Eight security bulletins contain patches for 24 vulnerabilities, including three critical.
On the Tuesday, October 14, Microsoft has released scheduled security updates, for its products. Unlike the past couple of releases, this release is complete, correcting just three zero-day vulnerabilities.
Eight security bulletins contain patches for 24 flaws in Windows, Internet Explorer, Office and .Net framework. Three of them are critical, so administrators need to test and install the update immediately. Note that one bulletin fixes several vulnerabilities.
This release is the first in the history of Microsoft, when the company released a fix planned soon for the three zero-day vulnerabilities. One of them (CVE-2014-4114) is exploited by attackers to carry out attacks on NATO and the governments of some eastern European countries with the help of malicious software Sandworm. This flaw fixes security bulletin MS14-060, what is likely to be an important, than critical. This is due to the fact that for the successful implementation of the attack is necessary to force a user to open the file.
- ms14-056 Security Bulletin
- ms14-058 Security Bulletin
- ms14-060 Security Bulletin
Microsoft Security Bulletin MS14-056 fixes zero-day vulnerability in Internet Explorer, which allows attackers to bypass the sandbox. MS14-058 intended for holes in Windows, related to the processing driver of TrueType fonts. This vulnerability allows an attacker to inject malicious code into a font. When a user visits a site with an infected script, Windows loads the package of fonts and automatically executes embedded in it code.