Severity: : High
  Advisory Date: 09 de września de 2014

  DESCRIPTION

Microsoft addresses the following vulnerabilities in its September batch of patches:

  • (MS14-052) Cumulative Security Update for Internet Explorer (2977629)
    Risk Rating: Critical

    This security update addresses several vulnerabilities found existing in Internet Explorer. When exploited successfully, it could allow remote code execution thus compromising the security of the affected systems.


  • (MS14-053) Vulnerability in .NET Framework Could Allow Denial of Service (2990931)
    Risk Rating: Important

    This security update addresses a vulnerability found in Microsoft .NET Framework. Once exploited successfully, it can allow denial of service.


  • (MS14-054)Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2984615)
    Risk Rating: Important

    This security update addresses a vulnerability found in Microsoft Windows, which could allow elevation of privilege once exploited successfully by attackers via a specially crafted application.


  • (MS14-055) Vulnerabilities in Microsoft Lync Server Could Allow Denial of Service (2990928)
    Risk Rating: Important

    This security update addresses vulnerabilities in Microsoft Lync Server, that could allow denial of service via a specially crafted request to a Lync server thus compromising its security.

  INFORMATION EXPOSURE

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.

MS Bulletin ID Vulnerability ID DPI Rule Number DPI Rule Name Release Date Vulnerability Protection and IDF Compatibility
MS14-052 CVE-2014-2799 1006164 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-2799) 9-Sep-14 YES
MS14-052 CVE-2014-4065 1006219 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4065) 9-Sep-14 YES
MS14-052 CVE-2014-4080 1006224 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4080) 9-Sep-14 YES
MS14-052 CVE-2014-4081 1006227 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4081) 9-Sep-14 YES
MS14-052 CVE-2014-4082 1006230 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4082) 9-Sep-14 YES
MS14-052 CVE-2014-4084 1006221 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4084) 9-Sep-14 YES
MS14-052 CVE-2014-4086 1006229 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4086) 9-Sep-14 YES
MS14-052 CVE-2014-4087 1006222 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4087) 9-Sep-14 YES
MS14-052 CVE-2014-4088 1006225 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4088) 9-Sep-14 YES
MS14-052 CVE-2014-4089 1006220 Microsoft Internet Explorer Use After Free Vulnerability (CVE-2014-4089) 9-Sep-14 YES
MS14-052 CVE-2014-4092 1006223 Microsoft Internet Explorer Use After Free Vulnerability (CVE-2014-4092) 9-Sep-14 YES
MS14-052 CVE-2014-4094 1006226 Microsoft Internet Explorer Use After Free Vulnerability (CVE-2014-4094) 9-Sep-14 YES
MS14-052 CVE-2014-4095 1006228 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4095) 9-Sep-14 YES

  SOLUTION