September 2014 - Microsoft Releases 4 Security Advisories

Publish date: November 18, 2014

Severity: HIGH

Advisory Date: SEP 09, 2014

DESCRIPTION

Microsoft addresses the following vulnerabilities in its September batch of patches:

(MS14-052) Cumulative Security Update for Internet Explorer (2977629)
Risk Rating: Critical

This security update addresses several vulnerabilities found existing in Internet Explorer. When exploited successfully, it could allow remote code execution thus compromising the security of the affected systems.

(MS14-053) Vulnerability in .NET Framework Could Allow Denial of Service (2990931)
Risk Rating: Important

This security update addresses a vulnerability found in Microsoft .NET Framework. Once exploited successfully, it can allow denial of service.

(MS14-054)Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2984615)
Risk Rating: Important

This security update addresses a vulnerability found in Microsoft Windows, which could allow elevation of privilege once exploited successfully by attackers via a specially crafted application.

(MS14-055) Vulnerabilities in Microsoft Lync Server Could Allow Denial of Service (2990928)
Risk Rating: Important

This security update addresses vulnerabilities in Microsoft Lync Server, that could allow denial of service via a specially crafted request to a Lync server thus compromising its security.

TREND MICRO PROTECTION INFORMATION

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.

MS Bulletin ID	Vulnerability ID	DPI Rule Number	DPI Rule Name	Release Date	Vulnerability Protection and IDF Compatibility
MS14-052	CVE-2014-2799	1006164	Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-2799)	9-Sep-14	YES
MS14-052	CVE-2014-4065	1006219	Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4065)	9-Sep-14	YES
MS14-052	CVE-2014-4080	1006224	Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4080)	9-Sep-14	YES
MS14-052	CVE-2014-4081	1006227	Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4081)	9-Sep-14	YES
MS14-052	CVE-2014-4082	1006230	Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4082)	9-Sep-14	YES
MS14-052	CVE-2014-4084	1006221	Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4084)	9-Sep-14	YES
MS14-052	CVE-2014-4086	1006229	Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4086)	9-Sep-14	YES
MS14-052	CVE-2014-4087	1006222	Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4087)	9-Sep-14	YES
MS14-052	CVE-2014-4088	1006225	Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4088)	9-Sep-14	YES
MS14-052	CVE-2014-4089	1006220	Microsoft Internet Explorer Use After Free Vulnerability (CVE-2014-4089)	9-Sep-14	YES
MS14-052	CVE-2014-4092	1006223	Microsoft Internet Explorer Use After Free Vulnerability (CVE-2014-4092)	9-Sep-14	YES
MS14-052	CVE-2014-4094	1006226	Microsoft Internet Explorer Use After Free Vulnerability (CVE-2014-4094)	9-Sep-14	YES
MS14-052	CVE-2014-4095	1006228	Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4095)	9-Sep-14	YES

SOLUTION

PATCH: https://technet.microsoft.com/library/security/ms14-sep

Related Blog Entries

September 2014 Patch Tuesday Includes Fixes for Critical IE Vulnerabilities

Related Vulnerability

Related Web Attack

Gateways to Infection: Exploiting Software Vulnerabilities

Featured Stories

$Lessons in Resilience from the Race to Patch SharePoint Vulnerabilities$
Lessons in Resilience from the Race to Patch SharePoint Vulnerabilities
In this article, Trend Micro discusses how the fast-moving attacks using CVE-2025-53770 and CVE-2025-53771 have underscored the essential role of virtual patching and reliable intelligence in protecting organizations against evolving threats.
Read more
$Unveiling AI Agent Vulnerabilities Part V: Securing LLM Services$
Unveiling AI Agent Vulnerabilities Part V: Securing LLM Services
To conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.
Read more
$Unveiling AI Agent Vulnerabilities Part IV: Database Access Vulnerabilities$
Unveiling AI Agent Vulnerabilities Part IV: Database Access Vulnerabilities
How can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.
Read more
$The Mirage of AI Programming: Hallucinations and Code Integrity$
The Mirage of AI Programming: Hallucinations and Code Integrity
The adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.
Read more