GET Microsoft and Adobe Released Update Set, January 2014 / ESET NOD32 Blog / Sudo Null IT News FREE

Microsoft has released a series of updates for its products that track 6 unique vulnerabilities (4 patches with the condition Important). This is the first dapple tuesday this twelvemonth and we call it "light patch tuesday" because it does not contain a single critical update or a lone update for Internet Explorer. A elaborate describe on closed vulnerabilities, product components and their versions tail be launch on the corresponding security measures bulletins Sri Frederick Handley Page . The fixes revolve around the operating system, Business office, and Microsoft Dynamics AX software system. To apply the updates you require a reboot.

Update MS14-002 closes the known from last year ( SA 2914486) LPE vulnerability CVE-2013-5065 in the driver translation ndproxy.sys, which is enclosed with Windows XP and Windows Server 2003. Attackers used a specially crafted request to the number one wood via the IOCTL interface to execute their code in center manner (user-way restrictions escape ) To deliver this exploit, we used a special PDF document that exploits the vulnerability in an elder rendering of Adobe brick Reader and is used to surmount the limitations of sandboxing (Adobe brick Reader sandpile bypass). A venomed feat document is sensed by ESET atomic number 3 PDF / Exploit.CVE-2013-5065.A.

Update MS14-001closes three vulnerabilities in complete versions of Microsoft News 2003-2007-2010-2013-2013 RT. The firm vulnerabilities CVE-2014-0258, CVE-2014-0259, CVE-2014-0260 are of the Distant Code Instruction execution (memory-corruption) type and can be used for remote code execution through a specially crafted .MD file. Overwork code likely .

The MS14-003 update fixes the vulnerability CVE-2014-0262 in the win32k.sys number one wood on Windows 7 and Windows Server 2008. The vulnerability is of the Acme Of Privelege type and can equal used by attackers to elevate their rights to the system level (code execution in kernel mode) . Overwork code verisimilar.

Update MS14-004fixes a vulnerability in CVE-2014-0261 in Microsoft Dynamics Axe. The vulnerability is of the Denial of Serve type. Exploit code supposed .

1 - Exploit code prospective The
chance of exploiting the exposure is very high, attackers buns use the exploit, for example, to remotely execute code.

2 - Exploit code would be difficult to build The
likelihood of exploitation is medium, since attackers are unconvincing to achieve a sustainable exploitation post, besides as due to the technical features of the vulnerability and complexness of the exploit development.

3 - Exploit code unlikely The
chance of development is minimal and attackers are unlikely to be able to develop successfully working code and utilisation this vulnerability to deportment an attack.

We recommend that our users set up updates as soon as possible and, if you have non already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default option).

Adobe brick also updated its products and released new versions of Adobe Flash Histrion, Adobe Reader, and Acrobat.

The stream versions of Adobe brick Proofreader and Acrobat are listed to a lower place. The company shut the 3 vulnerabilities CVE-2014-0493 (memory board-corruption), CVE-2014-0495 (memory board-corruption), CVE-2014-0496 (wont-after-free). Entirely of them can beryllium used to fulfil discretional code in the system through a especially embattled PDF file.

In the case of Flash Player, the company unmoving two vulnerabilities CVE-2014-0491 and CVE-2014-0492. The current versions are given below.

We recommend that users use a turn back of the version of Flash Player used by your browser, for this you can use the official. Adobe brick source here or here . Note that browsers such as Google Chrome and Internet Adventurer 10+ are automatically updated with the release of the new version of Flash Actor. You can get Flash update information for your browser at this contact .

be secure.

DOWNLOAD HERE

GET Microsoft and Adobe Released Update Set, January 2014 / ESET NOD32 Blog / Sudo Null IT News FREE

Posted by: salguerounnot1977.blogspot.com

Share this post