November 1, 2014

Microsoft fixes critical flaws in Windows, IE and Office

microsoft logo(LiveHacking.Com) – Microsoft has released its security patches for September to address 47 different vulnerabilities in Microsoft Windows, Office, Internet Explorer and SharePoint. It total the company released 13 bulletins–four Critical and nine Important.

The first Critical bulletin fixes vulnerabilities in Microsoft SharePoint Server that could allow remote code execution if an attacker sends specially crafted content to the affected server. The vulnerability is present in Microsoft SharePoint Server 2007 and 2010, Microsoft SharePoint Services 2.0 and 3.0, and Microsoft SharePoint Foundation 2010. Also affected are Microsoft Office Services and Web Apps on supported editions of Microsoft SharePoint Server 2010. Although not rated as Critical the vulnerability is also present in Microsoft SharePoint Server 2013, Microsoft SharePoint Foundation 2013, and Excel Services on Microsoft SharePoint Server 2007.

Microsoft Outlook got updated in the second bulletin to fix a vulnerability that could allow remote code execution if a user opens or previews a specially crafted email message. The update, which is available for all supported editions of Microsoft Outlook 2007 and Microsoft Outlook 2010, corrects the way that Microsoft Outlook parses specially crafted S/MIME email messages.

Internet Explorer also got updated to resolves ten privately reported vulnerabilities, the most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage. Affected versions are  Internet Explorer 6, 7, 8, 9, and Internet Explorer 10. The vulnerabilities are related to memory corruptions as the fixes listed by Microsoft change the way that Internet Explorer handles objects in memory.

The final Critical update is for Windows itself and resolves a vulnerability that could allow remote code execution if a user opens a file that contains a specially crafted OLE object. Only Windows XP and Windows Server 2003 are the update fixes the way that OLE objects are handled in memory.

The remaining bulletins are all listed as Important:

  • MS13-071 – Vulnerability in Windows Theme File Could Allow Remote Code Execution
  • MS13-072 – Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
  • MS13-073 – Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
  • MS13-074 – Vulnerabilities in Microsoft Access Could Allow Remote Code Execution
  • MS13-075 – Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege
  • MS13-076 – Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege
  • MS13-077 – Vulnerability in Windows Service Control Manager Could Allow Elevation of Privilege
  • MS13-078 – Vulnerability in FrontPage Could Allow Information Disclosure
  • MS13-079 – Vulnerability in Active Directory Could Allow Denial of Service
Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks