Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

Microsoft Patch Tuesday, June 2014

June's Microsoft Patch Tuesday contains seven bulletins, including two rated "Critical" and five rated "Important". One of the two "Critical" bulletins is for Internet Explorer and contains patches for a massive fifty-nine CVEs, almost all of which are marked with a critical severity. This includes a patch for the "CMarkup Use-After-Free RCE Vulnerability" in Internet Explorer 8 (CVE-2014-1770). TippingPoint Zero Day Initiative released this advisory on May 21 without a patch from Microsoft. It's very rare for a security vendor to release any advisory when no patch is available. TippingPoint publicly disclosed the advisory after Microsoft missed a 180-day deadline set by TippingPoint.

Approximately a quarter of Internet Explorer installations are still on version 8. This is likely due to the fact that it is the most current version available for the retired Windows XP platform. With a majority of IE 8 users still running Windows XP, this means that neither an IE upgrade nor a patch will be available to most users.


MS14-030 (KB2969259)
Vulnerability in Remote Desktop Could Allow Tampering

This vulnerability affects systems that use Microsoft's Remote Desktop service. An attacker sitting on the same network as either the client or the server could create specially crafted traffic to tamper with an existing RDP session. Since the patch enhances RDP session encryption by implementing DTLS, the weakness appears to be in the existing encryption schemes.

Affects Windows 7, Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2


MS14-031 (KB2962478)
Vulnerabillity in TCP Protocol Could Allow Denial of Service

A vulnerability in Microsoft's implementation of the TCP/IP stack could allow an attacker to perform a Denial of Serivce attack.

Affects all supported editions of Microsoft Windows


MS14-032 (KB2969258)
Vulnerability in Microsoft Lync Could Allow Information Disclosure

This vulnerability in Microsoft Lync allows for information disclosure via a specially crafted URL. An attacker can create a URL with a valid Lync meeting ID that is improperly sanitized by the Lync Server. It could allow an attacker to execute JavaScript in the victim's browser resulting in a Cross Site Scripting attack.

Affects all supported editions of Microsoft Lync Server 2010 and Microsoft Lync Server 2013


MS14-033 (KB2966061)
Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure

An attacker can create a malicious website that forces Internet Explorer to invoke Microsoft XML. A vulnerability in XML Core Services could then be exploited that would allow the attacker to gather personal information about the logged on victim.

Affects all supported Microsoft Windows clients and Windows servers


MS14-034 (KB2969261)
Vulnerability in Microsoft Word Could Allow Remote Code Execution

This vulnerability in Word allows an attacker to create a malicious Word document that could result in remote code execution. The attacker would be able to execute, modify or delete files with the same permissions as the user.

Affects all supported editions of Microsoft Word 2007 and Microsoft Office Compatibility Pack


MS14-035 (KB2969262)
Cumulative Security Update for Internet Explorer
CVE-2014-0282, CVE-2014-1762, CVE-2014-1764, CVE-2014-1766, CVE-2014-1769, CVE-2014-1770, CVE-2014-1771, CVE-2014-1772, CVE-2014-1773, CVE-2014-1774, CVE-2014-1775, CVE-2014-1777, CVE-2014-1778, CVE-2014-1779, CVE-2014-1780, CVE-2014-1781, CVE-2014-1782, CVE-2014-1783, CVE-2014-1784, CVE-2014-1785, CVE-2014-1786, CVE-2014-1788, CVE-2014-1789, CVE-2014-1790, CVE-2014-1791, CVE-2014-1792, CVE-2014-1794, CVE-2014-1795, CVE-2014-1796, CVE-2014-1797, CVE-2014-1799, CVE-2014-1800, CVE-2014-1802, CVE-2014-1803, CVE-2014-1804, CVE-2014-1805, CVE-2014-2753, CVE-2014-2754, CVE-2014-2755, CVE-2014-2756, CVE-2014-2757, CVE-2014-2758, CVE-2014-2759, CVE-2014-2760, CVE-2014-2761, CVE-2014-2763, CVE-2014-2764, CVE-2014-2765, CVE-2014-2766,CVE-2014-2767, CVE-2014-2768, CVE-2014-2769, CVE-2014-2770, CVE-2014-2771, CVE-2014-2772, CVE-2014-2773

Did you catch all of those CVEs? This bulletin resolves 59 of them which is the largest bulletin so far this year. The majority of the updates address remote code execution vulnerabilities. One of them is the "CMarkup Use-After-Free RCE Vulnerability" mentioned earlier. Windows XP users will not be able to apply this patch or upgrade Internet Explorer to a non-vulnerable version. This should serve as a huge warning that they need to upgrade their operating system. For now, these users should stop using Internet Explorer as their web browser.

Affects Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11)


MS14-036 (KB2967487)
Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution
CVE-2014-1817, CVE-2014-1818

This bulletin covers two vulnerabilities. The first is in the Unicode Script Processor also known as Uniscribe. The vulnerability is in the way that Windows applications use Uniscribe to process complex fonts like Hebrew and Arabic. The second vulnerability is in GDI+, which improperly validates and processes a malformed image file. Both of these vulnerabilities would allow an attacker to execute arbitrary code with the same user rights as the victim.

Affects all supported editions of Windows, Microsoft Live Meeting 2007, Microsoft Lync 2010, Microsoft Lync 2013, Microsoft Office 2003, Microsoft Office 2007, and Microsoft Office 2010

Latest SpiderLabs Blogs

Welcome to Adventures in Cybersecurity: The Defender Series

I’m happy to say I’m done chasing Microsoft certifications (AZ104/AZ500/SC100), and as a result, I’ve had the time to put some effort into a blog series that hopefully will entertain and inform you...

Read More

Trustwave SpiderLabs: Insights and Solutions to Defend Educational Institutions Against Cyber Threats

Security teams responsible for defending educational institutions at higher education and primary school levels often find themselves facing harsh lessons from threat actors who exploit the numerous...

Read More

Breakdown of Tycoon Phishing-as-a-Service System

Just weeks after Trustwave SpiderLabs reported on the Greatness phishing-as-a-service (PaaS) framework, SpiderLabs’ Email Security team is tracking another PaaS called Tycoon Group.

Read More