CIS CYBER SECURITY ADVISORIES

MS-ISAC CYBER SECURITY ADVISORY NUMBER:
2014-075

DATE(S) ISSUED:
09/09/2014

SUBJECT:
Cumulative Security Update for Internet Explorer (MS14-052)

OVERVIEW:

Multiple vulnerabilities have been discovered in Microsoft's web browser, Internet Explorer, which could allow an attacker to take complete control of an affected system. Successful exploitation of these vulnerabilities could result in an attacker gaining elevated privileges on the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

THREAT INTELLIGENCE

This advisory covers one publicly disclosed and thirty-six privately reported vulnerabilities in Internet Explorer. At this time, there have been attempts to exploit the vulnerability described in in CVE-2013-7331. No other active exploitation attempts have been observed.

SYSTEM AFFECTED:

  • Internet Explorer 6
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11

RISK:

Government:

  • Large and medium government entities:High
  • Small government entities:High

Businesses:

  • Large and medium business entities:High
  • Small business entities:High

Home users: High

TECHNICAL SUMMARY:

Multiple vulnerabilities were discovered in Internet Explorer due to the way objects in memory are improperly accessed. The vulnerabilities are as follows:

  • Thirty-six memory corruption vulnerabilities
  • One resource information disclosure vulnerability

These vulnerabilities could allow an attacker to execute remote code by luring a victim to a malicious website. When the website is visited, the attacker's script will run with same permissions as the affected user account. An attacker could then install programs; view, change, or delete data. The resource information disclosure vulnerability allows the enumeration of local and UNC paths, intranet hostnames, and intranet IP addresses.

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Apply appropriate patches provided by Microsoft to vulnerable systems immediately after appropriate testing.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • ]Remind users to only click links from trusted sources, and only after verifying the destination of the link.

REFERENCES:

Microsoft:

https://technet.microsoft.com/library/security/ms14-052

CVE:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7331

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2799

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4059

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4065

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4079

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4080

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4081

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4082

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4083

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4084

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4085

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4086

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4087

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4088

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4089

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4090

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4091

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4092

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4093

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4094

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4095

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4096

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4097

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4098

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4099

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4100

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4101

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4102

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4103

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4104

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4105

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4106

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4107

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4108

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4109

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4110

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4111