Symantec product detections for Microsoft monthly Security Advisories - March 2014

book

Article ID: 159043

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.

Resolution

 

ID and Rating CAN/CVE ID: CVE-2014-0297
BID: 66023 
Microsoft ID: MS14-012
MSKB: 2925418
Microsoft Rating: Critical
Vulnerability Type Cumulative Security Update for Internet Explorer
Remote Control Execution Vulnerability
Vulnerability Affects Microsoft Internet Explorer 9, Microsoft Internet Explorer 10, Microsoft Internet Explorer 8, Microsoft Internet Explorer 11
Details
  • A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory.
  • This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: [SCSPBP1]: Generic Windows Interactive Protection
ID and Rating CAN/CVE ID: CVE-2014-0298
BID: 66025
Microsoft ID: MS14-012
MSKB: 2925418
Microsoft Rating: Critical
Vulnerability Type Cumulative Security Update for Internet Explorer
Remote Control Execution Vulnerability
Vulnerability Affects Microsoft Internet Explorer 9, Microsoft Internet Explorer 10, Microsoft Internet Explorer 11
Details
  • A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory.
  • This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: Bloodhound.Exploit.539
Sygate IDS: N/A
Symantec Critical System Protection IPS:[SCSPBP1]: Generic Windows Interactive Protection
ID and Rating CAN/CVE ID: CVE-2014-0299
BID: 66026
Microsoft ID: MS14-012
MSKB: 2925418
Microsoft Rating: Critical
Vulnerability Type Cumulative Security Update for Internet Explorer
Remote Control Execution Vulnerability
Vulnerability Affects Microsoft Internet Explorer 6.0, Microsoft Internet Explorer 9, Microsoft Internet Explorer 10, Microsoft Internet Explorer 5.0, Microsoft Internet Explorer 7.,0 Microsoft Internet Explorer 8, Microsoft Internet Explorer 11
Details
  • A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory.
  • This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: [SCSPBP1]: Generic Windows Interactive Protection
ID and Rating CAN/CVE ID: CVE-2014-0302
BID: 66027
Microsoft ID: MS14-012
MSKB: 2925418
Microsoft Rating: Critical
Vulnerability Type Cumulative Security Update for Internet Explorer
Remote Control Execution Vulnerability
Vulnerability Affects Microsoft Internet Explorer 6.0, Microsoft Internet Explorer 7.0, Microsoft Internet Explorer 8
Details
  • A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory.
  • This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: [SCSPBP1]: Generic Windows Interactive Protection
ID and Rating CAN/CVE ID: CVE-2014-0303
BID: 66028
Microsoft ID: MS14-012
MSKB: 2925418
Microsoft Rating: Critical
Vulnerability Type Cumulative Security Update for Internet Explorer
Remote Control Execution Vulnerability
Vulnerability Affects Microsoft Internet Explorer 6.0, Microsoft Internet Explorer 7.0, Microsoft Internet Explorer 8
Details
  • A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory.
  • This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: [SCSPBP1]: Generic Windows Interactive Protection
ID and Rating CAN/CVE ID: CVE-2014-0304
BID: 66029 
Microsoft ID: MS14-012
MSKB: 2925418
Microsoft Rating: Critical
Vulnerability Type Cumulative Security Update for Internet Explorer
Remote Control Execution Vulnerability
Vulnerability Affects Microsoft Internet Explorer 11
Details
  • A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory.
  • This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: [SCSPBP1]: Generic Windows Interactive Protection
ID and Rating CAN/CVE ID: CVE-2014-0305
BID: 66030
Microsoft ID: MS14-012
MSKB: 2925418
Microsoft Rating: Critical
Vulnerability Type Cumulative Security Update for Internet Explorer
Remote Control Execution Vulnerability
Vulnerability Affects Microsoft Internet Explorer 6.0, Microsoft Internet Explorer 9, Microsoft Internet Explorer 10, Microsoft Internet Explorer 7.0, Microsoft Internet Explorer ,8 Microsoft Internet Explorer 11
Details
  • A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory.
  • This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS:[SCSPBP1]: Generic Windows Interactive Protection
ID and Rating CAN/CVE ID: CVE-2014-0306
BID: 66031 
Microsoft ID:
MS14-012
MSKB: 2925418
Microsoft Rating: Critical
Vulnerability Type Cumulative Security Update for Internet Explorer
Remote Control Execution Vulnerability
Vulnerability Affects  Microsoft Internet Explorer 9, Microsoft Internet Explorer 8
Details
  • A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory.
  • This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: [SCSPBP1]: Generic Windows Interactive Protection
ID and Rating CAN/CVE ID: CVE-2014-0307
BID: 66032 
Microsoft ID: MS14-012
MSKB: 2925418
Microsoft Rating: Critical
Vulnerability Type Cumulative Security Update for Internet Explorer
Remote Control Execution Vulnerability
Vulnerability Affects Microsoft Internet Explorer 9
Details
  • A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory.
  • This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Intrusion Protection System (IPS) Response Sig ID: 27463
Detected as "Web Attack: Internet Explorer CVE-2014-0307"
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS:[SCSPBP1]: Generic Windows Interactive Protection
ID and Rating CAN/CVE ID: CVE-2014-0308
BID: 66033
Microsoft ID: MS14-012
MSKB: 2925418
Microsoft Rating: Critical
Vulnerability Type Cumulative Security Update for Internet Explorer
Remote Control Execution Vulnerability
Vulnerability Affects Microsoft Internet Explorer 9, Microsoft Internet Explorer 10, Microsoft Internet Explorer 8, Microsoft Internet Explorer 11
Details
  • A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory.
  • This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: [SCSPBP1]: Generic Windows Interactive Protection
ID and Rating CAN/CVE ID: CVE-2014-0309
BID: 66034 
Microsoft ID:
MS14-012
MSKB: 2925418
Microsoft Rating: Critical
Vulnerability Type Cumulative Security Update for Internet Explorer
Remote Control Execution Vulnerability
Vulnerability Affects Microsoft Internet Explorer 9, Microsoft Internet Explorer 10, Microsoft Internet Explorer 8
Details
  • A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory.
  • This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS:[SCSPBP1]: Generic Windows Interactive Protection
ID and Rating CAN/CVE ID: CVE-2014-0311
BID: 66035
Microsoft ID: MS14-012
MSKB: 2925418
Microsoft Rating: Critical
Vulnerability Type Cumulative Security Update for Internet Explorer
Remote Control Execution Vulnerability
Vulnerability Affects Microsoft Internet Explorer 6.0, Microsoft Internet Explorer 9, Microsoft Internet Explorer 10, Microsoft Internet Explorer 7.0, Microsoft Internet Explorer 8, Microsoft Internet Explorer 11
Details
  • A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory.
  • This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS:[SCSPBP1]: Generic Windows Interactive Protection
ID and Rating CAN/CVE ID: CVE-2014-0312
BID: 66036
Microsoft ID: MS14-012
MSKB: 2925418
Microsoft Rating: Critical
Vulnerability Type Cumulative Security Update for Internet Explorer
Remote Control Execution Vulnerability
Vulnerability Affects Microsoft Internet Explorer 9, Microsoft Internet Explorer 10, Microsoft Internet Explorer 8, Microsoft Internet Explorer 11
Details
  • A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory.
  • This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS: [SCSPBP1]: Generic Windows Interactive Protection
ID and Rating CAN/CVE ID: CVE-2014-0313
BID: 66037
Microsoft ID: MS14-012
MSKB: 2925418
Microsoft Rating: Critical
Vulnerability Type Cumulative Security Update for Internet Explorer
Remote Control Execution Vulnerability
Vulnerability Affects Microsoft Internet Explorer 10, Microsoft Internet Explorer 11
Details
  • A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory.
  • This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS:[SCSPBP1]: Generic Windows Interactive Protection
ID and Rating CAN/CVE ID: CVE-2014-0314
BID: 66038
Microsoft ID: MS14-012
MSKB: 2925418
Microsoft Rating: Critical
Vulnerability Type Cumulative Security Update for Internet Explorer
Remote Control Execution Vulnerability
Vulnerability Affects Microsoft Internet Explorer 9, Microsoft Internet Explorer 10
Details
  • A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory.
  • This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS:[SCSPBP1]: Generic Windows Interactive Protection
ID and Rating CAN/CVE ID: CVE-2014-0321
BID: 66039
Microsoft ID: MS14-012
MSKB: 2925418
Microsoft Rating: Critical
Vulnerability Type Cumulative Security Update for Internet Explorer
Remote Control Execution Vulnerability
Vulnerability Affects Microsoft Internet Explorer 10, Microsoft Internet Explorer 11
Details
  • A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory.
  • This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS:[SCSPBP1]: Generic Windows Interactive Protection
ID and Rating CAN/CVE ID: CVE-2014-0322
BID: 65551
Microsoft ID: MS14-012
MSKB: 2925418
Microsoft Rating: Critical
Vulnerability Type Cumulative Security Update for Internet Explorer
Remote Control Execution Vulnerability
Vulnerability Affects Microsoft Internet Explorer 9, Microsoft Internet Explorer 10
Details
  • A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory.
  • This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Intrusion Protection System (IPS) Response

Sig ID: 27401
Detected as "Web Attack: MSIE Use After Free CVE-2013-3893_2"

Other Detections

AV: Bloodhound.Exploit.540
Sygate IDS: N/A
Symantec Critical System Protection IPS:[SCSPBP1]: Generic Windows Interactive Protection

ID and Rating CAN/CVE ID: CVE-2014-0324
BID: 66040
Microsoft ID: MS14-012
MSKB: 2925418
Microsoft Rating: Critical
Vulnerability Type Cumulative Security Update for Internet Explorer
Remote Control Execution Vulnerability
Vulnerability Affects Microsoft Internet Explorer ,9 Microsoft Internet Explorer 10, Microsoft Internet Explorer 8, Microsoft Internet Explorer 11
Details
  • A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory.
  • This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Intrusion Protection System (IPS) Response Sig ID: 27391
Detected as "Web Attack: Internet Explorer CVE-2014-0324"
Sig ID: 70091
Detected as "Web Attack: Internet Explorer CVE-2014-0324 2"
Other Detections AV: Bloodhound.Exploit.541, Bloodhound.Exploit.542
Sygate IDS: N/A
Symantec Critical System Protection IPS: [SCSPBP1]: Generic Windows Interactive Protection
ID and Rating CAN/CVE ID: CVE-2014-0301
BID: 66045
Microsoft ID: MS14-013
MSKB: 2929961
Microsoft Rating: Critical
Vulnerability Type Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution
Remote Code Execution Vulneravility 
Vulnerability Affects Microsoft Windows Server 2008 for 32-bit Systems, Microsoft Windows XP Service Pack 3, Microsoft Windows Vista Service Pack 2, Microsoft Windows 8 for 32-bit Systems, Microsoft Windows Server 2012, Microsoft Windows Vista x64 Edition Service Pack 2, Microsoft Windows Server 2012 R2, Microsoft Windows 8.1 for 32-bit Systems, Microsoft Windows 8.1 for x64-based Systems Microsoft Windows 8 for x64-based Systems Microsoft Windows XP Professional SP2, Microsoft Windows Server 2003 SP2, Microsoft Windows Server 2003 Itanium SP2, Microsoft Windows Server 2008 for x64-based Systems SP2, Microsoft Windows 7 for 32-bit Systems SP1, Microsoft Windows 7 for x64-based Systems SP1, Microsoft Windows Server 2008 R2 for x64-based Systems SP1, Microsoft Windows Server 2003 x64 Edition Service Pack 2
Details
  • A remote code execution vulnerability exists in the way that Microsoft DirectShow parses specially crafted JPEG image files.
  • The vulnerability could allow remote code execution if a user opens a specially crafted image file.
  • An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.
  • Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Intrusion Protection System (IPS) Response Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS:
[SCSPBP1]: Generic Windows Interactive Protection
ID and Rating CAN/CVE ID: CVE-2014-0319 
BID: 66046
Microsoft ID: MS14-014
MSKB: 2932677 
Microsoft Rating:
Important
Vulnerability Type Vulnerability in Silverlight Could Allow Security Feature Bypass
Security Bypass Vulnerability
Vulnerability Affects Microsoft Silverlight 5.0
Details
  • A security feature vulnerability exists in Silverlight due to improper implementation of Data Execution Protection (DEP) and Address Space Layout Randomization (ASLR).
  • The vulnerability could allow an attacker to bypass the DEP/ASLR security feature, most likely during or in the course of exploiting a remote code execution vulnerability 
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS:[SCSPBP1]: Generic Windows Interactive Protection
 ID and Rating CAN/CVE ID: CVE-2014-0300
BID: 66003
Microsoft ID: MS14-015 
MSKB: 2930275
Microsoft Rating: Important
 Vulnerability Type Vulnerabilities in Windows Kernel Mode Driver Could Allow Elevation of Privilege
Elevation of Privilege Vulnerability
 Vulnerability Affects Microsoft Windows Vista Service Pack 2, Microsoft Windows 8 for 32-bit Systems, Microsoft Windows Server 2012, Microsoft Windows Vista x64 Edition Service Pack 2, Microsoft Windows RT, Microsoft Windows Server 2012 R2, Microsoft Windows 8.1 for 32-bit Systems, Microsoft Windows 8.1 for x64-based Systems, Microsoft Windows 8 for x64-based Systems, Microsoft Windows XP Service Pack 3, Microsoft Windows RT 8.1, Microsoft Windows Server 2003 SP2, Microsoft Windows XP Professional x64 Edition SP2, Microsoft Windows Server 2003 Itanium SP2, Microsoft Windows Server 2008 for 32-bit Systems SP2, Microsoft Windows Server 2008 for x64-based Systems SP2, Microsoft Windows Server 2008 for Itanium-based Systems SP2, Microsoft Windows 7 for 32-bit Systems SP1, Microsoft Windows 7 for x64-based Systems SP1, Microsoft Windows Server 2008 R2 for x64-based Systems SP1, Microsoft Windows Server 2008 R2 Itanium SP1, Microsoft Windows Server 2003 x64 Edition Service Pack 2 
 Details
  • An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory.
  • An attacker who successfully exploited this vulnerability could gain elevated privileges and read arbitrary amounts of kernel memory.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS:
N/A
ID and Rating CAN/CVE ID: CVE-2014-0323
BID: 66007
Microsoft ID: MS14-015 
MSKB: 2930275
Microsoft Rating: Important
Vulnerability Type Vulnerabilities in Windows Kernel Mode Driver Could Allow Elevation of Privilege
Information Disclosure Vulnerability
 Vulnerability Affects Microsoft Windows Vista Service Pack 2, Microsoft Windows 8 for 32-bit Systems, Microsoft Windows Server 2012, Microsoft Windows Vista x64 Edition Service Pack 2, Microsoft Windows RT Microsoft Windows Server 2012 R2, Microsoft Windows 8.1 for 32-bit Systems, Microsoft Windows 8.1 for x64-based Systems Microsoft Windows 8 for x64-based Systems, Microsoft Windows XP Service Pack 3, Microsoft Windows RT 8.1, Microsoft Windows Server 2003 SP2, Microsoft Windows XP Professional x64 Edition SP2, Microsoft Windows Server 2003 Itanium SP2, Microsoft Windows Server 2008 for 32-bit Systems SP2, Microsoft Windows Server 2008 for x64-based Systems SP2, Microsoft Windows Server 2008 for Itanium-based Systems SP2, Microsoft Windows 7 for 32-bit Systems SP1, Microsoft Windows 7 for x64-based Systems SP1, Microsoft Windows Server 2008 R2 for x64-based Systems SP1, Microsoft Windows Server 2008 R2 Itanium SP1, Microsoft Windows Server 2003 x64 Edition Service Pack 2
 Details
  •  An information disclosure vulnerability exists in the way that the Windows kernel-mode driver improperly handles objects in memory.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS:
N/A

 

 ID and Rating CAN/CVE ID: CVE-2014-0317
BID: 66012
Microsoft ID: MS14-016
MSKB: 2934418 
Microsoft Rating: Important
 Vulnerability Type Vulnerability in Microsoft Remote Protocol Could Allow Security Feature Bypass
Security Bypass Vulnerability
 Vulnerability Affects Microsoft Windows Vista Service Pack 2, Microsoft Windows Server 2012, Microsoft Windows Vista x64 Edition Service Pack 2, Microsoft Windows Server 2012 R2, Microsoft Windows XP Service Pack 3, Microsoft Windows Server 2003 SP2, Microsoft Windows XP Professional x64 Edition SP2, Microsoft Windows Server 2003 x64 SP2, Microsoft Windows Server 2008 for 32-bit Systems SP2, Microsoft Windows Server 2008 for x64-based Systems SP2, Microsoft Windows Server 2003 Itanium SP2, Microsoft Windows Server 2008 R2 for x64-based Systems SP1
 Details
  • A security feature bypass vulnerability exists when the Security Account Manager Remote (SAMR) protocol incorrectly validates user lockout state.
Intrusion Protection System (IPS) Response  Sig ID: N/A
Other Detections AV: N/A
Sygate IDS: N/A
Symantec Critical System Protection IPS:
N/A