Microsoft released the October security update and fixes as scheduled, with a total of eight patches containing three critical security updates. According to the Microsoft MSDN Security Bulletin, this update has patched 24 Common Product Security Vulnerabilities (CVEs) covering Windows, Internet Explorer, .Net Framework, .ASP.NET, and Office.
One of the IE cumulative feature update patches is marked as a severity level and is remotely executed when a user views a particular web page or opens a link in an email. This allows an attacker to gain access to current user rights, especially for those who prefer to use an administrator account directly. Users are advised to update and fix in time.
Microsoft's October security update details, refer to the following:
• MS14-056: Cumulative Security Update for Internet Explorer (2987107) (Critical)
This security update resolves 14 privately reported vulnerabilities in Internet Explorer. The most serious of the vulnerabilities could allow remote code execution when a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer system user rights are less affected than those with administrative user rights.
• MS14-057: Vulnerability in .NET Framework could allow remote code execution (3000414) (critical)
This security update resolves three private reports in the Microsoft .NET Framework Vulnerabilities. The most severe of the vulnerabilities could allow remote code execution if an attacker sends a specially crafted URI request containing international characters to a .NET web application. In .NET 4.0 applications, the vulnerable feature (iriParsing) is disabled by default; to exploit this vulnerability, the application must explicitly enable this feature. In .NET 4.5 applications, iriParsing is enabled by default and cannot be disabled.
• MS14-058: Vulnerability in Kernel-Mode Driver Could Allow Remote Code Execution (3000061) (Serious)
This security update resolves two privately reported vulnerabilities in Microsoft Windows . A more serious vulnerability could allow remote code execution if an attacker convinces a user to open a specially crafted document or access an untrusted website that contains embedded TrueType fonts. But in all cases, an attacker cannot force users to perform these operations. Instead, an attacker would have to convince a user to do so, usually by having the user click a link in an email or Instant Messenger message.
• MS14-059: Vulnerability in ASP.NET MVC could allow security functionality to be bypassed (2990942) (Important)
This security update resolves a public disclosure in ASP.NET MVC Vulnerability. The vulnerability could allow security features to be bypassed if an attacker convinces a user to click on a specially crafted link or to access a web page that contains specially crafted content that is intended to exploit the vulnerability. In a web-based attack scenario, an attacker could have a specially crafted website designed to exploit a vulnerability through a web browser and then convince a user to view the website. An attacker could also exploit a compromised website and a website that accepts or hosts content or advertisements provided by the user. These sites may contain specially crafted content that could exploit this vulnerability. But in all cases, an attacker cannot force a user to view content controlled by an attacker. Instead, an attacker would have to entice a user to take action, typically by having the user click a link in an email or Instant Messenger message to link the user to the attacker's website, or have the user open the attachment sent via email.
• MS14-060: Vulnerability in Windows OLE could allow remote code execution (3000869) (Important)
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a Microsoft Office file that contains a specially crafted OLE object. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user. If the current user is logged in with administrative user rights, an attacker can then install the program; view, change, or delete data; or create a new account with full user rights. Users whose accounts are configured to have fewer user rights are less affected than users with administrative user rights.
• MS14-061: Vulnerability in Microsoft Word and Office Web Apps could allow remote code execution (3000434) (Important)
This security update resolves a private report in Microsoft Office Vulnerabilities. The vulnerability could allow remote code execution if an attacker convinces a user to open a specially crafted Microsoft Word file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged in with administrative user rights, an attacker can then install the program; view, change, or delete data; or create a new account with full user rights. Users whose accounts are configured to have fewer user rights are less affected than users with administrative user rights.
• MS14-062: Vulnerability in Message Queuing Service Could Allow Elevation of Privilege (2993254) (Important)
This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker sends a specially crafted input/output control (IOCTL) request to the Message Queuing service. Successful exploitation of this vulnerability provides full access to the affected system. By default, the Message Queuing component is not installed on any affected operating system version, but only by users with administrative privileges. Only customers who manually enable the “Message Queue Service" component may be affected by this issue.
• MS14-063: Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege (2998579) (Important)
This security update resolves a privately reported vulnerability in Microsoft Windows. An elevation of privilege vulnerability exists in the way that Windows FASTFAT system drivers interact with FAT32 disk partitions. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated privileges.
This IE11 update also brings some changes in functionality, such as the new tab page to add a Bing search bar, the site module that was frequently accessed, and so on.
Yesterday Windows Insider members asked the project leader Gabriel Aul on the social network and ask
To tell the truth, the sudden appearance of the card screen in win7 is not a rare thing, and because
win10 official version of the release time is not long, so many friends will always encounter some p
August 12 news, Microsoft pushed the Win10 official version of the second cumulative repair update K
How to deal with the Win8 system C drive can not be renamed?
360 how to upgrade win10? 360 one-click free upgrade win10 tutorial
Win7 running cs1.6 Caton serious solution
Win7 system enters LOL game prompt server connection exception solution
How to book Win10 free upgrade? Windows10 free upgrade subscription method
Win10 users are unlucky. Privacy issues some BT seed stations shield P2P services
How to solve WinXP computer U disk file garbled? U disk file garbled tutorial
Microsoft warned that the reset Win10 Mobile 10581 should not be upgraded directly to 10586
Win8 system to obtain file permissions method
Win10 fast mirror upgrade installation graphic tutorial
How to solve the failure of virtualbox startup caused by win8 system update?
Win7 system boot screen always shows the solution of the enterprise power save mode
Change the system font size under Win10 to make the font look more comfortable
Win8 skills: find the calculator under win8 and convert to programmer mode
How to solve the delay of mouse operation when Win10 system opens the game?
Win10 system open group policy editor error solution
How does Win10 detect CPU information? How does the Win10 system view the CPU L2 cache size?
The strongest Win10 beautification tool Start10: seconds change Win7
How to remove the pre-installed software of Win8.1?
Add NTFS encryption and decryption to the right-click menu.
Analysis of the Causes of PatchExpLib.dll Error in XP System and Solutions
What should I do if I don't receive the Win10 first anniversary update? Just one command can get