Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.2332 Cumulative Security Update for Internet Explorer (3008923) 9 December 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Internet Explorer Publisher: Microsoft Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2014-8966 CVE-2014-6376 CVE-2014-6375 CVE-2014-6374 CVE-2014-6373 CVE-2014-6369 CVE-2014-6368 CVE-2014-6366 CVE-2014-6365 CVE-2014-6330 CVE-2014-6329 CVE-2014-6328 CVE-2014-6327 Original Bulletin: https://technet.microsoft.com/library/security/ms14-080 - --------------------------BEGIN INCLUDED TEXT-------------------- Microsoft Security Bulletin MS14-080 - Critical Cumulative Security Update for Internet Explorer (3008923) Published: December 9, 2014 Version: 1.0 Executive Summary This security update resolves fourteen privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. This security update is rated Critical for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers. Affected Software Internet Explorer 6 Internet Explorer 7 Internet Explorer 8 Internet Explorer 9 Internet Explorer 10 Internet Explorer 11 Vulnerability Information Multiple Memory Corruption Vulnerabilities in Internet Explorer Remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory. Vulnerability title CVE number Publicly Exploited Disclosed Internet Explorer Memory CVE-2014-6327 No No Corruption Vulnerability Internet Explorer Memory CVE-2014-6329 No No Corruption Vulnerability Internet Explorer Memory CVE-2014-6330 No No Corruption Vulnerability Internet Explorer Memory CVE-2014-6366 No No Corruption Vulnerability Internet Explorer Memory CVE-2014-6369 No No Corruption Vulnerability Internet Explorer Memory CVE-2014-6373 No No Corruption Vulnerability Internet Explorer Memory CVE-2014-6374 No No Corruption Vulnerability Internet Explorer Memory CVE-2014-6375 No No Corruption Vulnerability Internet Explorer Memory CVE-2014-6376 No No Corruption Vulnerability Internet Explorer Memory CVE-2014-8966 No No Corruption Vulnerability Multiple XSS Filter Bypass Vulnerabilities in Internet Explorer XSS filter bypass vulnerabilities exist in the way that Internet Explorer disables an HTML attribute in otherwise appropriately filtered HTTP response data. The vulnerabilities could allow initially disabled scripts to run in the wrong security context, leading to information disclosure. Vulnerability title CVE number Publicly Exploited Disclosed Internet Explorer XSS Filter CVE-2014-6328 No No Bypass Vulnerability Internet Explorer XSS Filter CVE-2014-6365 No No Bypass Vulnerability Internet Explorer ASLR Bypass Vulnerability - CVE-2014-6368 A security feature bypass vulnerability exists when Internet Explorer does not use the Address Space Layout Randomization (ASLR) security feature, allowing an attacker to more reliably predict the memory offsets of specific instructions in a given call stack. This vulnerability could allow an attacker to bypass the Address Space Layout Randomization (ASLR) security feature, which helps protect users from a broad class of vulnerabilities. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, that could take advantage of the ASLR bypass to run arbitrary code. For example, a remote code execution vulnerability that is blocked by ASLR, could be exploited after a successful ASLR bypass. Vulnerability title CVE number Publicly Disclosed Exploited Internet Explorer ASLR CVE-2014-6368 No No Bypass Vulnerability - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVId5JxLndAQH1ShLAQJcCw/+Ir8/0AzQL2DmXYVhDkuL0EfcG7XiBVdj lxOvtUZXb/MKxTfthP9Y7CzM/Km0T+p9gsExDQLwawuIf2lUq0EWbNTbmOg8wIMp eCF4RhKRkUbTRuqTDxk84ydK87tcRYUPWiDwUvr/OUUdcf+6GQXevw8obxLgmv/E FAzHprKObjUbR4ZxPFjrCywtd+5nJs5SgC2F3+Iouv5g2I9OCeRGFXC4VvUSp9MX JY/0gbvSo6NUbIkcp4S9G7BvW8uTmP8y8tt9VGQGiUn/eSQqlbvlgqDQV4Jnrnhq ep0XV/KtFFuULBni6sxRjxVW9VReM0bktd1XmAIyBZuXeP/8CZ30NSgDsnQo071c 9Q2YeQYiPCRLnz2p30l16uY/0w/VdT7P+YSpWhmYzA9Xx7VW7zlRkaGRddbC7qQz mU3w6EPguNTFiZrePdfOPxPMcQgsIPhd/jLXA02hyGg7ez2e++wvrHEFfjqfXUWV x+RV2eCJgNjCuHz6NTcs90XpkzzmJemtuXKjSsJ5wl0jVQk3NdNYPFpgqoVs0TXl gd9+v7iDOPPdsWtctsdjI5F229ArKUMQ9JYcsOp/p2oJLwlUJVXWBaY+BzK0bvMY PT9VNTKGuQFKsjj2wfPth3soCSA2XCZ9csNTjh7NG7eodW68Fb7OVgdZ1Ns4jVsm mxYFKaVT38o= =BSgy -----END PGP SIGNATURE-----