Cyber Security Notifications: New Vulnerabilities of September 2014

New Microsoft vulnerabilities of September 10, 2014

Denial of service in the Microsoft Lync Server

Privilege escalation in the Microsoft Windows Task Manager

Denial of service in Microsoft .NET Framework

Multiple vulnerabilities in Microsoft Internet Explorer

#1. Denial of service in the Microsoft Lync Server

Danger: High

Availability Corrections: Yes

Number of vulnerabilities: 1

CVSSv2 Rating: (AV: N / AC: L / Au: N / C: N / I: N / A: C / E: U / RL: O / RC: C) = Base: 7.8 / Temporal: 5.8

CVE ID: CVE-2014-4068

Vector operation: Remote

Impact: Denial of service

Affected Products: Microsoft Lync Server 2010, Microsoft Lync Server 2013

Affected versions: Microsoft Lync Server 2013 2010b

Vulnerability Description:

The vulnerability allows a remote user to cause a denial of service.

The vulnerability is caused due to an unspecified error. This can be exploited to crash the Microsoft Lync Server.

Solution: Install the hotfix from the manufacturer.

Solution: Install the hotfix from the manufacturer. Manufacturer URL: www.microsoft.com

Links: https://technet.microsoft.com/library/security/MS14-055

#2. Local privilege escalation vulnerability in the Microsoft Windows Task Manager

Danger: Low

Availability Corrections: Yes

Number of vulnerabilities: 1

CVSSv2 Rating: (AV: L / AC: L / Au: N / C: C / I: C / A: C / E: U / RL: O / RC: C) = Base: 7.2 / Temporal: 5.3

CVE ID: CVE-2014-4074

Vector operation: Local

Impact: System Compromise

Affected Products: Microsoft Windows 8, 8.1, RT, RT 8.1, Server 2012

Affected versions: Microsoft Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows 2012, Windows 2012 R2

Vulnerability Description:

This vulnerability could allow a local user to elevate their privileges on the system.

The vulnerability is due to the fact that the Windows Task Manager does not properly validate privileges problems. A local user can use Task Manager to gain administrative access to the system.

Solution: Install the hotfix from the manufacturer.

Solution: Install the hotfix from the manufacturer. Manufacturer URL: www.microsoft.com

Links: https: //technet.microsoft.com/library/security/MS14-054

#3. Denial of service in Microsoft .NET Framework

Danger: High

Availability Corrections: Yes

Number of vulnerabilities: 1

CVSSv2 Rating: (AV: N / AC: L / Au: N / C: N / I: N / A: C / E: U / RL: O / RC: C) = Base: 7.8 / Temporal: 5.8

CVE ID: CVE-2014-4072

Vector operation: Remote

Impact: Denial of service

Affected Products: Microsoft Windows Server 2003 Standard Edition, Server 2003, Web Edition, Storage Server 2003, Server 2003, Enterprise Edition, Server 2003, Datacenter Edition, Windows Vista, Windows 7, 8, 8.1, Windows Server 2008, Server 2012, Windows RT, RT 8.1

Affected versions: Microsoft Windows 2003, Vista, Windows 7, 8, 8.1, 2008, 2008 R2, Windows RT, RT 8.1, Windows 2012, 2012 R2

Description:

The vulnerability allows a remote user to cause a denial of service.

The vulnerability is caused due to an error when processing queries in Microsoft .NET Framework, leading to conflicts of hashes. A remote user can cause the system to consume huge amounts of resources and denial of service.

Solution: Install the hotfix from the manufacturer.

Solution: Install the hotfix from the manufacturer. Manufacturer URL: www.microsoft.com

Links: https: //technet.microsoft.com/library/security/MS14-053

Multiple vulnerabilities in Microsoft Internet Explorer

Danger: High

Availability Corrections: Yes

Number of vulnerabilities: 37

CVSSv2 Rating: (V: N / AC: L / Au: N / C: P / I: N / A: N / E: H / RL: OF / RC: C) =

Vector operation: Remote

Impact: Disclosure of system data and system compromise

Affected Products: Microsoft Internet Explorer 6.x 7.x, 8.x, 9.x, 10.x, 11.x

Affected versions: Microsoft Internet Explorer 6.x, 7.x, 8.x, 9.x, 10.x, 11.x

Description:

Discovered vulnerabilities allow a remote user to gain access to sensitive information and compromise a vulnerable system.

1. The vulnerability is due to an error in the XMLDOM ActiveX component. This can be exploited via a specially crafted web-site to get information about the software installed on the system and bypass antivirus detection of malicious code.

Note: there are cases of exploitation of this vulnerability.

2. detected 36 vulnerabilities, memory corruption. This can be exploited via a specially crafted web-site to execute arbitrary code on the target system.

Solution: Install the hotfix from the manufacturer.

Solution: Install the hotfix from the manufacturer. Manufacturer URL: www.microsoft.com

Links: https: //technet.microsoft.com/library/security/MS14-052