Feed aggregator

TA14-295A: Crypto Ransomware

US-CERT Security Alerts - Wed, 10/22/2014 - 13:28
Original release date: October 22, 2014 | Last revised: October 24, 2014
Systems Affected

Microsoft Windows

Overview

Ransomware is a type of malicious software (malware) that infects a computer and restricts access to it until a ransom is paid to unlock it. This Alert is the result of Canadian Cyber Incident Response Centre (CCIRC) analysis in coordination with the United States Department of Homeland Security (DHS) to provide further information about crypto ransomware, specifically to:

  • Present its main characteristics, explain the prevalence of ransomware, and the proliferation of crypto ransomware variants; and
  • Provide prevention and mitigation information.
Description WHAT IS RANSOMWARE?

Ransomware is a type of malware that infects a computer and restricts a user’s access to the infected computer. This type of malware, which has now been observed for several years, attempts to extort money from victims by displaying an on-screen alert. These alerts often state that their computer has been locked or that all of their files have been encrypted, and demand that a ransom is paid to restore access. This ransom is typically in the range of $100–$300 dollars, and is sometimes demanded in virtual currency, such as Bitcoin.

Ransomware is typically spread through phishing emails that contain malicious attachments and drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and malware is downloaded and installed without their knowledge. Crypto ransomware, a variant that encrypts files, is typically spread through similar methods, and has been spread through Web-based instant messaging applications.

WHY IS IT SO EFFECTIVE?

The authors of ransomware instill fear and panic into their victims, causing them to click on a link or pay a ransom, and inevitably become infected with additional malware, including messages similar to those below:

  • “Your computer has been infected with a virus. Click here to resolve the issue.”
  • “Your computer was used to visit websites with illegal content. To unlock your computer, you must pay a $100 fine.”
  • “All files on your computer have been encrypted. You must pay this ransom within 72 hours to regain access to your data.”
PROLIFERATION OF VARIANTS

In 2012, Symantec, using data from a command and control (C2) server of 5,700 computers compromised in one day, estimated that approximately 2.9 percent of those compromised users paid the ransom. With an average ransom of $200, this meant malicious actors profited $33,600 per day, or $394,400 per month, from a single C2 server. These rough estimates demonstrate how profitable ransomware can be for malicious actors.

This financial success has likely led to a proliferation of ransomware variants. In 2013, more destructive and lucrative ransomware variants were introduced including Xorist, CryptorBit, and CryptoLocker. Some variants encrypt not just the files on the infected device but also the contents of shared or networked drives. These variants are considered destructive because they encrypt user’s and organization’s files, and render them useless until criminals receive a ransom.

Additional variants observed in 2014 included CryptoDefense and Cryptowall, which are also considered destructive. Reports indicate that CryptoDefense and Cryptowall share the same code, and that only the name of malware itself is different. Similar to CryptoLocker, these variants also encrypt files on the local computer, shared network files, and removable media.

LINKS TO OTHER TYPES OF MALWARE

Systems infected with ransomware are also often infected with other malware. In the case of CryptoLocker, a user typically becomes infected by opening a malicious attachment from an email. This malicious attachment contains Upatre, a downloader, which infects the user with GameOver Zeus. GameOver Zeus is a variant of the Zeus Trojan that steals banking information and is also used to steal other types of data. Once a system is infected with GameOver Zeus, Upatre will also download CryptoLocker. Finally, CryptoLocker encrypts files on the infected system, and requests that a ransom be paid.

The close ties between ransomware and other types of malware were demonstrated through the recent botnet disruption operation against GameOver Zeus, which also proved effective against CryptoLocker. In June 2014, an international law enforcement operation successfully weakened the infrastructure of both GameOver Zeus and CryptoLocker.

Impact

Ransomware doesn’t only target home users; businesses can also become infected with ransomware, which can have negative consequences, including:

  • Temporary or permanent loss of sensitive or proprietary information;
  • Disruption to regular operations;
  • Financial losses incurred to restore systems and files; and
  • Potential harm to an organization’s reputation.

Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed.

Solution

Infections can be devastating to an individual or organization, and recovery can be a difficult process that may require the services of a reputable data recovery specialist.

US-CERT and CCIRC recommend users and administrators take the following preventive measures to protect their computer networks from ransomware infection:

  • Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.
  • Maintain up-to-date anti-virus software.
  • Keep your operating system and software up-to-date with the latest patches.
  • Do not follow unsolicited web links in email. Refer to the Security Tip Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
  • Use caution when opening email attachments. For information on safely handling email attachments, see Recognizing and Avoiding Email Scams.
  • Follow safe practices when browsing the web. See Good Security Habits and Safeguarding Your Data for additional details.

Individuals or organizations are not encouraged to pay the ransom, as this does not guarantee files will be released. Report instances of fraud to the FBI at the Internet Crime Complaint Center or contact the CCIRC .

References Revision History
  • October 22, 2014: Initial Release
  • October 24, 2014: Minor edit to the reference section

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Security Alerts

TA14-290A: SSL 3.0 Protocol Vulnerability and POODLE Attack

US-CERT Security Alerts - Fri, 10/17/2014 - 08:27
Original release date: October 17, 2014 | Last revised: October 20, 2014
Systems Affected

All systems and applications utilizing the Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers may be vulnerable. However, the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack demonstrates this vulnerability using web browsers and web servers, which is one of the most likely exploitation scenarios.

Overview

US-CERT is aware of a design vulnerability found in the way SSL 3.0 handles block cipher mode padding. The POODLE attack demonstrates how an attacker can exploit this vulnerability to decrypt and extract information from inside an encrypted transaction.

Description

The SSL 3.0 vulnerability stems from the way blocks of data are encrypted under a specific type of encryption algorithm within the SSL protocol. The POODLE attack takes advantage of the protocol version negotiation feature built into SSL/TLS to force the use of SSL 3.0 and then leverages this new vulnerability to decrypt select content within the SSL session. The decryption is done byte by byte and will generate a large number of connections between the client and server.

While SSL 3.0 is an old encryption standard and has generally been replaced by Transport Layer Security (TLS) (which is not vulnerable in this way), most SSL/TLS implementations remain backwards compatible with SSL 3.0 to interoperate with legacy systems in the interest of a smooth user experience. Even if a client and server both support a version of TLS the SSL/TLS protocol suite allows for protocol version negotiation (being referred to as the “downgrade dance” in other reporting). The POODLE attack leverages the fact that when a secure connection attempt fails, servers will fall back to older protocols such as SSL 3.0. An attacker who can trigger a connection failure can then force the use of SSL 3.0 and attempt the new attack. [1]

Two other conditions must be met to successfully execute the POODLE attack: 1) the attacker must be able to control portions of the client side of the SSL connection (varying the length of the input) and 2) the attacker must have visibility of the resulting ciphertext. The most common way to achieve these conditions would be to act as Man-in-the-Middle (MITM), requiring a whole separate form of attack to establish that level of access.

These conditions make successful exploitation somewhat difficult. Environments that are already at above-average risk for MITM attacks (such as public WiFi) remove some of those challenges.

Impact

The POODLE attack can be used against any system or application that supports SSL 3.0 with CBC mode ciphers. This affects most current browsers and websites, but also includes any software that either references a vulnerable SSL/TLS library (e.g. OpenSSL) or implements the SSL/TLS protocol suite itself. By exploiting this vulnerability in a likely web-based scenario, an attacker can gain access to sensitive data passed within the encrypted web session, such as passwords, cookies and other authentication tokens that can then be used to gain more complete access to a website (impersonating that user, accessing database content, etc.).

Solution

There is currently no fix for the vulnerability SSL 3.0 itself, as the issue is fundamental to the protocol; however, disabling SSL 3.0 support in system/application configurations is the most viable solution currently available.

Some of the same researchers that discovered the vulnerability also developed a fix for one of the prerequisite conditions; TLS_FALLBACK_SCSV is a protocol extension that prevents MITM attackers from being able to force a protocol downgrade. OpenSSL has added support for TLS_FALLBACK_SCSV to their latest versions and recommend the following upgrades: [2]

  • OpenSSL 1.0.1 users should upgrade to 1.0.1j.
  • OpenSSL 1.0.0 users should upgrade to 1.0.0o.
  • OpenSSL 0.9.8 users should upgrade to 0.9.8zc.

Both clients and servers need to support TLS_FALLBACK_SCSV to prevent downgrade attacks.

Other SSL 3.0 implementations are most likely also affected by POODLE. Contact your vendor for details. Additional vendor information may be available in the National Vulnerability Database (NVD) entry for CVE-2014-3566 [3] or in CERT Vulnerability Note VU#577193. [4]

References Revision History
  • October 17, 2014 Initial Release
  • October 20, 2014 Added CERT Vulnerability Note VU#577193 to the Solution section

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Security Alerts

MS14-060 - Important: Vulnerability in Windows OLE Could Allow Remote Code Execution (3000869) - Version: 1.1

Microsoft Security Notifications - Wed, 10/15/2014 - 23:00
Severity Rating: Important
Revision Note: V1.1 (October 16, 2014): Corrected Updates Replaced entries in the Affected Software table for Windows 7 and Windows 2008 R2. This is an informational change only. Customers who have already successfully installed the update do not have to take any action.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a Microsoft Office file that contains a specially crafted OLE object. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Categories: Security Alerts

MS14-057 - Critical: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414) - Version: 1.0

Microsoft Security Notifications - Mon, 10/13/2014 - 23:00
Severity Rating: Critical
Revision Note: V1.0 (October 14, 2014): Bulletin published.
Summary: This security update resolves three privately reported vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow remote code execution if an attacker sends a specially crafted URI request containing international characters to a .NET web application, causing ASP.NET to generate incorrectly constructed URIs. In .NET 4.0 applications, the vulnerable functionality (iriParsing) is disabled by default; for the vulnerability to be exploitable an application has to explicitly enable this functionality. In .NET 4.5 applications, iriParsing is enabled by default and cannot be disabled.
Categories: Security Alerts

MS14-058 - Critical: Vulnerabilities in Kernel-Mode Driver Could Allow Remote Code Execution (3000061) - Version: 1.0

Microsoft Security Notifications - Mon, 10/13/2014 - 23:00
Severity Rating: Critical
Revision Note: V1.0 (October 14, 2014): Bulletin published.
Summary:
Categories: Security Alerts

MS14-062 - Important: Vulnerability in Message Queuing Service Could Allow Elevation of Privilege (2993254) - Version: 1.0

Microsoft Security Notifications - Mon, 10/13/2014 - 23:00
Severity Rating: Important
Revision Note: V1.0 (October 14, 2014): Bulletin published.
Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker sends a specially crafted input/output control (IOCTL) request to the Message Queuing service. Successful exploitation of this vulnerability could lead to full access of the affected system. By default, the Message Queuing component is not installed on any affected operating system edition and can only be enabled by a user with administrative privileges. Only customers who manually enable the Message Queuing component are likely to be vulnerable to this issue.
Categories: Security Alerts

MS14-059 - Important: Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass (2990942) - Version: 1.0

Microsoft Security Notifications - Mon, 10/13/2014 - 23:00
Severity Rating: Important
Revision Note: V1.0 (October 14, 2014): Bulletin published.
Summary: This security update resolves a publicly disclosed vulnerability in ASP.NET MVC. The vulnerability could allow security feature bypass if an attacker convinces a user to click a specially crafted link or to visit a webpage that contains specially crafted content designed to exploit the vulnerability. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through a web browser, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit these vulnerabilities. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes them to the attacker's website, or by getting them to open an attachment sent through email.
Categories: Security Alerts

MS14-056 - Critical: Cumulative Security Update for Internet Explorer (2987107) - Version: 1.0

Microsoft Security Notifications - Mon, 10/13/2014 - 23:00
Severity Rating: Critical
Revision Note: V1.0 (October 14, 2014): Bulletin published.
Summary: This security update resolves fourteen privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Categories: Security Alerts

MS14-063 - Important: Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege (2998579) - Version: 1.0

Microsoft Security Notifications - Mon, 10/13/2014 - 23:00
Severity Rating: Important
Revision Note: V1.0 (October 14, 2014): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. An elevation of privilege vulnerability exists in the way the Windows FASTFAT system driver interacts with FAT32 disk partitions. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated privileges.
Categories: Security Alerts

MS14-061 - Important: Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434) - Version: 1.0

Microsoft Security Notifications - Mon, 10/13/2014 - 23:00
Severity Rating: Important
Revision Note: V1.0 (October 14, 2014): Bulletin published.
Summary: This security update resolves one privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if an attacker convinces a user to open a specially crafted Microsoft Word file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Categories: Security Alerts

MS14-042 - Moderate: Vulnerability in Microsoft Service Bus Could Allow Denial of Service (2972621) - Version: 2.0

Microsoft Security Notifications - Mon, 10/13/2014 - 23:00
Severity Rating: Moderate
Revision Note: V2.0 (October 14, 2014): Bulletin rereleased to announce the offering of the security update via Microsoft Update, in addition to the Download-Center-only option that was provided when this bulletin was originally released.
Summary: This security update resolves one publicly disclosed vulnerability in Microsoft Service Bus for Windows Server. The vulnerability could allow denial of service if a remote authenticated attacker creates and runs a program that sends a sequence of specially crafted Advanced Message Queuing Protocol (AMQP) messages to the target system. Microsoft Service Bus for Windows Server is not shipped with any Microsoft operating system. For an affected system to be vulnerable Microsoft Service Bus must first be downloaded, installed, and configured, and then its configuration details (farm certificate) shared with other users.
Categories: Security Alerts

MS14-051 - Critical: Cumulative Security Update for Internet Explorer (2976627) - Version: 1.1

Microsoft Security Notifications - Tue, 10/07/2014 - 23:00
Severity Rating: Critical
Revision Note: V1.1 (October 8, 2014): Corrected the severity table and vulnerability information to add CVE-2014-4145 as a vulnerability addressed by this update. This is an informational change only. Customers who have already successfully installed the update do not have to take any action.
Summary: This security update resolves one publicly disclosed and twenty-five privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Categories: Security Alerts

MS14-030 - Important: Vulnerability in Remote Desktop Could Allow Tampering (2969259) - Version: 1.3

Microsoft Security Notifications - Wed, 10/01/2014 - 23:00
Severity Rating: Important
Revision Note: V1.3 (October 2, 2014): Bulletin revised to clarify the conditions under which Windows 7 editions are affected. See the Update FAQ for more information.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow tampering if an attacker gains access to the same network segment as the targeted system during an active RDP session, and then sends specially crafted RDP packets to the targeted system.
Categories: Security Alerts

TA14-268A: GNU Bourne-Again Shell (Bash) ‘Shellshock’ Vulnerability (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277 and CVE 2014-6278)

US-CERT Security Alerts - Thu, 09/25/2014 - 08:56
Original release date: September 25, 2014 | Last revised: September 30, 2014
Systems Affected
  • GNU Bash through 4.3.
  • Linux and Mac OS X systems, on which Bash is part of the base operating system.
  • Any BSD or UNIX system on which GNU Bash has been installed as an add-on.
  • Any UNIX-like operating system on which the /bin/sh interface is implemented as GNU Bash.
Overview

A critical vulnerability has been reported in the GNU Bourne-Again Shell (Bash), the common command-line shell used in many Linux/UNIX operating systems and Apple’s Mac OS X. The flaw could allow an attacker to remotely execute shell commands by attaching malicious code in environment variables used by the operating system [1]. The United States Department of Homeland Security (DHS) is releasing this Technical Alert to provide further information about the GNU Bash vulnerability.

Description

GNU Bash versions 1.14 through 4.3 contain a flaw that processes commands placed after function definitions in the added environment variable, allowing remote attackers to execute arbitrary code via a crafted environment which enables network-based exploitation. [2, 3]

Critical instances where the vulnerability may be exposed include: [4, 5]

  • Apache HTTP Server using mod_cgi or mod_cgid scripts either written in bash, or spawn GNU Bash subshells, or on any system where the /bin/sh interface is implemented using GNU Bash.
  • Override or Bypass ForceCommand feature in OpenSSH sshd and limited protection for some Git and Subversion deployments used to restrict shells and allows arbitrary command execution capabilities. This data path is vulnerable on systems where the /bin/sh interface is implemented using GNU Bash.
  • Allow arbitrary commands to run on a DHCP client machine.
Impact

This vulnerability is classified by industry standards as “High” impact with CVSS Impact Subscore 10 and “Low” on complexity, which means it takes little skill to perform. This flaw allows attackers who can provide specially crafted environment variables containing arbitrary commands to execute on vulnerable systems. It is especially dangerous because of the prevalent use of the Bash shell and its ability to be called by an application in numerous ways.

Solution

Initial solutions for Shellshock do not completely resolve the vulnerability. It is advised to install existing patches and pay attention for updated patches to address CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278. Red Hat has provided a support article [6] with updated information.

Many UNIX-like operating systems, including Linux distributions and Apple Mac OS X include Bash and are likely to be affected. Contact your vendor for updated information. A list of vendors can be found in CERT Vulnerability Note VU#252743 [7].

US-CERT recommends system administrators review the vendor patches and the NIST Vulnerability Summaries for CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277 and CVE-2014-6278 to mitigate damage caused by the exploit.

References Revision History
  • September 25, 2014 - Initial Release
  • September 26, 2014 - Minor Revisions
  • September 30, 2014 - Update to include additional CVE information

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Security Alerts

MS14-049 - Important: Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (2962490) - Version: 1.2

Microsoft Security Notifications - Tue, 09/23/2014 - 23:00
Severity Rating: Important
Revision Note: V1.2 (September 24, 2014): Bulletin revised to change Known issues entry in the Knowledge Base Article section from None to Yes.
Summary: This security update resolves a privately disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application that attempts to repair a previously-installed application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Categories: Security Alerts

MS14-009 - Important: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege - Version: 1.3

Microsoft Security Notifications - Tue, 09/23/2014 - 23:00
Severity Rating: Important
Revision Note: V1.3 (September 24, 2014): Bulletin revised to correct a missing Server Core installation entry in the Affected Software table for Microsoft .NET Framework 4 when installed on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (2898855). This is an informational change only. Customers running this affected software on Server Core installations who have already applied the 2898855 update do not need to take any action. Customers running this affected software on Server Core installations who have not already installed the update should do so to be protected from the vulnerabilities addressed in this bulletin.
Summary: This security update resolves two publicly disclosed vulnerabilities and one privately reported vulnerability in Microsoft .NET Framework. The most severe vulnerability could allow elevation of privilege if a user visits a specially crafted website or a website containing specially crafted web content. In all cases, however, an attacker would have no way to force users to visit such websites. Instead, an attacker would have to convince users to visit the compromised website, typically by getting them to click a link in an email message or in an Instant Messenger message that takes them to the attacker's website.
Categories: Security Alerts

MS14-055 - Important: Vulnerabilities in Microsoft Lync Server Could Allow Denial of Service (2990928) - Version: 3.0

Microsoft Security Notifications - Mon, 09/22/2014 - 23:00
Severity Rating: Important
Revision Note: V3.0 (September 23, 2014): Bulletin rereleased to announce the reoffering of the 2982385 security update file (server.msp) for Microsoft Lync Server 2010. See the Update FAQ for details.
Summary: This security update resolves three privately reported vulnerabilities in Microsoft Lync Server. The most severe of these vulnerabilities could allow information disclosure if user clicks on a specially crafted URL. In all cases, however, an attacker would have to convince users to click on the specially crafted URL, typically by getting them to click the URL in an email message or in an Instant Messenger request.
Categories: Security Alerts

MS14-046 - Important: Vulnerability in .NET Framework Could Allow Security Feature Bypass (2984625) - Version: 1.2

Microsoft Security Notifications - Thu, 09/18/2014 - 23:00
Severity Rating: Important
Revision Note: V1.2 (September 19, 2014): Updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes".
Summary: This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow security feature bypass if a user visits a specially crafted website. In a web-browsing attack scenario, an attacker who successfully exploited this vulnerability could bypass the Address Space Layout Randomization (ASLR) security feature, which helps protect users from a broad class of vulnerabilities. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, that could take advantage of the ASLR bypass to run arbitrary code.
Categories: Security Alerts

MS14-012 - Critical: Cumulative Security Update for Internet Explorer (2925418) - Version: 1.1

Microsoft Security Notifications - Wed, 09/17/2014 - 23:00
Severity Rating: Critical
Revision Note: V1.1 (September 18, 2014): Corrected the severity table and vulnerability information to add CVE-2014-4112 as a vulnerability addressed by this update. This is an informational change only. Customers who have already successfully installed the update do not have to take any action.
Summary: This security update resolves one publicly disclosed vulnerability and seventeen privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Categories: Security Alerts

MS14-053 - Important: Vulnerability in .NET Framework Could Allow Denial of Service (2990931) - Version: 1.1

Microsoft Security Notifications - Tue, 09/16/2014 - 23:00
Severity Rating: Important
Revision Note: V1.1 (September 17, 2014): V1.1 (September 17, 2014): Bulletin revised to clarify language in the Executive Summary, Mitigating Factors, and Vulnerability FAQ sections that describes the attack vector for CVE-2014-4072. This is an informational change only. Customers who have already successfully installed the update do not have to take any action.
Summary: This security update resolves one privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow denial of service if an attacker sends a small number of specially crafted requests to an affected .NET-enabled website. By default, ASP.NET is not installed when Microsoft .NET Framework is installed on any supported edition of Microsoft Windows. To be affected by the vulnerability, customers must manually install and enable ASP.NET by registering it with IIS.
Categories: Security Alerts
Syndicate content