Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2014.2332
Cumulative Security Update for Internet Explorer (3008923)
9 December 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Microsoft Internet Explorer
Publisher: Microsoft
Operating System: Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Reduced Security -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2014-8966 CVE-2014-6376 CVE-2014-6375
CVE-2014-6374 CVE-2014-6373 CVE-2014-6369
CVE-2014-6368 CVE-2014-6366 CVE-2014-6365
CVE-2014-6330 CVE-2014-6329 CVE-2014-6328
CVE-2014-6327
Original Bulletin:
https://technet.microsoft.com/library/security/ms14-080
- --------------------------BEGIN INCLUDED TEXT--------------------
Microsoft Security Bulletin MS14-080 - Critical
Cumulative Security Update for Internet Explorer (3008923)
Published: December 9, 2014
Version: 1.0
Executive Summary
This security update resolves fourteen privately reported vulnerabilities in
Internet Explorer. The most severe of these vulnerabilities could allow remote
code execution if a user views a specially crafted webpage using Internet
Explorer. An attacker who successfully exploited these vulnerabilities could
gain the same user rights as the current user. Customers whose accounts are
configured to have fewer user rights on the system could be less impacted than
those who operate with administrative user rights.
This security update is rated Critical for Internet Explorer 6 (IE 6),
Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9
(IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on
affected Windows clients, and Moderate for Internet Explorer 6 (IE 6),
Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9
(IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on
affected Windows servers.
Affected Software
Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Internet Explorer 9
Internet Explorer 10
Internet Explorer 11
Vulnerability Information
Multiple Memory Corruption Vulnerabilities in Internet Explorer
Remote code execution vulnerabilities exist when Internet Explorer improperly
accesses objects in memory. These vulnerabilities could corrupt memory in such
a way that an attacker could execute arbitrary code in the context of the
current user. The update addresses the vulnerabilities by modifying the way
that Internet Explorer handles objects in memory.
Vulnerability title CVE number Publicly Exploited
Disclosed
Internet Explorer Memory CVE-2014-6327 No No
Corruption Vulnerability
Internet Explorer Memory CVE-2014-6329 No No
Corruption Vulnerability
Internet Explorer Memory CVE-2014-6330 No No
Corruption Vulnerability
Internet Explorer Memory CVE-2014-6366 No No
Corruption Vulnerability
Internet Explorer Memory CVE-2014-6369 No No
Corruption Vulnerability
Internet Explorer Memory CVE-2014-6373 No No
Corruption Vulnerability
Internet Explorer Memory CVE-2014-6374 No No
Corruption Vulnerability
Internet Explorer Memory CVE-2014-6375 No No
Corruption Vulnerability
Internet Explorer Memory CVE-2014-6376 No No
Corruption Vulnerability
Internet Explorer Memory CVE-2014-8966 No No
Corruption Vulnerability
Multiple XSS Filter Bypass Vulnerabilities in Internet Explorer
XSS filter bypass vulnerabilities exist in the way that Internet Explorer
disables an HTML attribute in otherwise appropriately filtered HTTP response
data. The vulnerabilities could allow initially disabled scripts to run in the
wrong security context, leading to information disclosure.
Vulnerability title CVE number Publicly Exploited
Disclosed
Internet Explorer XSS Filter CVE-2014-6328 No No
Bypass Vulnerability
Internet Explorer XSS Filter CVE-2014-6365 No No
Bypass Vulnerability
Internet Explorer ASLR Bypass Vulnerability - CVE-2014-6368
A security feature bypass vulnerability exists when Internet Explorer does not
use the Address Space Layout Randomization (ASLR) security feature, allowing an
attacker to more reliably predict the memory offsets of specific instructions
in a given call stack. This vulnerability could allow an attacker to bypass the
Address Space Layout Randomization (ASLR) security feature, which helps protect
users from a broad class of vulnerabilities. The security feature bypass by
itself does not allow arbitrary code execution. However, an attacker could use
this ASLR bypass vulnerability in conjunction with another vulnerability, such
as a remote code execution vulnerability, that could take advantage of the ASLR
bypass to run arbitrary code. For example, a remote code execution
vulnerability that is blocked by ASLR, could be exploited after a successful
ASLR bypass.
Vulnerability title CVE number Publicly Disclosed Exploited
Internet Explorer ASLR CVE-2014-6368 No No
Bypass Vulnerability
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVId5JxLndAQH1ShLAQJcCw/+Ir8/0AzQL2DmXYVhDkuL0EfcG7XiBVdj
lxOvtUZXb/MKxTfthP9Y7CzM/Km0T+p9gsExDQLwawuIf2lUq0EWbNTbmOg8wIMp
eCF4RhKRkUbTRuqTDxk84ydK87tcRYUPWiDwUvr/OUUdcf+6GQXevw8obxLgmv/E
FAzHprKObjUbR4ZxPFjrCywtd+5nJs5SgC2F3+Iouv5g2I9OCeRGFXC4VvUSp9MX
JY/0gbvSo6NUbIkcp4S9G7BvW8uTmP8y8tt9VGQGiUn/eSQqlbvlgqDQV4Jnrnhq
ep0XV/KtFFuULBni6sxRjxVW9VReM0bktd1XmAIyBZuXeP/8CZ30NSgDsnQo071c
9Q2YeQYiPCRLnz2p30l16uY/0w/VdT7P+YSpWhmYzA9Xx7VW7zlRkaGRddbC7qQz
mU3w6EPguNTFiZrePdfOPxPMcQgsIPhd/jLXA02hyGg7ez2e++wvrHEFfjqfXUWV
x+RV2eCJgNjCuHz6NTcs90XpkzzmJemtuXKjSsJ5wl0jVQk3NdNYPFpgqoVs0TXl
gd9+v7iDOPPdsWtctsdjI5F229ArKUMQ9JYcsOp/p2oJLwlUJVXWBaY+BzK0bvMY
PT9VNTKGuQFKsjj2wfPth3soCSA2XCZ9csNTjh7NG7eodW68Fb7OVgdZ1Ns4jVsm
mxYFKaVT38o=
=BSgy
-----END PGP SIGNATURE-----