Friday, November 21, 2014

BIG Patch Tuesday fixes 33 vulns

November Patch Tuesday contains 14 security bulletins providing fixes for 33 vulnerabilities affecting all versions of Windows. Out of 14 bulletins, 4 bulletins are rated 'CRITICAL' whereas 8 bulletins declared 'Important' and the remaining 2 bulletins indicate moderate level severity. MS14-065 bulletin addresses 17 vulnerabilities affecting Internet Explorer. Most of the vulns are related to memory corruption and allows remote code execution by enticing a user to view malformed webpage. A vulnerability related to OLE which was previously exploited during Sandworm campaign is also patched under the CVE-2014-6352. A security flaw in the TCP/IP stack in Windows Server that allows remote attackers to execute arbitrary code on the vulnerable system is also patched along with other security bypass and privilege escalation issues. <more>

No comments: