Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.0315 Cumulative Security Update for Internet Explorer (2925418) 12 March 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Internet Explorer 6 Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 Internet Explorer 10 Internet Explorer 11 Publisher: Microsoft Operating System: Windows XP Windows Server 2003 Windows Vista Windows Server 2008 Windows 7 Windows Server 2008 R2 Windows 8 Windows Server 2012 Windows RT Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2014-0324 CVE-2014-0322 CVE-2014-0321 CVE-2014-0314 CVE-2014-0313 CVE-2014-0312 CVE-2014-0311 CVE-2014-0309 CVE-2014-0308 CVE-2014-0307 CVE-2014-0306 CVE-2014-0305 CVE-2014-0304 CVE-2014-0303 CVE-2014-0302 CVE-2014-0299 CVE-2014-0298 CVE-2014-0297 Reference: ESB-2014.0213 Original Bulletin: http://technet.microsoft.com/en-us/security/bulletin/ms14-012 - --------------------------BEGIN INCLUDED TEXT-------------------- Microsoft Security Bulletin MS14-012 - Critical Cumulative Security Update for Internet Explorer (2925418) Published Date: March 11, 2014 Version: 1.0 General Information Executive Summary This security update resolves one publicly disclosed vulnerability and seventeen privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 on affected Windows clients, and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 on affected Windows servers. Affected Software Internet Explorer 6 Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 Internet Explorer 10 Internet Explorer 11 Vulnerability Information Multiple Memory Corruption Vulnerabilities in Internet Explorer Remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Internet Explorer Memory Corruption Vulnerability CVE-2014-0297 Internet Explorer Memory Corruption Vulnerability CVE-2014-0298 Internet Explorer Memory Corruption Vulnerability CVE-2014-0299 Internet Explorer Memory Corruption Vulnerability CVE-2014-0302 Internet Explorer Memory Corruption Vulnerability CVE-2014-0303 Internet Explorer Memory Corruption Vulnerability CVE-2014-0304 Internet Explorer Memory Corruption Vulnerability CVE-2014-0305 Internet Explorer Memory Corruption Vulnerability CVE-2014-0306 Internet Explorer Memory Corruption Vulnerability CVE-2014-0307 Internet Explorer Memory Corruption Vulnerability CVE-2014-0308 Internet Explorer Memory Corruption Vulnerability CVE-2014-0309 Internet Explorer Memory Corruption Vulnerability CVE-2014-0311 Internet Explorer Memory Corruption Vulnerability CVE-2014-0312 Internet Explorer Memory Corruption Vulnerability CVE-2014-0313 Internet Explorer Memory Corruption Vulnerability CVE-2014-0314 Internet Explorer Memory Corruption Vulnerability CVE-2014-0321 Internet Explorer Memory Corruption Vulnerability CVE-2014-0322 Internet Explorer Memory Corruption Vulnerability CVE-2014-0324 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUx+cgBLndAQH1ShLAQLzhhAAroQH4qIqozdtSETGjRg2MiQN8rDBjJWk 3bGj9KxCj42V+EQ6zrgBKhFRCH/v6KkvfvTT/T0ag64zNVVcWypX0XArK1OJ0rNA zSSm5GASqy1IEdfbPK8tt4x6T/BNJHc5B0snjvlX/fFB1wMfV7t/RDzgUmMD1yY3 O3C0hN4NsEWO6iWVFq4sdZXP7h9sb17hwP+vEjqES3EK+bIN2kSaRTurLsNehJFu ulR13g6PGfJSMlLyg/HChSQMegqrcTuHJl2dJCGE8p0ghEz8iS3/7Fr37rlc18rf vHNpwXvdyTPAe73DHdPH1CMp98zRDwDmV+nrcadkqLQNNzlnYhm56lDRJr8obdBS 58757apsSz7VAD8n5F/IqulAXw4Mv7L5/XISSj7mtEHc6hsF9SdbHLdkVeyq/eK2 nBhyqc5BH6qlc/3Dk9Q6LNZdJq1FOX65jetUSbVxp1NFl5MewO7NKIQpIvQc7sNn oer1OokTRkDBn9otKsF11U33t+jOaX0UGiS2Vu3iBed1bSQX34IqzFS5Kxws4fPU blf+sn2Jjw/c/62myUZIOA0pGlEg2V+53mlrajBP+BznvZdja+Q3KOkN4XgXGBUH usfQg0Z9hoVAI5B6/totph2EJRyX6sUz1I7pr0Ls/o2QmAmIZvVsjjULEoWWBJoz 9VUFFSxHX2c= =QSG1 -----END PGP SIGNATURE-----