Today we released eight security bulletins addressing 24 unique CVE’s. Three bulletins have a maximum severity rating of Critical, and five have a maximum severity rating of Important. This table is designed to help you prioritize the deployment of updates appropriately for your environment.
| Bulletin | Most likely attack vector | Max Bulletin Severity | Max exploitability | Platform mitigations and key notes |
|---|---|---|---|---|
| MS14-058(Kernel mode drivers [win32k.sys]) | Attacker loads a malicious font on the user’s computer using an Office document or web browser which results in remote code execution. | Critical | 0Exploitation of CVE-2014-4148 and CVE-2014-4113 detected in the wild. CVE-2014-4148 is used for remote code execution. CVE-2014-4113 is used for elevation of privilege. | CVE-2014-4113 is not exploitable on 32bit platforms if NULL-page mapping mitigation is enabled (configurable on Windows 7, enabled by default on Windows 8 an above). |
| MS14-056(Internet Explorer) | Victim browses to a malicious webpage. | Critical | 0Exploitation of CVE-2014-4123 detected in the wild. Used as a sandbox escape. | No remote code execution vulnerabilities being addressed in this update are known to be under active attack. |
| MS14-057(.NET Framework) | An attacker sends malicious data to a vulnerable web application. | Critical | 1 | |
| MS14-060(Windows OLE Component) | Victim opens malicious Office document that exploits the vulnerability resulting in a malicious executable being run. | Important | 0Exploitation of CVE-2014-4114 detected in the wild. | Using a non-administrator account or setting UAC to “Always Prompt” helps mitigate the impact of this vulnerability. |
| MS14-061(Word) | Victim opens a malicious Word document. | Important | 1 | |
| MS14-062(Kernel mode drivers [msmq.sys]) | Attacker running code at low privilege runs exploit binary to elevate to SYSTEM. | Important | 1 | This vulnerability only affects Windows Server 2003. |
| MS14-063(Kernel mode drivers [fastfat.sys]) | Important | 2 | Requires the ability to physically plug a USB stick in to the computer. | |
| MS14-059(ASP.NET MVC) | Victim opens a malicious link | Important | 3 | This is a Cross Site Scripting vulnerability. The XSS Filter, which is enabled by default in IE8-IE11 in the Internet Zone, prevents attempts to exploit this vulnerability. |
- Joe Bialek and Suha Can, MSRC Engineering