周二补丁日:微软八月份公告包括关键性的安全更新

2014/08/14

If it is the second month of week two , that is, Microsoft released a security update patch, when they called: “Patch Tuesday.” Microsoft August 2014 Security Bulletin includes addressing critical security update Windows, Office, SQL Server, server software, .net Framework and IE browser vulnerability.

Some of these vulnerabilities could allow remote code execution, privilege escalation or bypass security features.

After Microsoft security updates in April last year due to the end of support for Windows XP operating system, access to very close attention. Although efforts have been made to Microsoft users to stop using XP, but a quarter of desktop computers and 90 percent of ATM machines still use Windows XP operating system.

August is an important announcement:

August bulletin includes a number of questions:

“Windows resource manages security update: solve the attacker could gain the same user rights as the current user. This vulnerability could allow remote code execution if a user use IE browser to view a specially crafted Web page.

“Windows Media Center Vulnerability: allow remote code execution if a user opened by hackers designed to invoke the Windows Media Center Resources Microsoft Office files.

“OneNote loophole: If you open a document designed by a hacker in the affected versions of Microsoft OneNote, and will allow remote code execution

“SQL Server vulnerability: This vulnerability could allow elevation of privilege user

“Kernel mode driver vulnerabilities: This vulnerability could allow elevation of privilege. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities

“Microsoft Windwos Installer vulnerability: This vulnerability could allow elevation of privilege user. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities.

“Microsoft SharePoint server vulnerability: This vulnerability could allow a user privilege escalation. An attacker could exploit the vulnerability in the user context to run malicious Javascript.

“.Net Framework (Framework) Vulnerability: If the user visits a specially crafted Web site, the vulnerability could allow to bypass security features. An attacker must be used in conjunction with this vulnerability and other vulnerabilities, such as a remote code execution vulnerability in order to bypass ASLR get to run arbitrary code.

“LRPC Vulnerability: This vulnerability could allow to bypass security features. An attacker must be used in conjunction with this vulnerability and other vulnerabilities, such as a remote code execution vulnerability in order to bypass ASLR get to run arbitrary code.

Tags:

Write a comment

Name
Comment