November Patch Tuesday: Microsoft Rolls Out 14 Security Bulletins

Patch-Tuesday_gray 14 security bulletins addressing vulnerabilities in Internet Explorer, Microsoft Office, Microsoft Windows, Microsoft Windows Object Linking and Embedding (OLE), and Microsoft .NET Framework among others. Out of these security bulletins, four are tagged as Critical and 8 are rated as Important.

One of the notable bulletins is MS14-065, which fixes several vulnerabilities in Internet Explorer. All supported versions of the browser are affected by these vulnerabilities, which could lead to remote code execution.

Another crucial bulletin is MS14-064 that resolves vulnerabilities in Microsoft Windows Object Linking and Embedding (OLE), including those covered in CVE-2014-6352, related to Sandworm attacks. This CVE was released because a new exploit reportedly bypassed the security update for CVE-2014-4114. Last October, Microsoft patched vulnerabilities in CVE-2014-4114, however, after a week new attacks leveraging these vulnerabilities were seen in the wild.

Server administrators should be especially concerned about MS14-066 as well. This vulnerability in Microsoft Schannel (the implementation of SSL/TLS in Windows) has a significant vulnerability that allows for attackers to run code on an effected system if specially crafted packets are sent to it. This attack can be compared to Shellshock, which could be exploited using a similar method.

Aside from Microsoft, Adobe also released a security update for Adobe Flash Player that could lead to an attacker taking control on the affected systems. As such, users are advised to update to the latest version of Adobe Flash Player.

Users are recommended to apply these patches immediately for these vulnerabilities. Trend Micro Deep Security and Office Scan with the Intrusion Defense Firewall (IDF) plugin protect user systems from threats that may leverage these vulnerabilities following DPI rules:

1006324 – Windows OLE Automation Array Remote Code Execution Vulnerability (CVE-2014-6332)
1006290 – Microsoft Windows OLE Remote Code Execution Vulnerability
1006291 – Microsoft Windows OLE Remote Code Execution Vulnerability -1
1006292 – Microsoft Windows OLE Remote Code Execution Vulnerability Over SMB
1006294 – Microsoft Windows OLE Remote Code Execution Vulnerability Over WebDAV
1006315 – Microsoft Windows OLE Remote Code Execution Vulnerability -2
1006321 – Microsoft Internet Explorer Use After Free Vulnerability (CVE-2014-4143)
1006330 – Microsoft Internet Explorer Clipboard Information Disclosure Vulnerability (CVE-2014-6323)
1006332 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6337)
1006329 – Microsoft Internet Explorer ASLR Bypass Vulnerability (CVE-2014-6339)
1006333 – Microsoft Internet Explorer Cross-Domain Information Disclosure Vulnerability (CVE-2014-6340)
1006334 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6341)
1006331 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6342)
1006340 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6343)
1006341 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6344)
1006338 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6347)
1006335 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6348)
1006336 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6351)
1006337 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-6353)
1006327 – Microsoft Schannel Remote Code Execution Vulnerability (CVE-2014-6321)
1006339 – Microsoft XML Core Services Remote Code Execution Vulnerability (CVE-2014-4118)
1006323 – Microsoft Office Remote Code Execution Vulnerability (CVE-2014-6333)
1006322 – Microsoft Office Bad Index Remote Code Execution Vulnerability (CVE-2014-6334)
1006320 – Microsoft Office Invalid Pointer Remote Code Execution Vulnerability (CVE-2014-6335)
1000552 – Generic Cross Site Scripting(XSS) Prevention
1001126 – DNS Domain Blocker