New
Security Bulletins
Microsoft
is releasing the following eight (8) new security bulletins for newly discovered vulnerabilities:
|
BULLETIN
NUMBER
|
SEVERITY
|
BULLETIN TITLE
& KB Article
|
AFFECTED SOFTWARE*
|
IMPACT
|
RESTART
|
CVE Vulnerability #
|
|
|
Critical
|
Cumulative Security Update for Internet
Explorer (2987107)
|
Internet Explorer on all supported
releases of Microsoft Windows.
|
Remote Code Execution
|
Requires
|
CVE-2014-4123,
CVE-2014-4124,
CVE-2014-4140,
CVE-2014-4126,
CVE-2014-4127,
CVE-2014-4128,
CVE-2014-4129,
CVE-2014-4130,
CVE-2014-4132,
CVE-2014-4133,
CVE-2014-4134,
CVE-2014-4137,
CVE-2014-4138,
CVE-2014-4141
|
|
|
Critical
|
Vulnerabilities in .NET Framework Could
Allow Remote Code Execution (3000414)
|
Microsoft .NET Framework 2.0 Service Pack
2, .NET Framework 3.5, .NET Framework 3.5.1, .NET Framework 4, and .NET
Framework 4.5/4.5.1/4.5.2 on affected releases of Microsoft Windows.
|
Remote Code Execution
|
May
Require
|
|
|
|
Critical
|
Vulnerability in Kernel-Mode Driver Could
Allow Remote Code Execution (3000061)
|
All supported releases of Microsoft
Windows.
|
Remote Code Execution
|
Requires
|
|
|
|
Important
|
Vulnerability in ASP.NET MVC Could Allow
Security Feature Bypass (2990942)
|
ASP.NET MVC 2.0, ASP.NET MVC 3.0,
|
Security Feature Bypass
|
May
Require
|
|
|
|
Important
|
Vulnerability in Windows OLE Could Allow
Remote Code Execution (3000869)
|
ASP.NET MVC 4.0,
|
Remote Code Execution
|
May
Require
|
|
|
|
Important
|
Vulnerability in Microsoft Word and Office
Web Apps Could Allow Remote Code Execution (3000434)
|
ASP.NET MVC 5.0, and
|
Remote Code Execution
|
May
Require
|
|
|
|
Important
|
Vulnerability in Message Queuing Service
Could Allow Elevation of Privilege (2993254)
|
ASP.NET MVC 5.1.
|
Elevation of Privilege
|
Requires
|
|
|
|
Important
|
Vulnerability in FAT32 Disk Partition
Driver Could Allow Elevation of Privilege (2998579)
|
All supported releases of Microsoft
Windows except Microsoft Windows Server 2003.
|
Elevation of Privilege
|
Requires
|
|
Customers
are advised to review the information in these bulletins, test and deploy the
updates immediately in their environments, if applicable.
The
Malicious Software Removal Tool and Non-Security Updates
·
Microsoft is releasing an
updated version of the Microsoft Windows Malicious Software Removal Tool on
Windows Server Update Services (WSUS), Windows Update (WU), and the Download
Center. Information on the Microsoft Windows Malicious Software Removal Tool is
available at http://support.microsoft.com/?kbid=890830.
·
High
priority non-security updates Microsoft releases to be available on Microsoft
Update (MU), Windows Update (WU), or Windows Server Update Services (WSUS) will
be detailed in the KB article found at http://support.microsoft.com/?id=894199.
Rereleased
Security Bulletin
Microsoft rereleased one (1) security bulletin on
October 14, 2014. Here is an overview:
|
MS14-042
|
Vulnerability in Microsoft
Service Bus Could Allow Denial of Service (2972621)
|
|
What Changed?
|
This security bulletin was rereleased to
announce the offering of the security update via Microsoft Update, in
addition to the Download-Center-only option that was provided when this
bulletin was originally released. Customers who have already successfully
updated their systems do not need to take any action.
|
|
Affected Software
|
This security update is rated Moderate for
Microsoft Service Bus 1.1 when installed on affected editions of Windows
Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2
|
|
More Information
|
|
New
Security Advisories
Microsoft published two (2) new security advisories on October 14, 2014. Here is an overview:
|
Security Advisory 2949927
|
Availability of SHA-2 Hashing
Algorithm for Windows 7 and Windows Server 2008 R2
|
|
Executive Summary
|
The purpose of this advisory is to inform
customers of an update that adds functionality for the SHA-2 hashing
algorithm to all supported editions of Windows 7 and Windows Server 2008 R2.
|
|
Affected Software
|
·
Microsoft is
announcing the availability of an update for all supported editions of
Windows 7 and Windows Server 2008 R2 to add support for SHA-2 signing and
verification functionality.
·
Windows 8, Windows
8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT, and Windows RT
8.1 do not require this update as SHA-2 signing and verification
functionality is already included in these operating systems.
·
This update is not
available for Windows Server 2003, Windows Vista, or Windows Server 2008.
|
|
More Information
|
|
|
Security Advisory 2977292
|
Update for Microsoft EAP
Implementation that Enables the Use of TLS
|
|
Executive Summary
|
The purpose of this advisory is to notify
customers that an update is available for the Microsoft Extensible
Authentication Protocol (EAP) implementation that enables the use of
Transport Layer Security (TLS) 1.1 or 1.2.
|
|
Affected Software
|
All supported editions of Windows 7,
Windows Server 2008 R2, Windows 8, Windows 8.1, Windows Server 2012, and
Windows RT.
|
|
More Information
|
|
Re-released
Security Advisories
Microsoft rereleased two (2) security advisories on October 14, 2014. Here is an overview:
|
Security Advisory 2871997
|
Update to Improve Credentials
Protection and Management
|
|
What Has Changed?
|
On October 14, 2014, Microsoft released
the following updates. The applicable updates add a restricted admin mode for
Remote Desktop Connection and Remote Desktop Protocol:
·
2984972 for
supported editions of Windows 7 and Windows Server 2008 R2
·
2973501 for
supported editions of Windows 8, Windows Server 2012, and Windows RT.
|
|
Executive Summary
|
This security advisory was originally
released to announce the availability of updates for supported editions of
Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows
RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 that improve
credential protection and domain authentication controls to reduce credential
theft.
|
|
Note on affected software:
|
Supported editions of Windows 8.1, Windows
Server 2012 R2, and Windows RT 8.1 already include this feature and do not
need this update.
|
|
More Information
|
|
|
Security Advisory 2755801
|
Update for Vulnerabilities in
Adobe Flash Player in Internet Explorer
|
|
What Has Changed?
|
Microsoft routinely updates this security
advisory to announce the availability of a new update for Adobe Flash Player.
On October 14, 2014, Microsoft released an update (3001237) for Internet
Explorer 10 on Windows 8, Windows Server 2012, and Windows RT, and for
Internet Explorer 11 on Windows 8.1, Windows Server 2012 R2, and Windows RT
8.1. The update addresses the vulnerabilities described in Adobe Security
bulletin APSB14-22.
For more information about this update, including download links, see Microsoft Knowledge Base
Article 3001237.
|
|
More Information
|
|
Timeline
For Out-of-Date ActiveX Control Blocking in Internet Explorer
In August, 2014, Microsoft announced via the
Internet Explorer blog post Stay
up-to-date with Internet Explorer that beginning January 12, 2016, the
following operating system and browser combinations will be supported:
|
Windows operating
system
|
Internet Explorer
version
|
|
Windows Vista SP2
|
Internet Explorer 9
|
|
Windows Server 2008 SP2
|
Internet Explorer 9
|
|
Windows 7 SP1
|
Internet Explorer 11
|
|
Windows Server 2008 R2 SP1
|
Internet Explorer 11
|
|
Windows 8.1
|
Internet Explorer 11
|
|
Windows Server 2012
|
Internet Explorer 10
|
|
Windows Server 2012 R2
|
Internet Explorer 11
|
Support
for Out-of-date ActiveX control blocking on Windows Vista and Windows Server
2008 SP2
Right now, the
out-of-date ActiveX control blocking feature works on all of these combinations
except Windows Vista SP2 and Windows Server 2008 SP2 with Internet Explorer 9.
Today Microsoft has announced that support for these combinations (Windows
Vista SP2 and Windows Server 2008 SP2 with Internet Explorer 9) is expected to
start on November 11, 2014.
Out-of-date
Silverlight blocking
In addition to the change
mentioned above, it was announced today that starting on November 11, 2014,
Microsoft will expand the out-of-date ActiveX control blocking feature to block
outdated versions of Silverlight. This update notifies you when a webpage tries
to load a Silverlight ActiveX control older than (but not including)
Silverlight 5.1.30514.0.
Additional
resources
Public
Bulletin Webcast
Microsoft will host a webcast to address customer questions on
these bulletins:
Title: Information about Microsoft October Security Bulletins (Level
200)
Date: Wednesday, October 15, 2014, 11:00 A.M. Pacific Time (U.S. and Canada)
New
Security Bulletin Technical Details
In
the following tables of affected and non-affected software, software editions
that are not listed are past their support lifecycle. To determine the support
lifecycle for your product and edition, visit the Microsoft Support Lifecycle
web site at http://support.microsoft.com/lifecycle/.
|
Bulletin Identifier
|
|
|
Bulletin Title
|
Cumulative
Security Update for Internet Explorer (2987107)
|
|
Executive Summary
|
This
security update resolves fourteen privately reported vulnerabilities in
Internet Explorer. The most severe of these vulnerabilities could allow
remote code execution if a user views a specially crafted webpage using
Internet Explorer. An attacker who successfully exploited these vulnerabilities
could gain the same user rights as the current user.
The
security update addresses the vulnerabilities by modifying the way that
Internet Explorer handles objects in memory, by adding additional permission
validations to Internet Explorer, and by helping to ensure that affected
versions of Internet Explorer properly implement the ASLR security feature.
|
|
Severity Ratings and Affected Software
|
This
security update is rated Critical for Internet Explorer 6 (IE 6), Internet
Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9),
Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected
Windows clients, and Moderate for Internet Explorer 6 (IE 6), Internet
Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9),
Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected
Windows servers
|
|
Attack Vectors
|
Multiple Elevation of Privilege Vulnerabilities:
·
In a web-based attack scenario, an
attacker could host a website that is used to attempt to exploit these
vulnerabilities. In addition, compromised websites and websites that accept
or host user-provided content could contain specially crafted content that
could exploit these vulnerabilities.
CVE-2014-4140:
·
An attacker could tie this security
feature bypass vulnerability to an additional vulnerability, usually a remote
code execution vulnerability. The additional vulnerability would take
advantage of the security feature bypass for exploitation. For example, a
remote code execution vulnerability that is blocked by ASLR, could be
exploited after a successful ASLR bypass.
Multiple Memory Corruption Vulnerabilities:
·
An attacker could host a specially crafted
website that is designed to exploit these vulnerabilities through Internet
Explorer, and then convince a user to view the website. The attacker could
also take advantage of compromised websites and websites that accept or host
user-provided content or advertisements. These websites could contain
specially crafted content that could exploit these vulnerabilities.
|
|
Mitigating Factors
|
Multiple Elevation of Privilege Vulnerabilities:
·
An attacker would have to convince users
to take action, typically by getting them to click a link in an email message
or in an instant message that takes users to the attacker's website, or by
getting them to open an attachment sent through email.
CVE-2014-4140:
·
Microsoft has not identified any
mitigating factors for this vulnerability.
Multiple Memory Corruption Vulnerabilities:
·
An attacker would have to convince users
to take action, typically by getting them to click a link in an email message
or in an instant message that takes users to the attacker's website, or by
getting them to open an attachment sent through email.
·
Customers whose accounts are configured to
have fewer user rights on the system could be less impacted than those who
operate with administrative user rights.
·
By default, all supported versions of
Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML
email messages in the Restricted sites zone.
·
By default, Internet Explorer on Windows
Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server
2012, and Windows Server 2012 R2 runs in a restricted mode.
|
|
Vulnerability Identifiers
|
|
|
Restart Requirement
|
This
update requires a restart.
|
|
Bulletins Replaced by This Update
|
MS14-052
|
|
Full Details
|
|
|
Bulletin Identifier
|
|
|
Bulletin Title
|
Vulnerabilities
in .NET Framework Could Allow Remote Code Execution (3000414)
|
|
Executive Summary
|
This
security update resolves three privately reported vulnerabilities in
Microsoft .NET Framework. The most severe of the vulnerabilities could allow
remote code execution if an attacker sends a specially crafted URI request
containing international characters to a .NET web application.
The
security update addresses the vulnerabilities by improving how Microsoft .NET
Framework communicates with the ClickOnce installer process, by correcting
how it handles specially crafted requests, and by helping to ensure that
affected versions of Microsoft .NET Framework properly implement the ASLR
security feature.
|
|
Severity Ratings and Affected Software
|
This
security update is rated Critical for Microsoft .NET Framework 2.0 Service
Pack 2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1,
Microsoft .NET Framework 4, and Microsoft .NET Framework 4.5/4.5.1/4.5.2 on
affected releases of Microsoft Windows.
|
|
Attack Vectors
|
CVE-2014-4073:
·
An attacker could compromise Internet
Explorer in such a way as to allow the ClickOnce installer process to run
outside of Protected Mode with elevated privileges.
CVE-2014-4121:
·
An attacker could send a specially crafted
URI request containing international characters to a .NET web application.
CVE-2014-4122:
·
An attacker could host a website that is
used to attempt to exploit this vulnerability.
·
Compromised websites and websites that
accept or host user-provided content could contain specially crafted content
that could exploit this vulnerability.
·
When a user visits a website that contains
malicious content using a web browser capable of instantiating COM
components, such as Internet Explorer, the affected .NET Framework component
can be loaded to bypass ASLR.
·
An attacker could tie this security feature
bypass vulnerability to an additional vulnerability, usually a remote code
execution vulnerability. The additional vulnerability would take advantage of
the security feature bypass for exploitation. For example, a remote code
execution vulnerability that is blocked by ASLR, could be exploited after a
successful ASLR bypass.
|
|
Mitigating Factors
|
CVE-2014-4073:
·
Microsoft has not identified any
mitigating factors for this vulnerability.
CVE-2014-4121:
·
In .NET 4.0 applications, iriParsing is
disabled by default; for the vulnerability to be exploitable, an application
has to explicitly enable this functionality by setting <iriParsing
enabled="true"/> in the app.config file. For more information,
see <iriParsing> Element (Uri
Settings). In .NET 4.5 applications, iriParsing is enabled by default and
cannot be disabled. For more information, see Application Compatibility in the
.NET Framework 4.5.
CVE-2014-4122:
·
Microsoft has not identified any
mitigating factors for this vulnerability.
|
|
Vulnerability Identifiers
|
|
|
Restart Requirement
|
This
update may require a restart.
|
|
Bulletins Replaced by This Update
|
MS12-016
|
|
Full Details
|
|
|
Bulletin Identifier
|
|
|
Bulletin Title
|
Vulnerabilities
in Kernel-Mode Driver Could Allow Remote Code Execution (3000061)
|
|
Executive Summary
|
This
security update resolves two privately reported vulnerabilities in Microsoft
Windows. The more severe of the vulnerabilities could allow remote code execution
if an attacker convinces a user to open a specially crafted document or to
visit an untrusted website that contains embedded TrueType fonts.
The
security update addresses the vulnerabilities by correcting how the Windows
kernel-mode driver handles objects in memory and the way it handles TrueType
fonts.
|
|
Severity Ratings and Affected Software
|
This
security update is rated Critical for all supported releases of Microsoft
Windows.
|
|
Attack Vectors
|
CVE-2014-4113:
·
An attacker could exploit this vulnerability
by running a specially crafted application on an affected system by obtaining
valid logon credentials and logging on to the system or convincing a
logged-on, authenticated, user to execute an application on the attacker’s
behalf.
CVE-2014-4148:
·
There are multiple means by which an
attacker could exploit this vulnerability, including convincing a user to
open a specially crafted document or to visit an untrusted webpage that
contains embedded TrueType fonts. The specially crafted TrueType font could
then exploit the vulnerability.
|
|
Mitigating Factors
|
CVE-2014-4113:
·
An attacker must have valid logon
credentials and be able to log on locally to exploit this vulnerability.
CVE-2014-4148:
·
A user must visit an untrusted website
containing a specially crafted TrueType font file, or open the file as an
email attachment. An attacker would have to persuade users to perform these
actions, typically by getting them to click a link in an email message or
instant message.
|
|
Vulnerability Identifiers
|
|
|
Restart Requirement
|
This
update requires a restart.
|
|
Bulletins Replaced by This Update
|
MS14-045
|
|
Full Details
|
|
|
Bulletin Identifier
|
|
|
Bulletin Title
|
Vulnerability
in ASP.NET MVC Could Allow Security Feature Bypass (2990942)
|
|
Executive Summary
|
This
security update resolves a publicly disclosed vulnerability in ASP.NET MVC.
The vulnerability could allow security feature bypass if an attacker
convinces a user to click a specially crafted link or to visit a webpage that
contains specially crafted content designed to exploit the vulnerability. In
a web-based attack scenario, an attacker could host a specially crafted
website that is designed to exploit the vulnerability through a web browser,
and then convince a user to view the website. The attacker could also take
advantage of compromised websites and websites that accept or host
user-provided content or advertisements. These websites could contain
specially crafted content that could exploit the vulnerability.
The
security update addresses the vulnerability by correcting how ASP.NET MVC
handles the encoding of input.
|
|
Severity Ratings and Affected Software
|
This
security update is rated Important for ASP.NET MVC 2, ASP.NET MVC 3, ASP.NET
MVC 4, ASP.NET MVC 5, and APS.NET MVC 5.1.
|
|
Attack Vectors
|
·
In a web-based attack scenario, an
attacker could convince the user to visit a webpage that contains specially
crafted content designed to exploit the vulnerability.
·
Compromised websites and websites that
accept or host user-provided content could contain specially crafted content
that could exploit this vulnerability.
|
|
Mitigating Factors
|
·
An attacker would have to convince users
to take action, typically by getting them to click a link in an email message
or in an instant message that takes users to the attacker's website, or by
getting them to open an attachment sent through email.
·
The XSS Filter in Internet Explorer 8,
Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 prevents
this attack for users when browsing to websites in the Internet Zone. Note
that the XSS Filter in Internet Explorer 8, Internet Explorer 9, Internet
Explorer 10, and Internet Explorer 11 is enabled by default in the Internet
zone, but is not enabled by default in the Intranet Zone.
|
|
Vulnerability Identifiers
|
|
|
Restart Requirement
|
This
update may require a restart.
|
|
Bulletins Replaced by This Update
|
None
|
|
Full Details
|
|
|
Bulletin Identifier
|
|
|
Bulletin Title
|
Vulnerability
in Windows OLE Could Allow Remote Code Execution (3000869)
|
|
Executive Summary
|
This
security update resolves a privately reported vulnerability in Microsoft
Windows. The vulnerability could allow remote code execution if a user opens
a Microsoft Office file that contains a specially crafted OLE object. An
attacker who successfully exploited this vulnerability could run arbitrary
code in the context of the current user. If the current user is logged on
with administrative user rights, an attacker could then install programs;
view, change, or delete data; or create new accounts with full user rights.
|
|
Severity Ratings and Affected Software
|
This
security update is rated Important for all supported releases of Microsoft
Windows except Microsoft Windows Server 2003 (which is not affected).
|
|
Attack Vectors
|
Email
attack:
·
An attacker could exploit the
vulnerability by sending a specially-crafted file to the user and persuade
the user to open the file.
Web-based
attack:
·
An attacker would have to host a website
that contains a PowerPoint file that is used to attempt to exploit this
vulnerability.
·
Compromised websites and websites that
accept or host user-provided content could contain specially crafted content
that could exploit this vulnerability.
|
|
Mitigating Factors
|
·
Customers whose accounts are configured to
have fewer user rights on the system could be less impacted than those who
operate with administrative user rights.
·
An attacker would have to convince users
to visit the website, typically by getting them to click a link in an email
message or instant message that takes users to the attacker's website.
·
By using Protected View, you can read a
file and see its contents while reducing the risks. Protected View is enabled
by default.
|
|
Vulnerability Identifiers
|
|
|
Restart Requirement
|
This
update may require a restart.
|
|
Bulletins Replaced by This Update
|
MS12-005
|
|
Full Details
|
|
|
Bulletin Identifier
|
|
|
Bulletin Title
|
Vulnerability
in Microsoft Word and Office Web Apps Could Allow Remote Code Execution
(3000434)
|
|
Executive Summary
|
This
security update resolves one privately reported vulnerability in Microsoft
Office. The vulnerability could allow remote code execution if an attacker
convinces a user to open a specially crafted Microsoft Word file. An attacker
who successfully exploited the vulnerability could gain the same user rights
as the current user. If the current user is logged on with administrative
user rights, an attacker could then install programs; view, change, or delete
data; or create new accounts with full user rights.
The
security update addresses the vulnerability by correcting the way that
Microsoft Office parses specially crafted files.
|
|
Severity Ratings and Affected Software
|
This
security update is rated Important for supported editions of Microsoft Word
2007, Microsoft Office 2007, Microsoft Word 2010, Microsoft Office 2010,
Microsoft Office for Mac 2011, Microsoft Office Compatibility Pack, Word Automation
Services, and Microsoft Office Web Apps Server 2010.
|
|
Attack Vectors
|
·
An attacker could exploit the
vulnerability by sending a specially crafted file to the user and by
convincing the user to open the file in an affected version of Microsoft
Office software.
·
An attacker could host a website that
contains a file that is used to attempt to exploit the vulnerability.
·
Compromised websites and websites that
accept or host user-provided content could contain specially crafted content
that could exploit this vulnerability.
|
|
Mitigating Factors
|
·
The vulnerability cannot be exploited
automatically through email. For an attack to be successful a user must open
an attachment that is sent in an email message.
·
An attacker would have no way to force
users to view attacker controlled content. Instead, an attacker would have to
convince users to take action, typically by getting them to click a link in
an email message or instant message that takes users to the attacker’s
website, and then convince them to open the specially crafted Office file.
·
Customers whose accounts are configured to
have fewer user rights on the system could be less impacted than those who
operate with administrative user rights.
|
|
Vulnerability Identifiers
|
|
|
Restart Requirement
|
This
update may require a restart.
|
|
Bulletins Replaced by This Update
|
MS14-034,
MS14-017, and MS14-022.
|
|
Full Details
|
|
|
Bulletin Identifier
|
|
|
Bulletin Title
|
Vulnerability
in Message Queuing Service Could Allow Elevation of Privilege (2993254)
|
|
Executive Summary
|
This
security update resolves a publicly disclosed vulnerability in Microsoft
Windows. The vulnerability could allow elevation of privilege if an attacker
sends a specially crafted input/output control (IOCTL) request to the Message
Queuing service. Successful exploitation of this vulnerability could lead to
full access to the affected system.
The
security update addresses the vulnerability by modifying how the Message
Queuing service validates input data before passing the data to the allocated
buffer.
|
|
Severity Ratings and Affected Software
|
This
security update is rated Important for all supported editions of Windows
Server 2003.
|
|
Attack Vectors
|
An
attacker could exploit this vulnerability by sending a specially crafted
IOCTL request to the Message Queuing service.
|
|
Mitigating Factors
|
·
By default, the Message Queuing component
is not installed on any affected operating system edition and can only be
enabled by a user with administrative privileges. Only customers who manually
enable the Message Queuing component are likely to be vulnerable to this
issue.
·
An attacker must have valid logon
credentials and be able to log on locally to exploit this vulnerability. The
vulnerability could not be exploited remotely or by anonymous users.
|
|
Vulnerability Identifiers
|
|
|
Restart Requirement
|
This
update requires a restart.
|
|
Bulletins Replaced by This Update
|
MS09-040
|
|
Full Details
|
|
|
Bulletin Identifier
|
|
|
Bulletin Title
|
Vulnerability
in FAT32 Disk Partition Driver Could Allow Elevation of Privilege (2998579)
|
|
Executive Summary
|
This
security update resolves a privately reported vulnerability in Microsoft
Windows. An elevation of privilege vulnerability exists in the way the
Windows FASTFAT system driver interacts with FAT32 disk partitions. An
attacker who successfully exploited this vulnerability could execute
arbitrary code with elevated privileges.
The
security update addresses the vulnerability by changing how memory is
allocated when a specific function is called.
|
|
Severity Ratings and Affected Software
|
This
security update is rated Important for all supported editions of Windows
Server 2003, Windows Vista, and Windows Server 2008.
|
|
Attack Vectors
|
An
unauthenticated attacker could attack a system locally by inserting a
specially crafted USB drive into the system.
|
|
Mitigating Factors
|
An
attacker must have physical access to the system to be able to exploit the
vulnerability.
|
|
Vulnerability Identifiers
|
|
|
Restart Requirement
|
This
update requires a restart.
|
|
Bulletins Replaced by This Update
|
None
|
|
Full Details
|
|
Regarding
