• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Vulnerabilities   »   November Patch Tuesday: Microsoft Rolls Out 14 Security Bulletins

November Patch Tuesday: Microsoft Rolls Out 14 Security Bulletins

  • Posted on:November 11, 2014 at 6:50 pm
  • Posted in:Vulnerabilities
  • Author:
    Bernadette Irinco (Technical Communications)
0

Patch-Tuesday_gray14 security bulletins addressing vulnerabilities in Internet Explorer, Microsoft Office, Microsoft Windows, Microsoft Windows Object Linking and Embedding (OLE), and Microsoft .NET Framework among others. Out of these security bulletins, four are tagged as Critical and 8 are rated as Important.

One of the notable bulletins is MS14-065, which fixes several vulnerabilities in Internet Explorer. All supported versions of the browser are affected by these vulnerabilities, which could lead to remote code execution.

Another crucial bulletin is MS14-064 that resolves vulnerabilities in Microsoft Windows Object Linking and Embedding (OLE), including those covered in CVE-2014-6352, related to Sandworm attacks. This CVE was released because a new exploit reportedly bypassed the security update for CVE-2014-4114. Last October, Microsoft patched vulnerabilities in CVE-2014-4114, however, after a week new attacks leveraging these vulnerabilities were seen in the wild.

Server administrators should be especially concerned about MS14-066 as well. This vulnerability in Microsoft Schannel (the implementation of SSL/TLS in Windows) has a significant vulnerability that allows for attackers to run code on an effected system if specially crafted packets are sent to it. This attack can be compared to Shellshock, which could be exploited using a similar method.

Aside from Microsoft, Adobe also released a security update for Adobe Flash Player that could lead to an attacker taking control on the affected systems. As such, users are advised to update to the latest version of Adobe Flash Player.

Users are recommended to apply these patches immediately for these vulnerabilities. Trend Micro Deep Security and Office Scan with the Intrusion Defense Firewall (IDF) plugin protect user systems from threats that may leverage these vulnerabilities following DPI rules:

  • 1006324 – Windows OLE Automation Array Remote Code Execution Vulnerability (CVE-2014-6332)
  • 1006290 – Microsoft Windows OLE Remote Code Execution Vulnerability
  • 1006291 – Microsoft Windows OLE Remote Code Execution Vulnerability -1
  • 1006292 – Microsoft Windows OLE Remote Code Execution Vulnerability Over SMB
  • 1006294 – Microsoft Windows OLE Remote Code Execution Vulnerability Over WebDAV
  • 1006315 – Microsoft Windows OLE Remote Code Execution Vulnerability -2
  • 1006321 – Microsoft Internet Explorer Use After Free Vulnerability (CVE-2014-4143)
  • 1006330 – Microsoft Internet Explorer Clipboard Information Disclosure Vulnerability (CVE-2014-6323)
  • 1006332 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6337)
  • 1006329 – Microsoft Internet Explorer ASLR Bypass Vulnerability (CVE-2014-6339)
  • 1006333 – Microsoft Internet Explorer Cross-Domain Information Disclosure Vulnerability (CVE-2014-6340)
  • 1006334 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6341)
  • 1006331 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6342)
  • 1006340 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6343)
  • 1006341 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6344)
  • 1006338 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6347)
  • 1006335 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6348)
  • 1006336 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6351)
  • 1006337 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6353)
  • 1006327 – Microsoft Schannel Remote Code Execution Vulnerability (CVE-2014-6321)
  • 1006339 – Microsoft XML Core Services Remote Code Execution Vulnerability (CVE-2014-4118)
  • 1006323 – Microsoft Office Remote Code Execution Vulnerability (CVE-2014-6333)
  • 1006322 – Microsoft Office Bad Index Remote Code Execution Vulnerability (CVE-2014-6334)
  • 1006320 – Microsoft Office Invalid Pointer Remote Code Execution Vulnerability (CVE-2014-6335)
  • 1000552 – Generic Cross Site Scripting(XSS) Prevention
  • 1001126 – DNS Domain Blocker

For more information on the bulletins and its corresponding Trend Micro solutions, visit the Threat Encyclopedia Page.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: Internet ExplorerMicrosoftNovemberPatch TuesdaySchannel

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.