Microsoft patch tuesday

Η Microsoft ανακοίνωσε το Patch της Τρίτης

Η Microsoft διέθεσε σήμερα στο καθιερωμένο Patch της Τρίτης τις ενημερώσεις αυτού του μήνα για να διορθώσει συνολικά 13 διαφορετικά τρωτά σημεία στα Windows, τον Internet Explorer και το Office.

Σύμφωνα με το δελτίο ασφαλείας που κυκλοφόρησε από την εταιρεία σήμερα το πρωί, υπάρχουν οκτώ ενημερώσεις, δύο από τις οποίες χαρακτηρίζονται σαν κρίσιμες και έξι που τις χαρακτηρίζει σημαντικές, και καθορίζουν τρωτά σημεία στο NET Framework, το Office, το SharePoint, τον Internet Explorer και τα Windows.

Microsoft patch tuesday

Το Μicrosoft Office είναι ένα από τα προγράμματα που θα ενημερωθούν σε αυτό το Patch της Τρίτης όπως είχε υποσχεθεί η εταιρεία. Το Office 2003 σταματάει να ενημερώνετε από αυτόν τον μήνα. Η πρώτη ενημέρωση διορθώνει ένα σφάλμα που σύμφωνα με την εταιρεία:
“Με την τοποθέτηση ενός κακόβουλου αρχείου DLL σε ένα συγκεκριμένο κατάλογο του δικτύου, ένας εισβολέας θα μπορούσε να κάνει τους χρήστες να φορτώσουν τον κώδικα της επίθεσης.”

Η δεύτερη ευπάθεια επηρεάζει μόνο το Office 2013 και σύμφωνα με την εταιρεία ένας ο χρήστης που επισκέπτεται κακόβουλες ιστοσελίδες κινδυνεύει να χάσει τα διακριτικά από το Office.

Μια από τις ενημερωμένες εκδώσεις απευθύνεται σε χρήστες του Internet Explorer και η εταιρεία αναφέρει ότι είναι “από τις πιο κρίσιμες” που κυκλοφορούν σε αυτό το Patch της Τρίτης και η εγκατάσταση της ενημέρωσης θα πρέπει να γίνει όσο το δυνατόν συντομότερα. Τα Windows XP, έχουν σταματήσει να υποστηρίζονται.

Τελευταία αλλά επίσης σημαντική, είναι η ενημέρωση ασφαλείας MS14-027 που έρχεται να καθορίσει ένα κενό ασφαλείας στα Windows, που θα μπορούσε να εκθέσει τα του χρήστη σε περίπτωση ένα exploit εκμεταλλευτεί ένα bug του Windows Shell. Όλες οι εκδόσεις των Windows είναι ευάλωτες σε αυτού του είδους τις επιθέσεις, και η Μicrosoft συνιστά σε όλους να επιδιορθώσουν το σφάλμα όσο το δυνατόν συντομότερα.

Όλα τα patches έρχονται μέσω του Windows Update.

Bulletin IDBulletin Title and Executive SummaryMaximum Severity Rating and Vulnerability ImpactRestart RequirementAffected Software
MS14-021
(Released out-of-band on May 1, 2014)
Security Update for Internet Explorer (2965111)This security update resolves a publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow code execution if a user views a specially crafted webpage using an affected version of Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.Critical
Remote Code Execution
Requires restartΜicrosoft Windows,
Internet Explorer
MS14-029Security Update for Internet Explorer (2962482)This security update resolves two privately reported vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.Critical
Remote Code Execution
Requires restartΜicrosoft Windows,
Internet Explorer
MS14-022Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2952166)This security update resolves multiple privately reported vulnerabilities in Microsoft Office server and productivity software. The most severe of these vulnerabilities could allow remote code execution if an authenticated attacker sends specially crafted page content to a SharePoint server.Critical
Remote Code Execution
May require restartΜicrosoft Server Software,
Productivity Software
MS14-023Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2961037)This security update resolves two privately reported vulnerabilities in Microsoft Office. The most severe vulnerability could allow remote code execution if a user opens an Office file that is located in the same network directory as a specially crafted file. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.Important
Remote Code Execution
May require restartΜicrosoft Office
MS14-025Vulnerability in Group Policy Preferences Could Allow Elevation of Privilege (2962486)This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if Active Directory Group Policy preferences are used to distribute passwords across the domain – a practice that could allow an attacker to retrieve and decrypt the password stored with Group Policy preferences.Important
Elevation of Privilege
May require restartΜicrosoft Windows
MS14-026Vulnerability in .NET Framework Could Allow Elevation of Privilege (2958732)

This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow elevation of privilege if an unauthenticated attacker sends specially crafted data to an affected workstation or server that uses .NET Remoting. .NET Remoting is not widely used by applications; only custom applications that have been specifically designed to use .NET Remoting would expose a system to the vulnerability.
Important
Elevation of Privilege
May require restartΜicrosoft Windows,
Μicrosoft .NET Framework
MS14-027Vulnerability in Windows Shell Handler Could Allow Elevation of Privilege (2962488)This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application that uses ShellExecute. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.Important
Elevation of Privilege
Requires restartΜicrosoft Windows
MS14-028Vulnerability in iSCSI Could Allow Denial of Service (2962485)This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow denial of service if an attacker sends large amounts of specially crafted iSCSI packets over the target network. This vulnerability only affects servers for which the iSCSI target role has been enabled.Important
Denial of Service
May require restartΜicrosoft Windows
MS14-024Vulnerability in a Microsoft Common Control Could Allow Security Feature Bypass (2961033)This security update resolves one privately reported vulnerability in an implementation of the MSCOMCTL common controls library. The vulnerability could allow security feature bypass if a user views a specially crafted webpage in a web browser capable of instantiating COM components, such as Internet Explorer. In a web-browsing attack scenario, an attacker who successfully exploited this vulnerability could bypass the Address Space Layout Randomization (ASLR) security feature, which helps protect users from a broad class of vulnerabilities. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability that could take advantage of the ASLR bypass to run arbitrary code.Important
Security Feature Bypass
May require restartΜicrosoft Office

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by Δημήτρης

O Δημήτρης μισεί τις Δευτέρες.....

Αφήστε μια απάντηση

Η ηλ. διεύθυνση σας δεν δημοσιεύεται. Τα υποχρεωτικά πεδία σημειώνονται με *

Το μήνυμα σας δεν θα δημοσιευτεί εάν:
1. Περιέχει υβριστικά, συκοφαντικά, ρατσιστικά, προσβλητικά ή ανάρμοστα σχόλια.
2. Προκαλεί βλάβη σε ανηλίκους.
3. Παρενοχλεί την ιδιωτική ζωή και τα ατομικά και κοινωνικά δικαιώματα άλλων χρηστών.
4. Διαφημίζει προϊόντα ή υπηρεσίες ή διαδικτυακούς τόπους .
5. Περιέχει προσωπικές πληροφορίες (διεύθυνση, τηλέφωνο κλπ).