Today we released fourteen security bulletins addressing 33 unique CVE’s. Four bulletins have a maximum severity rating of Critical, eight have a maximum severity rating of Important, and two have a maximum severity rating of Moderate. This table is designed to help you prioritize the deployment of updates appropriately for your environment.
| Bulletin | Most likely attack vector | Max Bulletin Severity | Max Exploitability | Deployment Priority | Platform mitigations and key notes |
|---|---|---|---|---|---|
| MS14-064(Windows OLE Component | User opens malicious Office document. | Critical | 0 | 1 | CVE-2014-6352 used in limited, targeted attacks in the wild. |
| MS14-066(SChannel) | A malicious user sends specially crafted packets to an exposed service. | Critical | 1 | 1 | Internally found during a proactive security assessment. |
| MS14-065 (Internet Explorer) | User browses to a malicious webpage. | Critical | 1 | 1 | |
| MS14-069 (Office) | User opens malicious Word document. | Important | 1 | 2 | Office 2010 and later versions are not affected by any of the vulnerabilities in this bulletin. |
| MS14-067 (MSXML) | User browses to a malicious webpage. | Critical | 2 | 2 | Only MSXML 3 is vulnerable. |
| MS14-073 (SharePoint) | User opens a malicious link. | Important | 2 | 2 | This is a Cross Site Scripting vulnerability. |
| MS14-078(IME) | User opens a malicious PDF document with Adobe Reader. | Moderate | 0 | 3 | CVE-2014-4077 used in one targeted attack in the wild to bypass Adobe Reader Sandbox via binary hijacking using malicious DIC file. |
| MS14-071(Windows Audio Service) | User browses to a malicious webpage. | Important | 2 | 3 | Local elevation of privilege only, could potentially be utilized as a sandbox escape. |
| MS14-070(tcpip.sys) | An authenticated Windows user runs a malicious program on the target system. | Important | 2 | 3 | Local elevation of privilege only. |
| MS14-072(.NET Framework) | Attacker sends malicious data to a vulnerable web application. | Important | 2 | 3 | Applications not using .NET Remoting are not vulnerable. |
| MS14-076(IIS) | A whitelist-only site could be accessed by an attacker not connected to the proper domain. A blacklist could be similarly bypassed. | Important | 3 | 3 | The vulnerability manifests itself in configurations where the Domain Name Restrictions whitelist and blacklist features are used with entries that contain wildcards.IP Address Restrictions are not affected |
| MS14-074(RDP) | An authorization audit log could be bypassed in some scenarios. | Important | 3 | 3 | The vulnerability only applies to failed AuthZ scenarios, and not to failed AuthN. For example, if a valid user logon is attempted for a user that does not have privilege to RDP into a server, that event log may not be recorded. Event logs will still be recorded if an invalid user or password is presented. |
| MS14-077(ADFS) | An authenticated user could not be logged out in some configurations. | Important | 3 | 3 | Manifests itself in a specific configuration where the ADFS server is configured to use a SAML Relying Party with no sign-out endpoint configured. |
| MS14-079(Kernel Mode Drivers [win32k.sys]) | User browses to malicious webpage. | Moderate | 3 | 3 | The vulnerability leads to denial of service only. |
- Suha Can, MSRC Engineering