Operating System:

[Win]

Published:

13 February 2014

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2014.0192
                               Boot Camp 5.1
                             13 February 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          Boot Camp
Publisher:        Apple
Operating System: Windows 7
                  Windows 8
Impact/Access:    Denial of Service -- Remote with User Interaction
Resolution:       Patch/Upgrade
CVE Names:        CVE-2014-1253  

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-02-11-1 Boot Camp 5.1

Boot Camp 5.1 is now available and addresses the following:

Boot Camp
Available for:  Macs running Boot Camp 5
Impact:  Loading a malformed executable file may cause memory
corruption in the kernel
Description:  A bounds checking issue existed in the AppleMNT.sys
driver's parsing of Portable Executable files. If a Portable
Executable file with a malformed header is loaded, this could cause a
Boot Camp driver to corrupt kernel memory. The issue was addressed
through improved bounds checking.
CVE-ID
CVE-2014-1253 : MJ0011 of 360 Security Center


Boot Camp 5.1 may be obtained via Apple Software Update or from:
http://support.apple.com/downloads/

Depending on your Mac model, the downloading file name is one of
the following two:

The download file name: BootCamp5.1.5621.zip
Its SHA-1 digest: 72c71be259474836c17ddd400aca2218660b8aac

The download file name: BootCamp5.1.5640.zip
Its SHA-1 digest: 2998a7881509a87b22abc6764379c0a33b6ced3a

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJS+rIpAAoJEPefwLHPlZEwM0gQAJ5Ffh3VoQKk/psQJN6ABJar
SbijQfk9eILkiO/XDMwrLKmj0183VS1N+xGzLaZqC0wDjwwwUHOJHUGK02+rRPCf
pI2NkZeaRJtGeSfC1LjDHbBhToJLY3JbGU8+NiZrWiFwcJMhyHvgcjWQwOvN2X9R
jNiHvo5kTBXboaCwBU9NRvWXDmWbCeWPCsAr0WYOsyCMT4fms/2NtygjiregAGBO
BL1kDf2BiF+1lcfGD/cQgOyYPrvOhBtIp6//5UhksFY2h90lHu7Dm6FTUKlUyTzh
qKVSro4FL87OA2opuPwAOsbX/96XZEgHlHs2mOy2dGkDCZ2LF6KjWARanSIixBFV
2ARsj6ck+O9S+8KBVGEFBPPKN0fNZ7Irhivv/rR+w1AZLMsbLvdGdm4CarrMEogX
daPXwiWnMNsWadMVMIeHpjdYprVw/vfIDCqBXwZfLnDeHxtHgMxyNx0uuXrBPDWu
HjrB8Uo0/MSp55QyOSY4DLhQWVTC9mNc5CKcMmnmOQtH4niGyXc+D7k2pa7dKHPY
NLggsaiNOKiTjUpcgGEOz191Q7vVDGpGCuV81C9k+AYMWToXnffGXYO62zk0NeIH
7sZ9feNCTZHLlFDF0v9KnnyXFLMTcgT0WXtw1RAcBY7UebcaBSS1ljyw45qGo+bA
3J/op5VbemkYblZScFvu
=Dlmy
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUvwrAxLndAQH1ShLAQK+ng//ebtDDm8rqVUgTlIYRFirISfhsCAeatBy
Csyp1ieHRq2c5kT4fFS17jyexLsJDHXFrTwXGkTQ6e1XMpnQHlKF0kSPVUldeKlo
adIOBPfp2UxkSruaG1jNZbQCrZ1we9jVZ3olsbY/+S5M7h/bB4YVUpni749qJ2y1
lvSZuk6ART2mdEfCPsWELtSbTPJ7oYSJgTBK0TcF+CMkoGu5vGETZ5xc+NfmpNqj
JYovDSdB7pRnlXh+QbZg493mb0a1xtwAW7B2iKMHS/8deVb8EopWhkf20FxuKfcW
GYSXoBErm5gb1cYqCexb8siAz2nCoN8+FE2u74mBygb4+thp/JV69HSVtx5qv58B
0fSEg2nJgIK40KjSBp5mMcuRoOT1vNZaRvuCNd3fAhlJPk7dSH9F3P0Wb2XpdkH8
mpuTKBECHPzjZOskerK73bpG2NzoJqHBPyIWZGQs5i+uuo98/Tqk3kI1EZeUhxjl
+fK9iUNyeISzjY06e+yKL9JIoy00wmYUChWwU1sVEg1W61vrYDxzWuptC043cBx5
fZYOIsYfp6Qtwacg+tWWA6Qf1yzZhrf2YKVPTcudmx9ivRy7CSeCApJEja7zZnF9
SWJRD1IN0kPnFOSpUONPPfNq/ZdMGrGorVHr5c7E1eaulGLn0lqg11TMVhb5p/cv
Ig55j5MdItc=
=XyMu
-----END PGP SIGNATURE-----