Kaspersky Threats

Detect date

?

11/11/2014

Severity

?

Critical

Description

Multiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service gain privileges, execute arbitrary code or obtain sensitive information.

Below is a complete list of vulnerabilities

Improper input validation can be exploited locally via a specially designed input;
Improper thread handling can be exploited locally via unknown vectors;
Improper 2D figures handling can be exploited remotely via a specially designed files;
Improper JPEG files parsing can be exploited remotely via a specially designed file or memory manipulations;
An unknown vulnerability can be exploited remotely via a specially designed web content;
An unknown vulnerability can be exploited remotely via vectors related to IPv6;
Improper handling objects in memory can be exploited remotely via an unknown vectors;
Improper file associations handling can be exploited remotely via vectors related to Windows Shell;
Improper user state validation can be exploited remotely via vectors related to SAMR;
Improper iSCSI packets handling can be exploited remotely via an unknown vectors;
An unknown vulnerability can be exploited remotely via vectors related to RDP, On-Screen keyboard, DirectShow, Internet Explorer, Microsoft IME for Japanese and Task Sheduler;
Improper .bat or .cmd files processing can be exploited locally via DLL hijack;
Improper passwords handling can be exploited remotely via share access;
Improper TCP implementation can be exploited remotely via a specially designed TCP header;
Use-After-free can be exploited remotely via a specially designed Office document;
Improper font files restrictions can be exploited locally via a specially designed file;
Improper signatures validation can be exploited remotely via vectors related to Kerberos KDC;
Memory leak can be exploited remotely via a specially designed client;
Double free vulnerability can be exploited locally via a specially designed application;
An unknown vulnerability can be exploited via specially designed application;
Improper addresses validation can be exploited locally via specially designed IOCTL call;
Improper XML handling can be exploited remotely via a specially designed XML content;
Improper permissions validation can be exploited remotely via vectors related to Microsoft audio component;
Improper handling failed login attempts can be exploited via vectors related to RDP;
Improper memory allocation can be exploited remotely via a specially designed USB device;
An unknown vulnerability can be exploited remotely via a specially designed OLE object;
Improper packets handling can be exploited remotely via a vectors related to Secure Channel;
An unknown vulnerability can be exploited remotely via a specially designed Journal.

Affected products

Windows XP Service pack 3
Windows XP Professional x64 Service Pack 3
Windows Server 2003 x86, x64, Itanium Service Pack 2
Windows Vista x86, x64 Service Pack 2
Windows Server 2008 x86, x64, Itanium Service Pack 2
Windows 7 x86, x64 Service Pack 1
Windows Server 2008 R2 x64, Itanium Service Pacl 1
Windows 8 x86, x64
Windows 8.1 x86, x64
Windows Server 2012
Windows Server 2012 R2
Windows RT
Windows RT 8.1

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2014-1816
CVE-2014-6532
CVE-2014-0266
CVE-2014-4076
CVE-2014-6321
CVE-2014-6322
CVE-2014-6324
CVE-2014-1767
CVE-2014-4077
CVE-2014-4074
CVE-2014-1807
CVE-2013-5065
CVE-2014-0300
CVE-2014-0323
CVE-2014-4971
CVE-2014-0301
CVE-2014-0262
CVE-2014-0263
CVE-2014-4115
CVE-2014-4113
CVE-2014-0315
CVE-2014-0316
CVE-2014-0317
CVE-2014-0255
CVE-2014-0318
CVE-2014-4118
CVE-2014-6352
CVE-2014-6332
CVE-2014-0296
CVE-2014-0256
CVE-2014-1811
CVE-2014-0254
CVE-2014-1819
CVE-2014-6355
CVE-2014-2780
CVE-2014-2781
CVE-2014-1812
CVE-2014-4064
CVE-2014-6318
CVE-2014-1814
CVE-2014-4060
CVE-2014-1824
CVE-2014-6317
CVE-2014-4114
CVE-2014-4148

Impacts

?

ACE

[?]

OSI

[?]

DoS

[?]

SB

[?]

WLF

[?]

PE

[?]

RLF

[?]

SUI

[?]

LoI

[?]

Related products

Microsoft Windows Vista
Microsoft Windows Server 2012
Microsoft Windows 8
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2003
Windows RT
Microsoft Windows XP

CVE-IDS

?

Microsoft official advisories

Microsoft Security Update Guide

KB list

2966631
2957482
2966061
2939576
2922229
2973201
2975689
2957189
3013126
2969259
2929961
3010788
2984615
2914368
3003743
3002885
2904659
2961858
3005607
2962490
2592687
2966034
2993958
2988948
2961072
2926765
2973932
2962123
2998579
2989935
2973906
2961899
2933826
2962478
2975685
2975684
2916036
2975681
2978742
2933528
2934418
2993254
2978668
2974286
2928120
2991963
2992611
3000869
3011443
2923392
2962488
2918614
2962485
2889913
2912390
2962486
2930275
2919355
2965788
2972280
2962073
2971850
2992719
2993651
3000061
2913602
2976897
2973408
3006226
3011780

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Find out the statistics of the vulnerabilities spreading in your region

Detect date ?	11/11/2014
Severity ?	Critical
Description	Multiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service gain privileges, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities Improper input validation can be exploited locally via a specially designed input; Improper thread handling can be exploited locally via unknown vectors; Improper 2D figures handling can be exploited remotely via a specially designed files; Improper JPEG files parsing can be exploited remotely via a specially designed file or memory manipulations; An unknown vulnerability can be exploited remotely via a specially designed web content; An unknown vulnerability can be exploited remotely via vectors related to IPv6; Improper handling objects in memory can be exploited remotely via an unknown vectors; Improper file associations handling can be exploited remotely via vectors related to Windows Shell; Improper user state validation can be exploited remotely via vectors related to SAMR; Improper iSCSI packets handling can be exploited remotely via an unknown vectors; An unknown vulnerability can be exploited remotely via vectors related to RDP, On-Screen keyboard, DirectShow, Internet Explorer, Microsoft IME for Japanese and Task Sheduler; Improper .bat or .cmd files processing can be exploited locally via DLL hijack; Improper passwords handling can be exploited remotely via share access; Improper TCP implementation can be exploited remotely via a specially designed TCP header; Use-After-free can be exploited remotely via a specially designed Office document; Improper font files restrictions can be exploited locally via a specially designed file; Improper signatures validation can be exploited remotely via vectors related to Kerberos KDC; Memory leak can be exploited remotely via a specially designed client; Double free vulnerability can be exploited locally via a specially designed application; An unknown vulnerability can be exploited via specially designed application; Improper addresses validation can be exploited locally via specially designed IOCTL call; Improper XML handling can be exploited remotely via a specially designed XML content; Improper permissions validation can be exploited remotely via vectors related to Microsoft audio component; Improper handling failed login attempts can be exploited via vectors related to RDP; Improper memory allocation can be exploited remotely via a specially designed USB device; An unknown vulnerability can be exploited remotely via a specially designed OLE object; Improper packets handling can be exploited remotely via a vectors related to Secure Channel; An unknown vulnerability can be exploited remotely via a specially designed Journal.
Affected products	Windows XP Service pack 3 Windows XP Professional x64 Service Pack 3 Windows Server 2003 x86, x64, Itanium Service Pack 2 Windows Vista x86, x64 Service Pack 2 Windows Server 2008 x86, x64, Itanium Service Pack 2 Windows 7 x86, x64 Service Pack 1 Windows Server 2008 R2 x64, Itanium Service Pacl 1 Windows 8 x86, x64 Windows 8.1 x86, x64 Windows Server 2012 Windows Server 2012 R2 Windows RT Windows RT 8.1
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2014-1816 CVE-2014-6532 CVE-2014-0266 CVE-2014-4076 CVE-2014-6321 CVE-2014-6322 CVE-2014-6324 CVE-2014-1767 CVE-2014-4077 CVE-2014-4074 CVE-2014-1807 CVE-2013-5065 CVE-2014-0300 CVE-2014-0323 CVE-2014-4971 CVE-2014-0301 CVE-2014-0262 CVE-2014-0263 CVE-2014-4115 CVE-2014-4113 CVE-2014-0315 CVE-2014-0316 CVE-2014-0317 CVE-2014-0255 CVE-2014-0318 CVE-2014-4118 CVE-2014-6352 CVE-2014-6332 CVE-2014-0296 CVE-2014-0256 CVE-2014-1811 CVE-2014-0254 CVE-2014-1819 CVE-2014-6355 CVE-2014-2780 CVE-2014-2781 CVE-2014-1812 CVE-2014-4064 CVE-2014-6318 CVE-2014-1814 CVE-2014-4060 CVE-2014-1824 CVE-2014-6317 CVE-2014-4114 CVE-2014-4148
Impacts ?	ACE [?] OSI [?] DoS [?] SB [?] WLF [?] PE [?] RLF [?] SUI [?] LoI [?]
Related products	Microsoft Windows Vista Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2003 Windows RT Microsoft Windows XP
CVE-IDS ?	CVE-2014-18164.3Warning CVE-2014-65329.3Critical CVE-2014-02667.1High CVE-2014-40767.2High CVE-2014-63224.3Warning CVE-2014-63249.0Critical CVE-2014-17677.2High CVE-2014-40779.3Critical CVE-2014-40747.2High CVE-2014-18077.2High CVE-2013-50657.2High CVE-2014-03007.2High CVE-2014-03236.6High CVE-2014-49717.2High CVE-2014-03019.3Critical CVE-2014-02627.2High CVE-2014-02639.3Critical CVE-2014-41157.2High CVE-2014-41137.2High CVE-2014-03156.9High CVE-2014-03167.5Critical CVE-2014-03175.4High CVE-2014-02555.0Critical CVE-2014-03187.2High CVE-2014-41189.3Critical CVE-2014-63529.3Critical CVE-2014-63329.3Critical CVE-2014-02965.1High CVE-2014-02565.0Critical CVE-2014-18115.0Critical CVE-2014-02547.8Critical CVE-2014-18197.2High CVE-2014-63555.0Critical CVE-2014-27806.9High CVE-2014-27817.6Critical CVE-2014-18129.0Critical CVE-2014-40644.9Warning CVE-2014-63184.3Warning CVE-2014-18147.2High CVE-2014-40606.8High CVE-2014-18249.3Critical CVE-2014-63177.1High CVE-2014-41149.3Critical CVE-2014-41489.3Critical
Microsoft official advisories	Microsoft Security Update Guide
KB list	2966631 2957482 2966061 2939576 2922229 2973201 2975689 2957189 3013126 2969259 2929961 3010788 2984615 2914368 3003743 3002885 2904659 2961858 3005607 2962490 2592687 2966034 2993958 2988948 2961072 2926765 2973932 2962123 2998579 2989935 2973906 2961899 2933826 2962478 2975685 2975684 2916036 2975681 2978742 2933528 2934418 2993254 2978668 2974286 2928120 2991963 2992611 3000869 3011443 2923392 2962488 2918614 2962485 2889913 2912390 2962486 2930275 2919355 2965788 2972280 2962073 2971850 2992719 2993651 3000061 2913602 2976897 2973408 3006226 3011780
Exploitation	Public exploits exist for this vulnerability. Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
	Find out the statistics of the vulnerabilities spreading in your region

KLA10601Multiple vulnerabilities in Microsoft products

KLA10601
Multiple vulnerabilities in Microsoft products