Schweregrad: : Alto
  Data do informe: 08 abril 2014

  Descrição

Microsoft addresses the following vulnerabilities in its April batch of patches:

  • (MS14-017) Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2949660)
    Risk Rating: Critical

    This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft Office. The most severe of these vulnerabilities could allow remote code execution if a specially crafted file is opened or previewed in an affected version of Microsoft Office software.


  • (MS14-018) Cumulative Security Update for Internet Explorer (2950467)
    Risk Rating: Critical

    This security update resolves six privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.


  • (MS14-019) Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2922229)
    Risk Rating: Important

    This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user runs specially crafted .bat and .cmd files from a trusted or semi-trusted network location.


  • (MS14-020) Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (2950145)
    Risk Rating: Important

    This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted file in an affected version of Microsoft Publisher.

  Exposição das informações

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.

MS Bulletin ID Vulnerability ID DPI Rule Number DPI Rule Name Release Date Vulnerability and IDF Compatibility
MS14-017 CVE-2014-1761 1005990 Microsoft Word RTF Remote Code Execution Vulnerability (CVE-2014-1761) 26-Mar-14 YES
MS14-017 CVE-2014-1761 1006000 Microsoft Word RTF Remote Code Execution Vulnerability (CVE-2014-1761) - 1 8-Apr-14 YES
MS14-017 CVE-2014-1761 1005989 1005989 - Identified Malicious C&C Server SSL Certificate 8-Apr-14 YES
MS14-018 CVE-2014-1751 1005991 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-1751) 8-Apr-14 YES
MS14-018 CVE-2014-1752 1005992 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-1752) 8-Apr-14 YES
MS14-018 CVE-2014-1753 1005995 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-1753) 8-Apr-14 YES
MS14-018 CVE-2014-1755 1005996 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-1755) 8-Apr-14 YES

  Solução