Microsoft Security Bulletin Coverage (May 13, 2014)

Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of May, 2014. A list of issues reported, along with Dell SonicWALL coverage information are as follows:

MS14-021 Security Update for Internet Explorer (2965111)

• CVE-2014-1776 Internet Explorer Memory Corruption Vulnerability
  IPS: 3787 “Internet Explorer Memory Corruption Vulnerability (CVE-2014-1776)”
  SPY: 3371 “Malformed-File html.MP.6”
  SPY: 3372 “Malformed-File html.MP.7”
  SPY: 3367 “Malformed-File swf.OT.9”
  SPY: 2290 “Malformed-File swf.OT.8”
  GAV: 23155 “CVE-2014-1776”

MS14-029 Security Update for Internet Explorer (2962482)

• CVE-2014-1815 Internet Explorer Memory Corruption Vulnerability
  IPS: 3869 “Windows IE Memory Corruption Vulnerability (MS14-029) 2”
  CVE-2014-0310 Internet Explorer Memory Corruption Vulnerability
  IPS: 3867 “Windows IE Memory Corruption Vulnerability (MS14-029) 1”

MS14-022 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2952166)

• CVE-2014-0251 SharePoint Page Content Vulnerability
  There are no known exploits in the wild.

• CVE-2014-1754 SharePoint XSS Vulnerability
  IPS: 3868 “Microsoft SharePoint Server XSS 11 (MS14-022)”
  IPS: 1369 “Cross-Site Scripting (XSS) Attack 1”
  IPS: 6753 “Cross-Site Scripting (XSS) Attack 8”

• CVE-2014-1813 Web Applications Page Content Vulnerability
  There are no known exploits in the wild.

MS14-023 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2961037)

• CVE-2014-1756 Microsoft Office Chinese Grammar Checking Vulnerability
  There are no known exploits in the wild.

• CVE-2014-1808 Token Reuse Vulnerability
  There are no known exploits in the wild.

MS14-025 Vulnerability in Group Policy Preferences Could Allow Elevation of Privilege (2962486)

• CVE-2014-1812 Group Policy Preferences Password Elevation of Privilege Vulnerability
  There are no known exploits in the wild.

MS14-026 Vulnerability in .NET Framework Could Allow Elevation of Privilege (2958732)

• CVE-2014-1806 TypeFilterLevel Vulnerability
  There are no known exploits in the wild.

MS14-027 Vulnerability in Windows Shell Handler Could Allow Elevation of Privilege (2962488)

• CVE-2014-1807 Windows Shell File Association Vulnerability
  There are no known exploits in the wild.

MS14-028 Vulnerabilities in iSCSI Could Allow Denial of Service (2962485)

• CVE-2014-0255 iSCSI Target Remote Denial of Service Vulnerability
  There are no known exploits in the wild.

• CVE-2014-0256 iSCSI Target Remote Denial of Service Vulnerability
  There are no known exploits in the wild.

MS14-024 Vulnerability in a Microsoft Common Control Could Allow Security Feature Bypass (2961033)

• CVE-2014-1809 MSCOMCTL ASLR Vulnerability
  There are no known exploits in the wild.

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.