September 2014 Patch Tuesday Includes Fixes for Critical IE Vulnerabilities

For this month’s patch Tuesday, Microsoft released four security bulletins, addressing flaws found in Internet Explorer, Microsoft .NET Framework, Microsoft Windows, and Microsoft Lync server.  One bulletin is rated as ‘Critical’ while the rest are tagged as ‘Important’.

One of the notable bulletins in this month’s cycle is MS14-052, which addresses thirty-six vulnerabilities found in Internet Explorer. IE 6 to 11 are affected by these vulnerabilities.

MS14-053 resolves issues found in the Microsoft .NET Framework that could allow denial of service once exploited successfully by attackers. Similarly, when the vulnerabilities addressed in MS14-055 are leveraged by attackers it could also lead to denial of service. On the other hand, Adobe also plans to release security updates addressing vulnerabilities in Adobe Flash Player and Adobe Reader and Acrobat by September 15.

Although this month’s security updates are relatively few compared to the previous months, it is highly advisable to update systems with the latest patches to protect it  from threats leveraging such vulnerabilities.

Trend Micro Deep Security and Office Scan with the Intrusion Defense Firewall (IDF) plugin protect user systems from threats that may leverage vulnerabilities discussed in MS14-052 via the following DPI rules:

  • 1006164 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-2799)
  • 1006219 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4065)
  • 1006224 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4080)
  • 1006227 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4081)
  • 1006230 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4082)
  • 1006221 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4084)
  • 1006229 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4086)
  • 1006222 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4087)
  • 1006225 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4088)
  • 1006220 – Microsoft Internet Explorer Use After Free Vulnerability (CVE-2014-4089)
  • 1006223 – Microsoft Internet Explorer Use After Free Vulnerability (CVE-2014-4092)
  • 1006226 – Microsoft Internet Explorer Use After Free Vulnerability (CVE-2014-4094)
  • 1006228 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4095)

The rules above also protect users of Internet Explorer on Windows XP, which is no longer being supported by Microsoft.

 

 

Via: trendmicro


Save pagePDF pageEmail pagePrint page

Leave a Reply

Your email address will not be published. Required fields are marked *