Gravité: : Élevé
  Date du conseil: 14 octobre 2014

  Description

Microsoft addresses the following vulnerabilities in its October batch of patches:

  • (MS14-056)Cumulative Security Update for Internet Explorer (2987107)
    Risk Rating: Critical

    This security update addresses several vulnerabilities found existing in Internet Explorer. When exploited successfully, it could allow remote code execution via specially crafted webpage, thus compromising the security of the affected systems.


  • (MS14-057) Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414)
    Risk Rating: Critical

    This security update addresses several vulnerabilities in Microsoft .NET Framework. Accordingly, it could allow remote code execution thus compromising system security.


  • (MS14-058) Vulnerabilities in Kernel-Mode Driver Could Allow Remote Code Execution (3000061)
    Risk Rating: Critical

    This security update addresses vulnerabilities found in Microsoft Windows. When exploited by attackers, it could allow remote code execution.


  • (MS14-059) Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass (2990942)
    Risk Rating: Important

    This security update addresses a vulnerability found in ASP.NET MVC. When exploited successfully by attackers, it could allow security feature bypass.


  • (MS14-060) Vulnerability in Windows OLE Could Allow Remote Code Execution (3000869)
    Risk Rating: Important

    This security update addresses a vulnerability found in Microsoft Windows. Once successfully exploited, it could allow remote code execution via a Microsoft Office file containing specially crafted OLE object.


  • (MS14-061) Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434)
    Risk Rating: Important

    This security update addresses a vulnerability found in Microsoft Office. When successfully exploited via a specially crafted Microsoft Word file, it could lead to remote code execution.


  • (MS14-062) Vulnerability in Message Queuing Service Could Allow Elevation of Privilege (2993254)
    Risk Rating: Important

    This security update addresses a vulnerability found in Microsoft Windows that when successfully exploited, it could allow elevation of privilege.


  • (MS14-063) Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege (2998579)
    Risk Rating: Important

    This security update addresses a vulnerability found existing in Microsoft Windows, which could lead to execution of arbitrary code with elevated privileges.

  •   Information Exposure Rating:

    Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.

    MS Bulletin ID Vulnerability ID DPI Rule Number DPI Rule Name Release Date Vulnerability Protection and IDF Compatibility
    MS14-056 CVE-2014-4126 1006267 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4126) 14-Oct-14 YES
    MS14-056 CVE-2014-4127 1006268 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4127) 14-Oct-14 YES
    MS14-056 CVE-2014-4128 1006269 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4128) 14-Oct-14 YES
    MS14-056 CVE-2014-4129 1006270 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4129) 14-Oct-14 YES
    MS14-056 CVE-2014-4130 1006271 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4130) 14-Oct-14 YES
    MS14-056 CVE-2014-4132 1006282 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4132) 14-Oct-14 YES
    MS14-056 CVE-2014-4133 1006274 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4133) 14-Oct-14 YES
    MS14-056 CVE-2014-4134 1006279 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4134) 14-Oct-14 YES
    MS14-056 CVE-2014-4138 1006273 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4138) 14-Oct-14 YES
    MS14-061 CVE-2014-4117 1006283 Microsoft Word And Office Web Apps Remote Code Execution Vulnerability (CVE-2014-4117) 14-Oct-14 YES
    MS14-059 CVE-2014-4075 1000552 Generic Cross Site Scripting(XSS) Prevention 05-JULY-06 NO
    MS14-060 CVE-2014-4114 1006290 Microsoft Windows OLE Remote Code Execution Vulnerability (CVE-2014-4114) 14-Oct-14 YES
    MS14-060 CVE-2014-4114 1006291 Microsoft Windows OLE Remote Code Execution Vulnerability (CVE-2014-4114)- 1 14-Oct-14 YES

      Solutions