnerability in LRPC Could Allow Security Feature Bypass
(2978668) MS14-047
CSS Security Worldwide Programs
Vulnerability Details
• A security feature bypass vulnerability exists in Microsoft Remote Procedure Call (LRPC). The problem is that an LRPC server may
leak the message it receives from the client if the message is of a specific type and has a data view attached (which is not expected
for messages of the type). RPC considers this an error and returns, but does not free the message. This allows the client to fill up
the address space of the server with such messages.
CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory
CVE-2014-0316 Important Security Feature Bypass 3 3 P No No No
Attack VectorsAn attacker could tie this security feature
bypass vulnerability to an additional
vulnerability, usually a remote code
execution vulnerability.
Mitigations
Microsoft has not identified any mitigating
factors for this vulnerability.
Workarounds
Microsoft has not identified any
workarounds for this vulnerability.
Exploitability Index (XI): 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected
DoS Rating: T - Temporary (DoS ends when attack ceases) | P - Permanent (Administrative action required to recover) | * - Not Applicable
Slide 13
MS14-047 Vulnerability in LRPC Could Allow Security Feature Bypass
(2978668)
Affected Software• Microsoft OneNote 2007
Severity | Important
Deployment
Priority
Update
Replacement
More Information
and / or
Known Issues
1 MS08-055 None
Restart Requirement
• A restart may be required
Uninstall Support
• Use Add or Remove Programs
in Control Panel
Detection and Deployment
WU MU MBSA WSUS ITMU SCCM
OneNote 2010 and 2013 are not affected
No Yes Yes Yes Yes Yes
CSS Security Worldwide ProgramsSlide 14
Vulnerability in OneNote Could Allow Remote Code
Execution (2977201)MS14-048
CSS Security Worldwide Programs
Vulnerability Details
• A remote code execution vulnerability exists in the way that Microsoft OneNote parses specially crafted files. An attacker who
successfully exploited this vulnerability could run arbitrary code in the context of the current user. If the current user is logged on
with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install
programs; view, change, or delete data; or create new accounts with full user rights.
CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory
CVE-2014-2815 Important Remote Code Execution NA 2 * No No No
Attack Vectors• Email: an attacker could exploit the
vulnerability by sending a specially
crafted file to the user and by
convincing the user to open the file in
an affected version of Microsoft
OneNote.
• Web: Attacker hosts a malicious
website utilizing the vulnerability, then
convinces users to visit the site.
• Attacker takes advantage of
compromised websites and/or sites
hosting ads from other providers.
Mitigations• Attacker would have to convince users
to take action, typically by getting them
to click a link in an email message or in
an Instant Messenger message that
takes users to the attacker's website, or
by getting them to open an attachment
sent through email. No way for attacker
to force user to view malicious content.
• The vulnerability cannot be exploited
automatically through email
• Exploitation only gains the same user
rights as the logged-on account.
Workarounds
• Do not open OneNote files that you
receive from untrusted sources or that
you receive unexpectedly from trusted
sources.
Exploitability Index (XI): 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected
DoS Rating: T - Temporary (DoS ends when attack ceases) | P - Permanent (Administrative action required to recover) | * - Not Applicable
Slide 15
MS14-048 Vulnerability in OneNote Could Allow Remote Code
Execution (2977201)
Affected Software• Windows Server 2003
• Windows Vista
• Windows Server 2008
• Windows 7
• Windows Server 2008 R2
• Windows 8 and 8.1
• Windows Server 2012 and 2012 R2
• Windows RT and RT 8.1
Severity | Important
Deployment
Priority
Update
Replacement
More Information
and / or
Known Issues
3 MS10-100 None
Restart Requirement
• A restart may be required
Uninstall Support
• Use Add or Remove Programs
in Control Panel
Detection and Deployment
WU MU MBSA WSUS ITMU SCCM Note: Windows RT devices can only be serviced
with Windows Update, Microsoft Update, and the
Windows StoreYes Yes Yes Yes Yes Yes
CSS Security Worldwide ProgramsSlide 16
Vulnerability in Windows Installer Service Could Allow
Elevation of Privilege (2962490)MS14-049
CSS Security Worldwide Programs
Vulnerability Details
• An elevation of privilege vulnerability exists when the Windows Installer service improperly handles the repair of a previously
installed application. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker
could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory
CVE-2014-1814 Important Elevation of Privilege 2 2 * No No No
Attack VectorsAttacker runs a specially crafted
application that could exploit the
vulnerability and take complete control
over the affected system.
Mitigations
An attacker must have valid logon
credentials and be able to log on locally to
exploit this vulnerability.
Workarounds
Microsoft has not identified any
workarounds for this vulnerability.
Exploitability Index (XI): 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected
DoS Rating: T - Temporary (DoS ends when attack ceases) | P - Permanent (Administrative action required to recover) | * - Not Applicable
Slide 17
MS14-049 Vulnerability in Windows Installer Service Could Allow
Elevation of Privilege (2962490)
CSS Security Worldwide ProgramsSlide 18
Affected Software• Microsoft SharePoint Server 2013
• Microsoft SharePoint Foundation 2013
Severity | Important
Deployment
Priority
Update
Replacement
More Information
and / or
Known Issues
3 MS14-022Yes – see below
and appendix
Uninstall SupportThis security update cannot
be uninstalled.
Restart Requirement• A restart may be required
Detection and Deployment
WU MU MBSA WSUS ITMU SCCM Some Apps for SharePoint may need to be
modified. See KB2880994 for details. Developers
of affected apps have been notified.No Yes Yes Yes Yes Yes
Vulnerability in Microsoft SharePoint Server Could Allow
Elevation of Privilege (2977202) MS14-050
CSS Security Worldwide Programs
Exploitability Index (XI): 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected
DoS Rating: T - Temporary (DoS ends when attack ceases) | P - Permanent (Administrative action required to recover) | * - Not Applicable
Slide 19
Vulnerability Details
• An elevation of privilege vulnerability exists in SharePoint Server. An attacker could convince an authenticated user to install an
App for SharePoint that leverages the vulnerability. When the App for SharePoint is run arbitrary code in the security context of the
logged-on user could be executed.
CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory
CVE-2014-2816 Important Elevation of Privilege 2 NA * No No None
Attack VectorsAn attacker could create a specially crafted
app designed to exploit this vulnerability, and
then convince users to install the specially
crafted app.
MitigationsMicrosoft has not identified any mitigating
factors for this vulnerability..
WorkaroundsEvaluate apps and remove apps that
originated from untrusted sources.
Vulnerability in Microsoft SharePoint Server Could Allow
Elevation of Privilege (2977202) MS14-050
CSS Security Worldwide ProgramsSlide 20
Affected Software• Internet Explorer 6 on Windows Server 2003
• Internet Explorer 7 on Windows Server 2003, Windows
Vista, and Windows Server 2008.
• Internet Explorer 8 on Windows Server 2003, Windows
Vista, Windows Server 2008, Windows 7, and Windows
Server 2008 R2.
• Internet Explorer 9 on Windows Vista, Windows Server
2008, Windows 7, and Windows Server 2008 R2.
• Internet Explorer 10 on Windows 7, Windows Server 2008
R2, Windows 8, Windows Server 2012, and Windows RT.
• Internet Explorer 11 on Windows 7, Windows Server 2008
R2, Windows 8.1, Windows Server 2012 R2, and Windows
RT 8.1.
Severity | Critical
Deployment
Priority
Update
Replacement
More Information
and / or
Known Issues
1 MS14-037Yes – see below
and appendix
Uninstall Support• Use the Add or Remove
Programs Control Panel
applet
Restart Requirement• A restart is required
Detection and Deployment
WU MU MBSA WSUS ITMU SCCMNew feature: out-of-date ActiveX control blocking
See KB2991000 and IE blog post for details
http://blogs.msdn.com/b/ie/archive/2014/08/06/internet-
explorer-begins-blocking-out-of-date-activex-
controls.aspx
Yes Yes Yes Yes Yes Yes
Cumulative Security Update for Internet Explorer (2976627)MS14-051
Note: Windows RT devices can only be serviced with Windows Update, Microsoft Update, and the Windows Store.
CSS Security Worldwide Programs
Vulnerability Details
• Remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. These vulnerabilities
could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
• Multiple elevation of privilege vulnerabilities exist in Internet Explorer. An attacker who successfully exploited these vulnerabilities
could elevate privileges in affected versions of Internet Explorer
CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory
Multiple Critical Remote Code Execution 1 1 * No No No
CVE-2014-2817 Important Elevation of Privilege 0 0 * No Yes No
CVE-2014-2819 Important Elevation of Privilege 1 1 * Yes No No
Attack Vectors• Attacker hosts a malicious website
utilizing the vulnerability, then
convinces users to visit the site.
• Attacker takes advantage of
compromised websites and/or sites
hosting ads from other providers.
Mitigations• Attacker would have to convince users to take
action, typically by getting them to click a link in
an email message or in an Instant Messenger
message that takes users to the attacker's website,
or by getting them to open an attachment sent
through email. No way for attacker to force user to
view malicious content.
• Exploitation only gains the same user rights as the
logged-on account.
• By default, all Microsoft email clients open HTML
email messages in the Restricted Sites zone.
• By default, Internet Explorer runs in Enhanced
Security Configuration mode for all Windows
Servers.
Workarounds
• Set Internet and Local intranet security zone
settings to "High" to block ActiveX Controls and
Active Scripting in these zones.
• Configure Internet Explorer to prompt before
running Active Scripting or to disable Active
Scripting in the Internet and Local intranet
security zone.
• Add sites that you trust to the Internet Explorer
Trusted sites zone.
• CVE-2014-2817 and 2819 - Microsoft has not
identified any workarounds for these
vulnerabilities.
Slide 21
MS14-051 Cumulative Security Update for Internet Explorer (2976627)
Exploitability Index (XI): 0 – Exploit Detected | 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected
DoS Rating: T - Temporary (DoS ends when attack ceases) | P - Permanent (Administrative action required to recover) | * - Not Applicable
CSS Security Worldwide ProgramsSlide 22
MS14-036 Vulnerabilities in Microsoft Graphics Component
Could Allow Remote Code Execution (2967487)
Rereleased
Security Bulletin
What Has Changed?
Microsoft rereleased this bulletin to announce the offering of update 2881071 on Microsoft
Office 2010 Service Pack 1 and Microsoft Office 2010 Service Pack 2. Update 2881071 replaces
update 2767915, and addresses an issue in update 2767915 that caused the update to fail or
only partially install on some specific editions of Microsoft Office 2010. Customers who already
installed the original update will be offered the 2881071 update and are encouraged to apply
it at the earliest opportunity.
Executive Summary
This security update resolves two privately reported vulnerabilities in Microsoft Windows,
Microsoft Office, and Microsoft Lync. The vulnerabilities could allow remote code execution if a
user opens a specially crafted file or webpage. Users whose accounts are configured to have
fewer user rights on the system could be less impacted than users who operate with
administrative user rights.
Recommendations
Customers who already installed the original update will be offered the 2881071 update and
are encouraged to apply it at the earliest opportunity. Most customers have automatic
updating enabled and will not need to take any action because this security update will be
downloaded and installed automatically. Customers who have not enabled automatic
updating need to check for updates and install this update manually. For information about
specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.
More Information https://technet.microsoft.com/en-us/library/security/ms14-036.aspx
CSS Security Worldwide ProgramsSlide 23
(2755801) Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer
Rereleased
Security
Advisory
What Has Changed?
Microsoft updated this advisory to announce the availability of a new update for Adobe Flash
Player. On August 12, 2014, Microsoft released an update (2982794) for Internet Explorer 10
on Windows 8, Windows Server 2012, and Windows RT, and for Internet Explorer 11 on
Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the
vulnerabilities described in Adobe Security bulletin APSB14-18. For more information about
this update, including download links, see Microsoft Knowledge Base Article 2982794.
Executive Summary
Microsoft is announcing the availability of an update for Adobe Flash Player in Internet
Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT,
Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the
vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained
within Internet Explorer 10 and Internet Explorer 11.
Recommendations
Microsoft recommends that customers apply the current update immediately using update
management software, or by checking for updates using the Microsoft Update service. Since
the update is cumulative, only the current update will be offered. Customers do not need to install previous updates as a prerequisite for installing the current update.
More Information http://technet.microsoft.com/library/2755801
CSS Security Worldwide ProgramsSlide 24
Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 Update
August 2014
Update for
Windows 8.1
Executive Summary
Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 Update is a cumulative update that
includes all previous released security updates and nonsecurity updates. In addition to previous
updates, it includes improvements such as improved Internet Explorer 11 compatibility for enterprise
applications, usability improvements, extended mobile device management and improved hardware
support. Additionally, this update enable Windows Server 2012 to support clustering configurations for
hosts.
Important All future security and nonsecurity updates for Windows RT 8.1, Windows 8.1, and
Windows Server 2012 R2 require this update to be installed. We recommend that you install this
update on your Windows RT 8.1, Windows 8.1, or Windows Server 2012 R2-based computer in order
to receive continued future updates.
Recommendations
This update is provided as an important update. If you select the Install updates automatically
(recommended) Windows Update setting, this update is installed automatically. If you select other
Windows Update settings, we highly recommend that you install this update through Windows Update
immediately.
Important Starting this month – August, any update applicable to Windows 8.1/Server 2012 R2 will
require 2919355.
More Information
Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 Update May 2014
http://support.microsoft.com/kb/2919355
Information for IT Professionals
http://blogs.windows.com/windows/b/springboard/archive/2014/04/02/windows-8-1-update-the-it-
pro-perspective.aspx
http://blogs.windows.com/windows/b/springboard/archive/2014/04/16/windows-8-1-update-and-
wsus-availability-and-adjusted-timeline.aspx
CSS Security Worldwide ProgramsSlide 25
Product Families and Service Packs Reaching End of SupportSupport
Lifecycle
Product Families Nothing scheduled to enter Extended Support in August
Service PacksNo Service Packs expiring in August
October: Office 2010 SP1, Project 2010 SP1, SharePoint Server 2010 SP1, Visio 2010 SP1
More InformationMicrosoft Support Lifecycle information
http://support.microsoft.com/lifecycle/
CSS Security Worldwide ProgramsSlide 26
Security Bulletin SummaryAugust 2014
Bulletin Bulletin title Severity Priority
MS14-043 Vulnerability in Windows Media Center Could Allow Remote Code Execution Critical 1
MS14-044 Vulnerabilities in SQL Server Could Allow Elevation of Privilege Important 3
MS14-045 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege Important 2
MS14-046 Vulnerability in .NET Framework Could Allow Security Feature Bypass Important 2
MS14-047 Vulnerability in LRPC Could Allow Security Feature Bypass Important 2
MS14-048 Vulnerability in OneNote Could Allow Remote Code Execution Important 1
MS14-049 Vulnerability in Windows Installer Service Could Allow Elevation of Privilege Important 3
MS14-050 Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege Important 3
MS14-051 Cumulative Security Update for Internet Explorer Critical 1
Appendix
CSS Security Worldwide Programs
CSS Security Worldwide ProgramsSlide 28
MSRT Changes, Tools, and Public Security Bulletin WebcastRelated
Resources
Malicious Software
Removal Tool (MSRT)
Win32/Lecpetex – a family of Trojans designed to collect your personal information and install other
malware. Can also install malware that uses your PC for bitcoin mining.
Additional Malware
Removal Tools
Microsoft Safety Scanner
• Same basic engine as the MSRT, but with a full set of A/V signatures.
Windows Defender Offline
• An offline bootable A/V tool with a full set of signatures.
• Designed to remove rootkits and other advanced malware that can't always be detected by
antimalware programs.
• Requires you to download an ISO file and burn a CD, DVD, or USB flash drive.
Public Webcast
Information About Microsoft's Security Bulletins
Wednesday, August 13, 2014, 11:00 A.M. Pacific Time (US & Canada)
Register at: http://technet.microsoft.com/security/dn756352
Microsoft Security
Blogs
Microsoft Security Response Center Blog: http://blogs.technet.com/msrc
Microsoft Security Research Defense Blog: http://blogs.technet.com/srd
Microsoft Malware Protection Center Blog: http://blogs.technet.com/mmpc
Microsoft Security Development Lifecycle Blog: http://blogs.technet.com/sdl
CSS Security Worldwide ProgramsSlide 29
Detection & Deployment (Manageability Tools) ReferenceAugust
2014
BulletinWindows
Update 1Microsoft
Update 1 MBSA 2 WSUS SMS ITMU SCCM
MS14-043 Yes Yes Yes Yes Yes Yes
MS14-044 No Yes Yes Yes Yes Yes
MS14-045 Yes Yes Yes Yes Yes Yes
MS14-046 Yes Yes Yes Yes Yes Yes
MS14-047 Yes Yes Yes Yes Yes Yes
MS14-048 No Yes Yes Yes Yes Yes
MS14-049 Yes Yes Yes Yes Yes Yes
MS14-050 No Yes Yes Yes Yes Yes
MS14-051 Yes Yes Yes Yes Yes Yes
1. Windows RT devices can only be serviced with Windows Update, Microsoft Update, and the Windows Store.
2. Microsoft Baseline Security Analyzer (MBSA) v2.3 now supports Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2.
CSS Security Worldwide ProgramsSlide 30
MS14-051 Internet ExplorerKnown Issues
MS14-051 : KB2976627
1. If you have an explorer bar installed, Internet Explorer may crash after the update is installed. This issue occurs
when the explorer bar is a HTML explorer bar. The following Internet Explorer versions are affected by this issue:
• Internet Explorer 11 that is running on Windows 8.1
• Internet Explorer 10 that is running on Windows 8
• Internet Explorer 9 that is running on Windows 7
To work around this issue, uninstall this update, uninstall the HTML explorer bar and then reinstall this update.
2. After you install this security update, the Internet Explorer window may become very slow to update and respond
when you open consecutive modal dialogs. This issue affects Internet Explorer versions 6 through 11.
New Features
KB2991001 Improvements to WebGL renderer in Internet Explorer 11
KB2990946 Improvements to F12 developer tools for Internet Explorer 11
KB2988414 Update that helps you manage your Internet Explorer 11 search provider
KB2991000 Blocking out-of-date ActiveX controls in Internet Explorer (enforced 9/9)
CSS Security Worldwide ProgramsSlide 31
MS14-045 KMD | MS14-050 SharePointKnown Issues
MS14-045 : KB2982791 After you install this security update, fonts that are installed to a location other than the default fonts directory
(%windir%\fonts\) cannot be modified when they are loaded into any active session. Attempts to change, replace, or
delete these fonts will be blocked, and a "File in use" message will be presented.
For more information, visit the following Microsoft webpages:
Font Installation and Deletion
AddFontResource function
AddFontResourceEx function
RemoveFontResource function
RemoveFontResourceEx function
MS14-050 : KB2880994 Some Apps for SharePoint may not function correctly after applying this update.
• Developers have been proactively notified
• MSDN documentation will be updated
Links
Públicos
dos
Boletin de
Segurança
Português
LATAM
Links do Boletins em Português
• Microsoft Security Bulletin Summary for Aug 2014-
Resumo
http://technet.microsoft.com/pt-
br/security/bulletin/ms14-aug
• Security Bulletin Search/Boletins de Segurança Busca
http://technet.microsoft.com/pt-br/security/bulletin
• Security Advisories/Comunicados de Segurança
http://technet.microsoft.com/pt-br/security/advisory
• Microsoft Technical Security Notifications - Notificações
http://technet.microsoft.com/pt-
br/security/dd252948.aspx
Blogs
Negócios de Risco
• http://blogs.technet.com/b/risco/
• MSRC Blog
http://blogs.technet.com/msrc
• SRD Team Blog
http://blogs.technet.com/srd
• MMPC Team Blog
http://blogs.technet.com/mmpc
• MSRC Ecosystem Team Blog
http://blogs.technet.com/ecostrat
Supplemental Security Reference Articles
• Detailed Bulletin Information Spreadsheet
http://go.microsoft.com/fwlink/?LinkID=245778
• Security Tools for IT Pros- Ferramentas de Segurança
http://technet.microsoft.com/pt-br/security/cc297183
• KB894199 Description of Software Update Services and Windows Server Update Services changes in content
http://support.microsoft.com/kb/894199
• The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious
software
http://support.microsoft.com/kb/890830
• Mybulletins
• http://mybulletins.technet.microsoft.com/
Webcast
Português
Setembro
GBS Security Worldwide Programs34
Webcast Português (Externo)
WEBCAST – CLIENTES
https://msevents.microsoft.com/CUI/Ev
entDetail.aspx?EventID=1032575589
11/Setembro/2014
15:30 Hrs Brasília
Para receber convite para a conferência escrever para [email protected]