Microsoft Security Bulletin Summary for October 2014
US-CERT encourages users and administrators to review the bulletins and apply the necessary updates.
Primary Attack Vector: Specially crafted webpage
Publicly Disclosed: No
Assumptions: Some of these vulnerabilities would have to be used in conjunction with another vulnerability that allow remote code execution
Recommendations: Patch immediately after appropriate testing
Advisory Candidate: Yes
Critical Bourne Again SHell (BASH) Vulnerability Allows for Remote Code Execution
CIS ADVISORY NUMBER: 2014-080
A recent vulnerability has been discovered affecting the Bourne Again SHell (BASH). BASH is the default command-line shell processor that is often run in a text window on Linux and UNIX systems. BASH allows users to type commands that cause actions. In addition, BASH has the ability to read commands from a scripted file. Based on the wide use of Linux and UNIX systems, it can be assumed that most distributions running Linux and UNIX, as well Mac OS X, are likely vulnerable.
Successful exploitation could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Mac OS X
- ... more
Multiple Vulnerabilities in Adobe Flash Player and Adobe AIR
CIS ADVISORY NUMBER: 2014-074
Multiple vulnerabilities have been discovered in Adobe Flash Player and Adobe AIR. Adobe Flash Player is a widely distributed multimedia and application player used to enhance the user experience when visiting web pages or reading email messages. Adobe AIR is a cross platform runtime used for developing Internet applications that run outside of a browser.
Successful exploitation could result in an attacker compromising data security, potentially allowing access to confidential data, or could compromise processing resources in a user's computer. Failed exploit attempts will likely cause denial-of-service conditions.
- Adobe Flash Player 184.108.40.206 and earlier versions
- Adobe Flash Player 220.127.116.11 and earlier 13.x versions
- ... more