Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

Microsoft Patch Tuesday, December 2014

December's Microsoft Patch Tuesday is upon us and, hopefully, marks the last batch of bulletins for 2014. Although not as big as November's release, it still clocks in with three Critical and four Important bulletins. Internet Explorer is back with fourteen vulnerabilities, the majority of which are critical memory corruption vulnerabilities. That means there were critical vulnerabilities patched in Internet Explorer every month this year except for January. In all, over 200 vulnerabilities were patched in Internet Explorer in 2014, and the majority were rated critical. The other two critical vulnerabilities affect Microsoft Word and the VBScript scripting engine.

This release also patches MS14-075, which was slated for November but listed as "Release date to be determined" until today. The bulletin patches four vulnerabilities in Microsoft Exchange that can result in privilege escalation.

MS14-075
Important
CVE-2014-6319, CVE-2014-6325, CVE-2014-6326, CVE-2014-6336
Vulnerabilities in Microsoft Exchange Server Could Allow Elevation of Privilege

This security update resolves four privately reported vulnerabilities in Microsoft Exchange Server. The most severe of these vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes them to a targeted Outlook Web Access site. The vulnerability allows the attacker to gather enough OWA token information to spoof a valid user's token and send spoofed email as that user. Two other vulnerabilities patch a XSS hole in OWA and the fourth vulnerability patched would allow an attacker to redirect their victim to an arbitrary domain.

This security update is rated Important for all supported editions of Microsoft Exchange Server 2007, Microsoft Exchange Server 2010, and Microsoft Exchange Server 2013.


MS14-080
Critical
CVE-2014-6327, CVE-2014-6328, CVE-2014-6329, CVE-2014-6330, CVE-2014-6363, CVE-2014-6365, CVE-2014-6366, CVE-2014-6368, CVE-2014-6369, CVE-2014-6373, CVE-2014-6374, CVE-2014-6375, CVE-2014-6376, CVE-2014-8966
Cumulative Security Update for Internet Explorer

This security update resolves fourteen privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

This security update affects Internet Explorer 6 (IE 6) through Internet Explorer 11 (IE 11) on affected Windows clients and servers.


MS14-081
Critical
CVE-2014-6356, CVE-2014-6357
Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow Remote Code Execution

This security update resolves two privately reported vulnerabilities in Microsoft Word and Microsoft Office Web Apps. The vulnerabilities could allow remote code execution if an attacker convinces a user to open or preview a specially crafted Microsoft Word file in an affected version of Microsoft Office software. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Both vulnerabilities are due to how Microsoft Word handles objects in memory.

This security update is rated Critical for all supported editions of Microsoft Word 2007, Microsoft Office 2010, Microsoft Word 2010, Microsoft Word 2013, Microsoft Word 2013 RT, Microsoft Office for Mac 2011, Microsoft Word Viewer, Microsoft Office Compatibility Pack, and for affected Microsoft Office services and Web Apps on supported editions of Microsoft SharePoint Server 2010, Microsoft SharePoint Server 2013, and Microsoft Office Web Apps Server 2013.


MS14-082
Important
CVE-2014-6364
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution

This security update resolves one privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a specially crafted file is opened in an affected edition of Microsoft Office. This vulnerability is similar to the MS Word memory vulnerabilities in MS14-081, but affects all Office documents.

This security update is rated Important for all supported editions of Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2013 RT.


MS14-083
Important
CVE-2014-6360, CVE-2014-6361
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution

This security update resolves two privately reported vulnerabilities in Microsoft Excel. The vulnerabilities could allow remote code execution if an attacker convinces a user to open or preview a specially crafted Microsoft Excel file in an affected version of Microsoft Office software. Like MS14-080 and MS14-082 this vulnerability is due to memory mismanagement.

This security update is rated Important for all supported editions of Microsoft Excel 2007, Microsoft Excel 2010, Microsoft Excel 2013, Microsoft Excel 2013 RT, Microsoft Office Excel Viewer, and Microsoft Office Compatibility Pack.


MS14-084
Critical
CVE-2014-6363
Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution

This security update resolves a privately reported vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website with Internet Explorer. It could also be exploited via a specially crafted Office document designed to invoke the IE rendering engine. The security update addresses the vulnerability by modifying how the VBScript scripting engine handles objects in memory.

This security update is rated Critical for affected versions of the VBScript scripting engine on affected Windows clients and Moderate for affected versions of the VBScript scripting engine on affected Windows servers.


MS14-085
Important
CVE-2014-6355
Vulnerability in Microsoft Graphics Component Could Allow Information Disclosure

This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user browses to a website containing specially crafted JPEG content. An attacker could use this information disclosure vulnerability to gain information about the system that could then be combined with other attacks to compromise the system. The information disclosure vulnerability by itself does not allow arbitrary code execution. However, an attacker could use this information disclosure vulnerability in conjunction with another vulnerability to bypass security features such as Address Space Layout Randomization (ASLR).

This security update is rated Important for all supported releases of Microsoft Windows.

Latest SpiderLabs Blogs

Search & Spoof: Abuse of Windows Search to Redirect to Malware

Trustwave SpiderLabs has detected a sophisticated malware campaign that leverages the Windows search functionality embedded in HTML code to deploy malware. We found the threat actors utilizing a...

Read More

The Sentinel’s Watch: Building a Security Reporting Framework

Imagine being on shift as the guard of a fortress. Your job is to identify threats as they approach the perimeter. The more methods you have for detecting those threats, the better your chances of...

Read More

Fake Advanced IP Scanner Installer Delivers Dangerous CobaltStrike Backdoor

During a recent client investigation, Trustwave SpiderLabs found a malicious version of the Advanced IP Scanner installer, which contained a backdoored DLL module. Our client had been searching for...

Read More