Qualys Vulnerability R&D Lab has released new vulnerability checks in the Qualys Cloud Platform to protect organizations against 24 vulnerabilities that were fixed in 8 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 8 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
This security update resolves fourteen privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution.
This security update is rated Critical for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS14-056 Windows 7 for 32-bit Systems Service Pack 1(Internet Explorer 10)
MS14-056 Windows 7 for 32-bit Systems Service Pack 1(Internet Explorer 11)
MS14-056 Windows 7 for 32-bit Systems Service Pack 1(Internet Explorer 8)
MS14-056 Windows 7 for 32-bit Systems Service Pack 1(Internet Explorer 9)
MS14-056 Windows 7 for x64-based Systems Service Pack 1(Internet Explorer 10)
MS14-056 Windows 7 for x64-based Systems Service Pack 1(Internet Explorer 11)
MS14-056 Windows 7 for x64-based Systems Service Pack 1(Internet Explorer 8)
MS14-056 Windows 7 for x64-based Systems Service Pack 1(Internet Explorer 9)
MS14-056 Windows 8 for 32-bit Systems(Internet Explorer 10)
MS14-056 Windows 8 for x64-based Systems(Internet Explorer 10)
MS14-056 Windows 8.1 for 32-bit Systems(Internet Explorer 11)
MS14-056 Windows 8.1 for x64-based Systems(Internet Explorer 11)
MS14-056 Windows Server 2003 Service Pack 2(Internet Explorer 6)
MS14-056 Windows Server 2003 Service Pack 2(Internet Explorer 7)
MS14-056 Windows Server 2003 Service Pack 2(Internet Explorer 8)
MS14-056 Windows Server 2003 with SP2 for Itanium-based Systems(Internet Explorer 6)
MS14-056 Windows Server 2003 with SP2 for Itanium-based Systems(Internet Explorer 7)
MS14-056 Windows Server 2003 x64 Edition Service Pack 2(Internet Explorer 6)
MS14-056 Windows Server 2003 x64 Edition Service Pack 2(Internet Explorer 7)
MS14-056 Windows Server 2003 x64 Edition Service Pack 2(Internet Explorer 8)
MS14-056 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(Internet Explorer 8)
MS14-056 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Internet Explorer 10)
MS14-056 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Internet Explorer 11)
MS14-056 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Internet Explorer 8)
MS14-056 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Internet Explorer 9)
MS14-056 Windows Server 2008 for 32-bit Systems Service Pack 2(Internet Explorer 7)
MS14-056 Windows Server 2008 for 32-bit Systems Service Pack 2(Internet Explorer 8)
MS14-056 Windows Server 2008 for 32-bit Systems Service Pack 2(Internet Explorer 9)
MS14-056 Windows Server 2008 for Itanium-based Systems Service Pack 2(Internet Explorer 7)
MS14-056 Windows Server 2008 for x64-based Systems Service Pack 2(Internet Explorer 7)
MS14-056 Windows Server 2008 for x64-based Systems Service Pack 2(Internet Explorer 8)
MS14-056 Windows Server 2008 for x64-based Systems Service Pack 2(Internet Explorer 9)
MS14-056 Windows Server 2012(Internet Explorer 10)
MS14-056 Windows Server 2012 R2(Internet Explorer 11)
MS14-056 Windows Vista Service Pack 2(Internet Explorer 7)
MS14-056 Windows Vista Service Pack 2(Internet Explorer 8)
MS14-056 Windows Vista Service Pack 2(Internet Explorer 9)
MS14-056 Windows Vista x64 Edition Service Pack 2(Internet Explorer 7)
MS14-056 Windows Vista x64 Edition Service Pack 2(Internet Explorer 8)
MS14-056 Windows Vista x64 Edition Service Pack 2(Internet Explorer 9)
A remote code execution vulnerability exists in the way that Microsoft .NET Framework improperly parses internationalized resource identifiers. An attacker who successfully exploits this vulnerability could take complete control of an affected system (CVE-2014-4121).
A security feature bypass vulnerability exists in Microsoft .NET Framework that could allow an attacker to bypass the Address Space Layout Randomization (ASLR) security feature, which helps protect users from a broad class of vulnerabilities (CVE-2014-4122).
An elevation of privilege vulnerability exists in Microsoft .NET Framework that could allow an attacker to elevate privileges on the targeted system (CVE-2014-4073).
This security update is rated Critical for Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4, and Microsoft .NET Framework 4.5/4.5.1/4.5.2 on affected releases of Microsoft Windows.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS14-057 Windows 7 for 32-bit Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS14-057 Windows 7 for 32-bit Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS14-057 Windows 7 for 32-bit Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS14-057 Windows 7 for 32-bit Systems Service Pack 1(Microsoft .NET Framework 4)
MS14-057 Windows 7 for 32-bit Systems Service Pack 1(Microsoft .NET Framework 4)
MS14-057 Windows 7 for 32-bit Systems Service Pack 1(Microsoft .NET Framework 4.5/4.5.1/4.5.2)
MS14-057 Windows 7 for 32-bit Systems Service Pack 1(Microsoft .NET Framework 4.5/4.5.1/4.5.2)
MS14-057 Windows 7 for x64-based Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS14-057 Windows 7 for x64-based Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS14-057 Windows 7 for x64-based Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS14-057 Windows 7 for x64-based Systems Service Pack 1(Microsoft .NET Framework 4)
MS14-057 Windows 7 for x64-based Systems Service Pack 1(Microsoft .NET Framework 4)
MS14-057 Windows 7 for x64-based Systems Service Pack 1(Microsoft .NET Framework 4.5/4.5.1/4.5.2)
MS14-057 Windows 7 for x64-based Systems Service Pack 1(Microsoft .NET Framework 4.5/4.5.1/4.5.2)
MS14-057 Windows 8 for 32-bit Systems(Microsoft .NET Framework 3.5)
MS14-057 Windows 8 for 32-bit Systems(Microsoft .NET Framework 3.5)
MS14-057 Windows 8 for 32-bit Systems(Microsoft .NET Framework 3.5)
MS14-057 Windows 8 for 32-bit Systems(Microsoft .NET Framework 4.5/4.5.1/4.5.2)
MS14-057 Windows 8 for 32-bit Systems(Microsoft .NET Framework 4.5/4.5.1/4.5.2)
MS14-057 Windows 8 for x64-based Systems(Microsoft .NET Framework 3.5)
MS14-057 Windows 8 for x64-based Systems(Microsoft .NET Framework 3.5)
MS14-057 Windows 8 for x64-based Systems(Microsoft .NET Framework 3.5)
MS14-057 Windows 8 for x64-based Systems(Microsoft .NET Framework 4.5/4.5.1/4.5.2)
MS14-057 Windows 8 for x64-based Systems(Microsoft .NET Framework 4.5/4.5.1/4.5.2)
MS14-057 Windows 8.1 for 32-bit Systems(Microsoft .NET Framework 3.5)
MS14-057 Windows 8.1 for 32-bit Systems(Microsoft .NET Framework 3.5)
MS14-057 Windows 8.1 for 32-bit Systems(Microsoft .NET Framework 3.5)
MS14-057 Windows 8.1 for 32-bit Systems(Microsoft .NET Framework 4.5.1/4.5.2)
MS14-057 Windows 8.1 for 32-bit Systems(Microsoft .NET Framework 4.5.1/4.5.2)
MS14-057 Windows 8.1 for x64-based Systems(Microsoft .NET Framework 3.5)
MS14-057 Windows 8.1 for x64-based Systems(Microsoft .NET Framework 3.5)
MS14-057 Windows 8.1 for x64-based Systems(Microsoft .NET Framework 3.5)
MS14-057 Windows 8.1 for x64-based Systems(Microsoft .NET Framework 4.5.1/4.5.2)
MS14-057 Windows 8.1 for x64-based Systems(Microsoft .NET Framework 4.5.1/4.5.2)
MS14-057 Windows Server 2003 Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS14-057 Windows Server 2003 Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS14-057 Windows Server 2003 Service Pack 2(Microsoft .NET Framework 4)
MS14-057 Windows Server 2003 Service Pack 2(Microsoft .NET Framework 4)
MS14-057 Windows Server 2003 with SP2 for Itanium-based Systems(Microsoft .NET Framework 2.0 Service Pack 2)
MS14-057 Windows Server 2003 with SP2 for Itanium-based Systems(Microsoft .NET Framework 2.0 Service Pack 2)
MS14-057 Windows Server 2003 with SP2 for Itanium-based Systems(Microsoft .NET Framework 4)
MS14-057 Windows Server 2003 with SP2 for Itanium-based Systems(Microsoft .NET Framework 4)
MS14-057 Windows Server 2003 x64 Edition Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS14-057 Windows Server 2003 x64 Edition Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS14-057 Windows Server 2003 x64 Edition Service Pack 2(Microsoft .NET Framework 4)
MS14-057 Windows Server 2003 x64 Edition Service Pack 2(Microsoft .NET Framework 4)
MS14-057 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS14-057 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS14-057 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS14-057 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(Microsoft .NET Framework 4)
MS14-057 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(Microsoft .NET Framework 4)
MS14-057 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS14-057 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS14-057 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS14-057 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Microsoft .NET Framework 4)
MS14-057 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Microsoft .NET Framework 4)
MS14-057 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Microsoft .NET Framework 4.5/4.5.1/4.5.2)
MS14-057 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Microsoft .NET Framework 4.5/4.5.1/4.5.2)
MS14-057 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(Microsoft .NET Framework 3.5.1)
MS14-057 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(Microsoft .NET Framework 3.5.1)
MS14-057 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(Microsoft .NET Framework 3.5.1)
MS14-057 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(Microsoft .NET Framework 4)
MS14-057 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(Microsoft .NET Framework 4)
MS14-057 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(Microsoft .NET Framework 4.5/4.5.1/4.5.2)
MS14-057 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(Microsoft .NET Framework 4.5/4.5.1/4.5.2)
MS14-057 Windows Server 2008 for 32-bit Systems Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS14-057 Windows Server 2008 for 32-bit Systems Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS14-057 Windows Server 2008 for 32-bit Systems Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS14-057 Windows Server 2008 for 32-bit Systems Service Pack 2(Microsoft .NET Framework 4)
MS14-057 Windows Server 2008 for 32-bit Systems Service Pack 2(Microsoft .NET Framework 4)
MS14-057 Windows Server 2008 for 32-bit Systems Service Pack 2(Microsoft .NET Framework 4.5/4.5.1/4.5.2)
MS14-057 Windows Server 2008 for 32-bit Systems Service Pack 2(Microsoft .NET Framework 4.5/4.5.1/4.5.2)
MS14-057 Windows Server 2008 for Itanium-based Systems Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS14-057 Windows Server 2008 for Itanium-based Systems Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS14-057 Windows Server 2008 for Itanium-based Systems Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS14-057 Windows Server 2008 for Itanium-based Systems Service Pack 2(Microsoft .NET Framework 4)
MS14-057 Windows Server 2008 for Itanium-based Systems Service Pack 2(Microsoft .NET Framework 4)
MS14-057 Windows Server 2008 for x64-based Systems Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS14-057 Windows Server 2008 for x64-based Systems Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS14-057 Windows Server 2008 for x64-based Systems Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS14-057 Windows Server 2008 for x64-based Systems Service Pack 2(Microsoft .NET Framework 4)
MS14-057 Windows Server 2008 for x64-based Systems Service Pack 2(Microsoft .NET Framework 4)
MS14-057 Windows Server 2008 for x64-based Systems Service Pack 2(Microsoft .NET Framework 4.5/4.5.1/4.5.2)
MS14-057 Windows Server 2008 for x64-based Systems Service Pack 2(Microsoft .NET Framework 4.5/4.5.1/4.5.2)
MS14-057 Windows Server 2012(Microsoft .NET Framework 3.5)
MS14-057 Windows Server 2012(Microsoft .NET Framework 3.5)
MS14-057 Windows Server 2012(Microsoft .NET Framework 3.5)
MS14-057 Windows Server 2012(Microsoft .NET Framework 4.5/4.5.1/4.5.2)
MS14-057 Windows Server 2012(Microsoft .NET Framework 4.5/4.5.1/4.5.2)
MS14-057 Windows Server 2012 (Server Core installation)(Microsoft .NET Framework 3.5)
MS14-057 Windows Server 2012 (Server Core installation)(Microsoft .NET Framework 3.5)
MS14-057 Windows Server 2012 (Server Core installation)(Microsoft .NET Framework 3.5)
MS14-057 Windows Server 2012 (Server Core installation)(Microsoft .NET Framework 4.5/4.5.1/4.5.2)
MS14-057 Windows Server 2012 (Server Core installation)(Microsoft .NET Framework 4.5/4.5.1/4.5.2)
MS14-057 Windows Server 2012 R2(Microsoft .NET Framework 3.5)
MS14-057 Windows Server 2012 R2(Microsoft .NET Framework 3.5)
MS14-057 Windows Server 2012 R2(Microsoft .NET Framework 3.5)
MS14-057 Windows Server 2012 R2(Microsoft .NET Framework 4.5.1/4.5.2)
MS14-057 Windows Server 2012 R2(Microsoft .NET Framework 4.5.1/4.5.2)
MS14-057 Windows Server 2012 R2 (Server Core installation)(Microsoft .NET Framework 3.5)
MS14-057 Windows Server 2012 R2 (Server Core installation)(Microsoft .NET Framework 3.5)
MS14-057 Windows Server 2012 R2 (Server Core installation)(Microsoft .NET Framework 3.5)
MS14-057 Windows Server 2012 R2 (Server Core installation)(Microsoft .NET Framework 4.5.1/4.5.2)
MS14-057 Windows Server 2012 R2 (Server Core installation)(Microsoft .NET Framework 4.5.1/4.5.2)
MS14-057 Windows Vista Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS14-057 Windows Vista Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS14-057 Windows Vista Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS14-057 Windows Vista Service Pack 2(Microsoft .NET Framework 4)
MS14-057 Windows Vista Service Pack 2(Microsoft .NET Framework 4)
MS14-057 Windows Vista Service Pack 2(Microsoft .NET Framework 4.5/4.5.1/4.5.2)
MS14-057 Windows Vista Service Pack 2(Microsoft .NET Framework 4.5/4.5.1/4.5.2)
MS14-057 Windows Vista x64 Edition Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS14-057 Windows Vista x64 Edition Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS14-057 Windows Vista x64 Edition Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS14-057 Windows Vista x64 Edition Service Pack 2(Microsoft .NET Framework 4)
MS14-057 Windows Vista x64 Edition Service Pack 2(Microsoft .NET Framework 4)
MS14-057 Windows Vista x64 Edition Service Pack 2(Microsoft .NET Framework 4.5/4.5.1/4.5.2)
MS14-057 Windows Vista x64 Edition Service Pack 2(Microsoft .NET Framework 4.5/4.5.1/4.5.2)
The kernel is prone to the following vulnerabilities:
- An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory.
- A remote code execution vulnerability exists when the Windows kernel-mode driver improperly handles TrueType fonts.
This security update is ratedCritical for all supported releases of Microsoft Windows.
Affected Software:
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012
Windows Server 2012 R2
Windows RT
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012 (server core installation)
Windows Server 2012 R2 (server core installation)
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS14-058 Windows 7 for 32-bit Systems Service Pack 1
MS14-058 Windows 7 for x64-based Systems Service Pack 1
MS14-058 Windows 8 for 32-bit Systems
MS14-058 Windows 8 for x64-based Systems
MS14-058 Windows 8.1 for 32-bit Systems
MS14-058 Windows 8.1 for x64-based Systems
MS14-058 Windows Server 2003 Service Pack 2
MS14-058 Windows Server 2003 with SP2 for Itanium-based Systems
MS14-058 Windows Server 2003 x64 Edition Service Pack 2
MS14-058 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS14-058 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS14-058 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS14-058 Windows Server 2008 for 32-bit Systems Service Pack 2
MS14-058 Windows Server 2008 for 32-bit Systems Service Pack 2
MS14-058 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS14-058 Windows Server 2008 for x64-based Systems Service Pack 2
MS14-058 Windows Server 2008 for x64-based Systems Service Pack 2
MS14-058 Windows Server 2012
MS14-058 Windows Server 2012
MS14-058 Windows Server 2012 R2
MS14-058 Windows Server 2012 R2
MS14-058 Windows Vista Service Pack 2
MS14-058 Windows Vista x64 Edition Service Pack 2
A cross-site scripting (XSS) vulnerability exists in ASP.NET MVC that can allow an attacker to inject a client-side script into the users web browser.
This security update is rated Important for all supported releases of Microsoft Windows.
Affected Software:
ASP.NET MVC 2.0
ASP.NET MVC 3.0
ASP.NET MVC 4.0
ASP.NET MVC 5.0
ASP.NET MVC 5.1
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS14-059 ASP.NET MVC 2.0
MS14-059 ASP.NET MVC 3.0
MS14-059 ASP.NET MVC 4.0
MS14-059 ASP.NET MVC 5.0
MS14-059 ASP.NET MVC 5.1
Affected Versions:-
Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8 and Windows 8.1, Windows Server 2012 and Windows Server 2012 R2, Windows RT and Windows RT 8.1
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS14-060 Windows 7 for 32-bit Systems Service Pack 1
MS14-060 Windows 7 for x64-based Systems Service Pack 1
MS14-060 Windows 8 for 32-bit Systems
MS14-060 Windows 8 for x64-based Systems
MS14-060 Windows 8.1 for 32-bit Systems
MS14-060 Windows 8.1 for x64-based Systems
MS14-060 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS14-060 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS14-060 Windows Server 2008 for 32-bit Systems Service Pack 2
MS14-060 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS14-060 Windows Server 2008 for x64-based Systems Service Pack 2
MS14-060 Windows Server 2012
MS14-060 Windows Server 2012 R2
MS14-060 Windows Vista Service Pack 2
MS14-060 Windows Vista x64 Edition Service Pack 2
This security update is rated Important for supported editions of Microsoft Word 2007, Microsoft Office 2007, Microsoft Word 2010, Microsoft Office 2010, Microsoft Office for Mac 2011, Microsoft Office Compatibility Pack, Word Automation Services, and Microsoft Office Web Apps Server 2010.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS14-061 Microsoft Office 2007 Service Pack 3(Microsoft Word 2007 Service Pack 3)
MS14-061 Microsoft Office 2007 Service Pack 3
MS14-061 Microsoft Office 2010 Service Pack 1 (32-bit editions)(Microsoft Word 2010 Service Pack 1 (32-bit editions))
MS14-061 Microsoft Office 2010 Service Pack 1 (32-bit editions)
MS14-061 Microsoft Office 2010 Service Pack 1 (64-bit editions)(Microsoft Word 2010 Service Pack 1 (64-bit editions))
MS14-061 Microsoft Office 2010 Service Pack 1 (64-bit editions)
MS14-061 Microsoft Office 2010 Service Pack 2 (32-bit editions)(Microsoft Word 2010 Service Pack 2 (32-bit editions))
MS14-061 Microsoft Office 2010 Service Pack 2 (32-bit editions)
MS14-061 Microsoft Office 2010 Service Pack 2 (64-bit editions)(Microsoft Word 2010 Service Pack 2 (64-bit editions))
MS14-061 Microsoft Office 2010 Service Pack 2 (64-bit editions)
MS14-061 Microsoft Office Compatibility Pack Service Pack 3
MS14-061 Microsoft Office Web Apps 2010(Microsoft Office Web Apps Server 2010)
MS14-061 Microsoft Office Web Apps 2010 Service Pack 1(Microsoft Office Web Apps Server 2010 Service Pack 1)
MS14-061 Microsoft Office Web Apps 2010 Service Pack 2(Microsoft Office Web Apps Server 2010 Service Pack 2)
MS14-061 Microsoft Office for Mac 2011
MS14-061 Microsoft SharePoint Server 2010 Service Pack 1(Word Automation Services)
MS14-061 Microsoft SharePoint Server 2010 Service Pack 2(Word Automation Services)
An elevation of privilege vulnerability exists in the Windows Message Queuing service (MSMQ) due to a specific flaw in the parsing of an IOCTL request to the Message Queuing service. The MSMQ service improperly handles objects in memory by inadvertently allowing overwrite. An attacker could exploit this vulnerability by sending a specially crafted IOCTL request to the MSMQ service.
This security update is rated Important for all supported editions of Windows 2003.
Refer to Microsoft Security Bulletin MS14-062 for further details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS14-062 Windows Server 2003 Service Pack 2
MS14-062 Windows Server 2003 with SP2 for Itanium-based Systems
MS14-062 Windows Server 2003 x64 Edition Service Pack 2
An elevation of privilege vulnerability exists in the FASTFAT driver. The vulnerability is caused when the FASTFAT driver executes a function that results in a buffer under-allocation issue. An attacker could attack a system locally by inserting a specially crafted USB drive into the system.
This security update is rated Important for all supported editions of Windows 2003, Windows Vista and Windows Server 2008.
Refer to Microsoft Security Bulletin MS14-063 for further details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS14-063 Windows Server 2003 Service Pack 2
MS14-063 Windows Server 2003 with SP2 for Itanium-based Systems
MS14-063 Windows Server 2003 x64 Edition Service Pack 2
MS14-063 Windows Server 2008 for 32-bit Systems Service Pack 2
MS14-063 Windows Server 2008 for 32-bit Systems Service Pack 2
MS14-063 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS14-063 Windows Server 2008 for x64-based Systems Service Pack 2
MS14-063 Windows Server 2008 for x64-based Systems Service Pack 2
MS14-063 Windows Vista Service Pack 2
MS14-063 Windows Vista x64 Edition Service Pack 2
These new vulnerability checks are included in Qualys vulnerability signature 2.2.843-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Qualys Cloud Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.