Microsoft Patch Tuesday, August 2014

August's Microsoft Patch Tuesday is upon us and Microsoft is issuing nine security bulletins, two rated Critical, and seven rated Important. These address 37 unique CVEs the majority of which appear in Internet Explorer. This marks another month of Critical updates for Microsoft's web browser. Other major vulnerabilities patched in this release include an XSS vulnerability in MS SQL Server, a critical remote code execution vulnerability in Windows Media Center and several privilege elevation vulnerabilities in SharePoint, Windows Installer and in a Windows Kernel-Mode Driver.

MS14-043 (KB2978742)
Critical
CVE-2014-4060
Vulnerability in Windows Media Center Could Allow Remote Code Execution

This bulletin resolves a Critical vulnerability in Windows Media Center. A specific DLL, MCPlayer.dll, fails to clean up memory resources and leaves itself vulnerable to a Use After Free remote code execution attack. An attacker could create a malicious Microsoft Office file that invokes Windows Media Player and exploits this vulnerability. Exploitation could execute any code using the same user rights as the logged in user.

This security update is rated Critical for all supported editions of Windows Media Center TV Pack for Windows Vista, all supported editions of Windows 7 except Starter and Home Basic editions, Windows Media Center when installed on Windows 8 Professional edition, and Windows Media Center when installed on Windows 8.1 Professional edition.

MS14-044 (KB2984340)
Important
CVE-2014-1820, CVE-2014-4061
Vulnerabilities in SQL Server Could Allow Elevation of Privilege

The bulletin patches two vulnerabilities in Microsoft SQL Server. One in how the database handles T-SQL queries and the other in SQL Master Data Services. The vulnerability in SQL Master Data Services would allow an attacker to inject a malicious client side script to be executed in a victim's browser in a typical XSS attack. The second vulnerability could allow an attacker to cause a denial of service condition for the database by sending specially crafted T-SQL queries. The denial of service condition would force a manual reboot of the service in order to restore the database to operation.

This security update is rated Important for supported editions of Microsoft SQL Server 2008 Service Pack 3, Microsoft SQL Server 2008 R2 Service Pack 2, and Microsoft SQL Server 2012 Service Pack 1; it is also rated Important for Microsoft SQL Server 2014 for x64-based Systems.

MS14-045 (KB2984615)
Important
CVE-2014-0318, CVE-2014-1819, CVE-2014-4064
Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege

This bulletin patches three separate vulnerabilities in the kernel mode driver, Win32k.sys. The driver is a part of the Windows subsystem that handles windows displays, screen output and user input from keyboards, mice and other devices. Two of the three vulnerabilities could allow privilege elevation. An attacker that was already logged in to the operating system could exploit these two vulnerabilities to execute arbitrary code with elevated privilege. The third vulnerability could disclose important information about your system.

This security update is rated Important for all supported releases of Microsoft Windows.

MS14-046 (KB2984625)
Important
CVE-2014-4062
Vulnerability in .NET Framework Could Allow Security Feature Bypass

This bulletin fixes a security bypass vulnerability through the .NET framework. An attacker could use this vulnerability in a web-browsing attack scenario to bypass the Address Space Layout Randomization (ASLR) memory protection feature in Windows OSes. While this vulnerability would not allow code execution, it could be combined with another vulnerability to make it easier to embed and execute malicious code in memory.

This security update is rated Important for Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.0 Service Pack 2, Microsoft .NET Framework 3.5, and Microsoft .NET Framework 3.5.1 on affected releases of Microsoft Windows.

MS14-047 (KB2978668)
Important
CVE-2014-0316
Vulnerability in LRPC Could Allow Security Feature Bypass

Like the vulnerability in .NET, this vulnerability also allows for the bypassing of ASLR protections. The vulnerability exists when a LRPC client triggers an error on th the server with a specific message type. The server triggers an error but does not properly lean up the original message. This would allow a client to fill up server memory with such messages and bypass ALSR. Like with the .NET vulnerability, this vulnerability would not allow code execution, but it could be combined with another vulnerability to make it easier to embed and execute malicious code in memory.

This security update is rated Important for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT, and Windows RT 8.1.

MS14-048 (KB2977201)
Important
CVE-2014-2815
Vulnerability in OneNote Could Allow Remote Code Execution

The vulnerability could allow remote code execution if a malicious file is opened in OneNote. Exploitation could execute any code using the same user rights as the logged in user.

This security update is rated Important for all supported editions of Microsoft OneNote 2007.

MS14-049 (KB2962490)
Important
CVE-2014-1814
Vulnerability in Windows Installer Service Could Allow Elevation of Privilege

This bulletin patches a vulnerability in the Windows Installer service that could allow an attacker to run arbitrary code in kernel mode. It allows an attacker to run a malicious application to patch a previously installed application. As the patch executes it allows the attacker to run any arbitrary code in kernel mode.

This security update is rated Important for all supported releases of Microsoft Windows.

MS14-050 (KB2977202)
Important
CVE-2014-2816
Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege

This update resolves a vulnerability in Microsoft SharePoint Server that could allow an attacker to run arbitrary JavaScript code with the same user privileges as the currently logged in user. The vulnerability is caused due to the mismanagement of an extensibility model that allows Sharepoint to execute JavaScript on behalf of the current user.

This security update is rated Important for supported editions of Microsoft SharePoint Server 2013 and Microsoft SharePoint Foundation 2013.

MS14-051 (KB2976627)
Critical
CVE-2014-2774, CVE-2014-2784, CVE-2014-2796, CVE-2014-2808, CVE-2014-2810, CVE-2014-2811, CVE-2014-2817, CVE-2014-2818, CVE-2014-2819, CVE-2014-2820, CVE-2014-2821, CVE-2014-2822, CVE-2014-2823, CVE-2014-2824, CVE-2014-2825, CVE-2014-2826, CVE-2014-2827, CVE-2014-4050, CVE-2014-4051, CVE-2014-4052, CVE-2014-4055, CVE-2014-4056, CVE-2014-4057, CVE-2014-4058, CVE-2014-4063, CVE-2014-4067
Cumulative Security Update for Internet Explorer

This update patches twenty-six Critical vulnerabilities in Microsoft Internet Explorer. The majority of the vulnerabilities are memory corruption issues and the most severe of these allow for arbitrary remote code execution. An attacker could exploit these vulnerabilities by convincing a user to view a maliciously crafted web page.

This security update is rated Critical for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers.

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.