CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

Microsoft Patch Tuesday, March 2014

March's Patch Tuesday includes five bulletins, two rated "Critical" and three rated "Important". The first of the two "Critical" bulletins is MS14-012. This patch fixes many memory corruption vulnerabilities including a zeroday vulnerability in Internet Explorer being exploited in the wild.

Three other patches affect the Windows operating systems and probably represent the last patches we will see for the Windows XP platforms. Official support for Windows XP as well as Office 2003 is ending on April 8th and we recommend that users upgrade immediately. An update for Silverlight also marks the rare occasion where Patch Tuesday affects the Mac OS X platform.


MS14-012 (KB2925418)
Vulnerabilities in Internet Explorer
CVE-2014-0298, CVE-2014-0299, CVE-2014-0302, CVE-2014-0303, CVE-2014-0304, CVE-2014-0305, CVE-2014-0306, CVE-2014-0307, CVE-2014-0308, CVE-2014-0309, CVE-2014-0311, CVE-2014-0312, CVE-2014-0313, CVE-2014-0314, CVE-2014-0321, CVE-2014-0322, CVE-2014-0324

This bulletin covers 18 critical CVEs in Internet Explorer. All of them are memory corruption vulnerabilities. Researchers discovered one of them, CVE-2014-0322, as a part of an in-the-wild exploit targeting the vulnerability in Internet Explorer 10. Trustwave SpiderLabs' Rami Kogan wrote a technical breakdown of the vulnerability and how it is being exploited. You can read his technical breakdown here: CVE-2014-0324 has been exploited in-the-wild targeting installations of Internet Explorer 8.

This security update affects all versions of Internet Explorer 6 through 11.


MS14-013 (KB2929961)
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution

This vulnerability in Microsoft DirectShow could allow a specially crafted JPEG image to remotely execute arbitrary code. An attacker could host a malicious image on a website or in a document. Code will be executed as DirectShow parses the image and will occur using the same user rights as the current user.

This security update affects Windows XP, Vista, 7, 8, 8.1, RT as well as Windows Server 2003, 2008, 2012


MS14-014 (KB2932677)
Vulnerability in Silverlight Could Allow Security Feature Bypass

Silverlight is Microsoft's answer to Adobe's Flash technology in that it provides rich applications and content streaming over the Internet. The vulnerability allows an attacker to bypass memory security controls DEP (Data Execution Prevention) and Address Space Layout Randomization (ASLR). While the vulnerability alone doesn't allow for remote code execution, it could be combined with a separate remote code execution vulnerability in order to raise the success rate of an exploit. Since Silverlight is a cross-platform product, both Mac and Windows platforms will need to apply this patch. Users can verify which version they have installed by visiting:

This security update affects all versions of Silverlight prior to version 5.1.30214.0 on Mac and all supported releases of Microsoft Windows.


MS14-015 (KB2930275)
Vulnerabilities in Windows Kernel Mode Driver Could Allow Elevation of Privilege
CVE-2014-0300, CVE-2014-0323

This bulletin covers two CVEs that affect the Windows Kernel Mode Driver, Win32k.sys. CVE-2014-0300 is a privilege elevation vulnerability. If an attacker has a valid logged-in session they can execute a malicious application that will give them full administrative rights to the system. CVE-2014-0323 can allow improper disclosure of objects in memory.

This security update affects Windows XP, Vista, 7, 8, 8.1, RT as well as Windows Server 2003, 2008, 2012


MS14-016 (KB2934418)
Vulnerability in Microsoft Remote Protocol Could Allow Security Feature Bypass

This vulnerability exists in the Security Account Manager Remote (SAMR) protocol and allows an attacker to cause Windows to incorrectly validate user lockout states.

An attacker would exploit this vulnerability in conjunction with a brute force attack. By preventing a correct check on an account lockout state the attacker could try as many passwords as they like in order to breach a user's credentials.

This security update affects Windows XP and Vista as well as Windows Server 2003, 2008, 2012

Latest SpiderLabs Blogs

CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway

Overview A command injection vulnerability has been discovered in the GlobalProtect feature within Palo Alto Networks PAN-OS software for specific versions that have distinct feature configurations...

Read More


We all know the cybersecurity industry loves its acronyms, but just because this fact is widely known doesn’t mean everyone knows the story behind the alphabet soup groups of letters, we must deal...

Read More

Phishing Deception - Suspended Domains Reveal Malicious Payload for Latin American Region

Recently, we observed a phishing campaign targeting the Latin American region. The phishing email contained a ZIP file attachment that when extracted reveals an HTML file that leads to a malicious...

Read More