BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Retina Vulnerability Audits – August 2014 Patch Tuesday

Posted August 12, 2014    BeyondTrust Research Team

The following is a list of Retina vulnerability audits for this August 2014 Patch Tuesday:

MS14-043 – Vulnerability in Windows Media Center Could Allow Remote Code Execution (2978742)
34924 – Microsoft WMC Remote Code Execution (2978742)

MS14-044 – Vulnerabilities in SQL Server Could Allow Elevation of Privilege (2984340)
34915 – Microsoft SQL Server Multiple Vulnerabilities (2984340) – 2008
34916 – Microsoft SQL Server Multiple Vulnerabilities (2984340) – 2008R2
34917 – Microsoft SQL Server Multiple Vulnerabilities (2984340) – 2012
34918 – Microsoft SQL Server Multiple Vulnerabilities (2984340) – 2014
34919 – Microsoft SQL Server Multiple Vulnerabilities (2984340) – 2008 x64
34920 – Microsoft SQL Server Multiple Vulnerabilities (2984340) – 2012 x64
34925 – Microsoft SQL Server Multiple Vulnerabilities (2984340) – 2008R2 x64

MS14-045 – Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2984615)
34914 – Microsoft KMD Elevation of Privilege (2984615) – KB2982791
34921 – Microsoft KMD Elevation of Privilege (2984615) – KB2976897

MS14-046 – Vulnerability in .NET Framework Could Allow Security Feature Bypass (2984625)
34927 – Microsoft .NET ASLR Bypass (2984625) – .NET 2.0 SP2
34928 – Microsoft .NET ASLR Bypass (2984625) – .NET 3.0 SP2
34929 – Microsoft .NET ASLR Bypass (2984625) – .NET 3.5 KB2966825
34930 – Microsoft .NET ASLR Bypass (2984625) – .NET 3.5 KB2966827
34931 – Microsoft .NET ASLR Bypass (2984625) – .NET 3.5 KB2966826
34932 – Microsoft .NET ASLR Bypass (2984625) – .NET 3.5 KB2966828
34933 – Microsoft .NET ASLR Bypass (2984625) – .NET 3.5.1 KB2937610
34934 – Microsoft .NET ASLR Bypass (2984625) – .NET 3.5.1 KB2943357

MS14-047 – Vulnerability in LRPC Could Allow Security Feature Bypass (2978668)
34913 – Microsoft LRPC ASLR Bypass (2978668)

MS14-048 – Vulnerability in OneNote Could Allow Remote Code Execution (2977201)
34912 – Microsoft OneNote Remote Code Execution (2977201)
34935 – Microsoft OneNote Remote Code Execution (2977201) – x64

MS14-049 – Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (2962490)
34911 – Microsoft Windows Installer Elevation Privilege (2962490)

MS14-050 – Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege (2977202)
34926 – Microsoft SharePoint Server Elevation of Privilege (2977202)

MS14-051 – Cumulative Security Update for Internet Explorer (2976627)
34922 – Microsoft Cumulative Security Update for Internet Explorer (2976627)
34923 – Microsoft Cumulative Security Update for Internet Explorer (2976627) – IE8/2003
34937 – Microsoft Cumulative Security Update for Internet Explorer (2976627) – IE8 Other

Leave a Reply

Additional articles

How To Implement The Australian Signals Directorate’s Top 4 Strategies

Posted October 20, 2014    Morey Haber

The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate, has developed a list of strategies to mitigate targeted cyber intrusions. The recommended strategies were developed through ASD’s extensive experience in operational cyber security, including responding to serious security intrusions and performing vulnerability assessments and penetration testing for Australian government agencies. These recommendations…

Tags:
, , , ,
asp-mvc

Exploiting MS14-059 because sometimes XSS is fun, sometimes…

Posted October 17, 2014    BeyondTrust Research Team

This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide adoption we thought we would take a closer look. Referring to the bulletin we can glean a few useful pieces of information: “A cross-site scripting (XSS) vulnerability exists…

Tags:
4bestpracticesaudits-blog

Four Best Practices for Passing Privileged Account Audits

Posted October 16, 2014    Chris Burd

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. Your process for delegating privileged access to desktops, servers, and infrastructure devices is a massive target for the auditor’s microscope. An audit’s findings can have significant implications on technology and business strategy, so it’s critical to make sure you’re prepared…

Tags:
, , , ,