Microsoft Vulnerabilities – new notifications September 10, 2014

Posted: September 10, 2014 in Vulnerability News
Tags: , , , , , ,

VulnerabilityCyber Security Notifications: New Vulnerabilities of September 2014

New Microsoft vulnerabilities of September 10, 2014

  • Denial of service in the Microsoft Lync Server
  • Privilege escalation in the Microsoft Windows Task Manager
  • Denial of service in Microsoft .NET Framework
  • Multiple vulnerabilities in Microsoft Internet Explorer


#1. Denial of service in the Microsoft Lync Server

Danger: High
Availability Corrections: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: L / Au: N / C: N / I: N / A: C / E: U / RL: O / RC: C) = Base: 7.8 / Temporal: 5.8
CVE ID: CVE-2014-4068
Vector operation: Remote
Impact: Denial of service

Affected Products: Microsoft Lync Server 2010, Microsoft Lync Server 2013
Affected versions: Microsoft Lync Server 2013 2010b

Vulnerability Description:

The vulnerability allows a remote user to cause a denial of service.

The vulnerability is caused due to an unspecified error. This can be exploited to crash the Microsoft Lync Server.


Microsoft Security

 

#2. Local privilege escalation vulnerability in the Microsoft Windows Task Manager

Danger: Low
Availability Corrections: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: L / AC: L / Au: N / C: C / I: C / A: C / E: U / RL: O / RC: C) = Base: 7.2 / Temporal: 5.3
CVE ID: CVE-2014-4074
Vector operation: Local
Impact: System Compromise

Affected Products: Microsoft Windows 8, 8.1, RT, RT 8.1, Server 2012
Affected versions: Microsoft Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows 2012, Windows 2012 R2

Vulnerability Description:

This vulnerability could allow a local user to elevate their privileges on the system.

The vulnerability is due to the fact that the Windows Task Manager does not properly validate privileges problems. A local user can use Task Manager to gain administrative access to the system.


 

#3. Denial of service in Microsoft .NET Framework

Danger: High
Availability Corrections: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: L / Au: N / C: N / I: N / A: C / E: U / RL: O / RC: C) = Base: 7.8 / Temporal: 5.8
CVE ID: CVE-2014-4072
Vector operation: Remote
Impact: Denial of service

Affected Products: Microsoft Windows Server 2003 Standard Edition, Server 2003, Web Edition, Storage Server 2003, Server 2003, Enterprise Edition, Server 2003, Datacenter Edition, Windows Vista, Windows 7, 8, 8.1, Windows Server 2008, Server 2012, Windows RT, RT 8.1

Affected versions: Microsoft Windows 2003, Vista, Windows 7, 8, 8.1, 2008, 2008 R2, Windows RT, RT 8.1, Windows 2012, 2012 R2
Description:

The vulnerability allows a remote user to cause a denial of service.

The vulnerability is caused due to an error when processing queries in Microsoft .NET Framework, leading to conflicts of hashes. A remote user can cause the system to consume huge amounts of resources and denial of service.


 

Multiple vulnerabilities in Microsoft Internet Explorer

Danger: High
Availability Corrections: Yes
Number of vulnerabilities: 37
CVSSv2 Rating: (V: N / AC: L / Au: N / C: P / I: N / A: N / E: H / RL: OF / RC: C) =
Vector operation: Remote
Impact: Disclosure of system data and system compromise

Affected Products: Microsoft Internet Explorer 6.x 7.x, 8.x, 9.x, 10.x, 11.x
Affected versions: Microsoft Internet Explorer 6.x, 7.x, 8.x, 9.x, 10.x, 11.x

Description:

Discovered vulnerabilities allow a remote user to gain access to sensitive information and compromise a vulnerable system.

1. The vulnerability is due to an error in the XMLDOM ActiveX component. This can be exploited via a specially crafted web-site to get information about the software installed on the system and bypass antivirus detection of malicious code.

Note: there are cases of exploitation of this vulnerability.

2. detected 36 vulnerabilities, memory corruption. This can be exploited via a specially crafted web-site to execute arbitrary code on the target system.

 


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s