Tag Archives: Microsoft Security Bulletins

Internet Explorer New Zero Day Critical Vulnerability

Internet Explorer new Zero Day critical vulnerability ( CVE-2014-1776 ) allow remote code execution. Microsoft release Security Advisory ( 2963983 ) and confirmed:

“Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.

The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

Follow us on Google+Twitter or Facebook

Microsoft Releases April 2014 Security Bulletins

Microsoft Releases April 2014 Security Bulletins.
Below you’ll find all the latest information on these updates.

1.Bulletin ID: MS14-017
Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Affected Software: Microsoft Office,
Microsoft Office Services,
Microsoft Office Web Apps

Bulletin Executive Summary:

Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2949660)

This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft Office. The most severe of these vulnerabilities could allow remote code execution if a specially crafted file is opened or previewed in an affected version of Microsoft Office software. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

2.Bulletin ID: MS14-018
Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Affected Software: Microsoft Windows,
Internet Explorer

Bulletin Executive Summary:

Cumulative Security Update for Internet Explorer (2950467) 

This security update resolves six privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

3.Bulletin ID: MS14-019
Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Affected Software: Microsoft Windows

Bulletin Executive Summary:

Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2922229)

This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user runs specially crafted .bat and .cmd files from a trusted or semi-trusted network location. An attacker would have no way to force users to visit the network location or run the specially crafted files. Instead, an attacker would have to convince users to take such action. For example, an attacker could trick users into clicking a link that takes them to the location of the attacker’s specially crafted files and subsequently convince them to run them.

4.Bulletin ID: MS14-020
Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Affected Software: Microsoft Office

Bulletin Executive Summary:

Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (2950145)

This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted file in an affected version of Microsoft Publisher. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Follow us on Google+Twitter or Facebook