JPCERT-AT-2014-0020
JPCERT/CC
2014-05-02
<<< JPCERT/CC Alert 2014-05-02 >>>
Alert regarding Microsoft Security Bulletin MS14-021
https://www.jpcert.or.jp/english/at/2014/at140020.html
I. Overview
Microsoft has released its security bulletin for Internet Explorer.
This bulletin contains security updates that are rated as "critical".
Remote attackers leveraging this vulnerability may be able to execute
arbitrary code, so please apply the security updates as soon as
possible.
Note that security updates for Windows XP, which ended the support on
April 2014, is included.
Details on the vulnerabilities can be found at the following URL:
Microsoft
Security Update for Internet Explorer (2965111)
https://technet.microsoft.com/en-us/library/security/ms14-021
According to Microsoft, targeted attacks leveraging this
vulnerability have been observed in the wild.
II. Solution
Please apply the security update programs through Microsoft Update,
Windows Update, etc. as soon as possible.
Microsoft Update
http://www.update.microsoft.com/
Windows Update
http://windowsupdate.microsoft.com/
* With the April 2014 update, Microsoft ended the support for
Windows XP and Office 2003. Concerns on security risk will rise
henceforth, and therefore please consider updating to a newer OS
and software.
If you applied the workaround, then you may need to undo the workaround
before or after applying the security update.
- If you applied the workaround to modify the Access Control List(ACL)
on VGX.DLL, then you must undo this workaround before applying the
security update.
- If you applied the workaround to unregister VGX.DLL, you do not have
to undo this workaround before applying the security update. However,
the security update will not re-register vgx.dll, therefore please
re-register vgx.dll.
- If you applied any of the other workarounds, you do not have to undo
the workaround before applying the security update.
III. References
Microsoft
Security Update for Internet Explorer (2965111)
https://technet.microsoft.com/en-us/library/security/ms14-021
Microsoft
Microsoft releases out-of-band update MS14-021 (Internet Explorer) to address vulnerability stated in security advisory (2963983) (Japanese)
http://blogs.technet.com/b/jpsecurity/archive/2014/05/02/security-update-ms14-021-released-to-address-recent-internet-explorer-vulnerability-2963983.aspx
Information-technology Promotion Agency (IPA)
Measures to address vulnerability in Internet Explorer (CVE-2014-1776) (Japanese)
https://www.ipa.go.jp/security/ciadr/vul/20140428-ms.html
Alert regarding the Microsoft Security Bulletin (MS14-021)
https://www.jpcert.or.jp/english/at/2014/at140020.html
Vulnerability Note VU#222929
Microsoft Internet Explorer CMarkup use-after-free vulnerability
https://www.kb.cert.org/vuls/id/222929
JVNVU#92280347
Microsoft Internet Explorer use-after-free vulnerability (Japanese)
https://www.kb.cert.org/vuls/id/222929
If you have any information regarding this alert, please contact
JPCERT/CC.
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600 FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/
Top