Jump to content


Photo

MS Security Advisories


  • Please log in to reply
301 replies to this topic

#301 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,704 posts

Posted 24 March 2014 - 05:17 PM

FYI...

Microsoft Security Advisory (2953095)
Vulnerability in Microsoft Word Could Allow Remote Code Execution
- https://technet.micr...dvisory/2953095
Mar 24, 2014 - "Microsoft is aware of a vulnerability affecting supported versions of Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Applying the Microsoft Fix it solution*, "Disable opening RTF content in Microsoft Word," prevents the exploitation of this issue through Microsoft Word... The vulnerability is a remote code execution vulnerability. The issue is caused when Microsoft Word parses specially crafted RTF-formatted data causing system memory to become corrupted in such a way that an attacker could execute arbitrary code. The vulnerability could be exploited through Microsoft Outlook only when using Microsoft Word as the email viewer. Note that by default, Microsoft Word is the email reader in Microsoft Outlook 2007, Microsoft Outlook 2010, and Microsoft Outlook 2013. On completion of investigation for this vulnerability, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs..."

• V1.1 (March 27, 2014): Updated Advisory FAQ to clarify that Microsoft WordPad is not affected by the issue and to help explain how the issue is specific to Microsoft Word.
* https://support.micr...3095#FixItForMe
Microsoft Fix it 51010

- http://blogs.technet...detections.aspx
24 Mar 2014
___

- https://secunia.com/advisories/57577/
Criticality: Extremely Critical
Where: From remote
Impact: System access...
CVE Reference: https://web.nvd.nist...d=CVE-2014-1761 - 9.3 (HIGH)
"... as exploited in the wild in March 2014."
Reported as a 0-Day...
Original Advisory: https://technet.micr...dvisory/2953095

0-Day Exploit Targeting Word, Outlook
- http://krebsonsecuri...d-2010-exploit/
Mar 24, 2014

- https://www.computer...g_unpatched_bug
Mar 24, 2014 - "... exploits are triggered just by -previewing- malicious messages in Outlook 2007, 2010 and 2013..."
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 30 March 2014 - 06:52 AM.

This machine has no brain.
......... Use your own.
Browser check for updates here.
.

#302 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 8,704 posts

Posted 08 April 2014 - 04:01 PM

FYI...

Microsoft Security Advisory (2953095)
Vulnerability in Microsoft Word Could Allow Remote Code Execution
- http://technet.micro...dvisory/2953095
Last Updated: April 8, 2014 - "... We have issued MS14-017* to address this issue..."
* http://technet.micro...lletin/ms14-017

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.micro...dvisory/2755801
Last Updated: April 8, 2014 - V22.0
 

:ph34r:


This machine has no brain.
......... Use your own.
Browser check for updates here.
.




7 user(s) are reading this topic

0 members, 7 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button