MS14-004 – Important : Vulnerability in Microsoft Dynamics AX Could Allow Denial of Service (2880826) – Version: 1.0

 Microsoft Security Bulletins  Comments Off on MS14-004 – Important : Vulnerability in Microsoft Dynamics AX Could Allow Denial of Service (2880826) – Version: 1.0
Jan 142014
 

Severity Rating: Important
Revision Note: V1.0 (January 14, 2014): Bulletin published.
Summary: This security update resolves one privately reported vulnerability in Microsoft Dynamics AX. The vulnerability could allow denial of service if an authenticated attacker submits specially crafted data to an affected Microsoft Dynamics AX Application Object Server (AOS) instance. An attacker who successfully exploited this vulnerability could cause the target AOS instance to stop responding to client requests.

MS13-067 – Critical : Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052) – Version: 1.0

 Microsoft Security Bulletins  Comments Off on MS13-067 – Critical : Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052) – Version: 1.0
Sep 102013
 

Severity Rating: Critical
Revision Note: V1.0 (September 10, 2013): Bulletin published.
Summary: This security update resolves one publicly disclosed vulnerability and nine privately reported vulnerabilities in Microsoft Office Server software. The most severe vulnerability could allow remote code execution in the context of the W3WP service account if an attacker sends specially crafted content to the affected server.

MS13-061 – Critical : Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2876063) – Version: 3.0

 Microsoft Security Bulletins  Comments Off on MS13-061 – Critical : Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2876063) – Version: 3.0
Aug 272013
 

Severity Rating: Critical
Revision Note: V3.0 (August 27, 2013): Rereleased bulletin to announce the reoffering of the 2874216 update for Microsoft Exchange Server 2013 Cumulative Update 1 and Microsoft Exchange Server 2013 Cumulative Update 2. See the Update FAQ for details.
Summary: This security update resolves three publicly disclosed vulnerabilities in Microsoft Exchange Server. The vulnerabilities exist in the WebReady Document Viewing and Data Loss Prevention features of Microsoft Exchange Server. The vulnerabilities could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA). The transcoding service in Exchange that is used for WebReady Document Viewing uses the credentials of the LocalService account. The Data Loss Prevention feature hosts code that could allow remote code execution in the security context of the Filtering Management service if a specially crafted message is received by the Exchange server. The Filtering Management service in Exchange uses the credentials of the LocalService account. The LocalService account has minimum privileges on the local system and presents anonymous credentials on the network.

MS13-012 – Critical : Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2809279) – Version: 1.1

 Microsoft Security Bulletins  Comments Off on MS13-012 – Critical : Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2809279) – Version: 1.1
Feb 132013
 

Severity Rating: Critical
Revision Note: V1.1 (February 13, 2013): Clarified that Microsoft Exchange Server 2010 Service Pack 3 is not affected by the vulnerabilities described in this bulletin. This is an informational change only.
Summary: This security update resolves publicly disclosed vulnerabilities in Microsoft Exchange Server. The most severe vulnerability is in Microsoft Exchange Server WebReady Document Viewing, and could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA). The transcoding service in Exchange that is used for WebReady Document Viewing is running in the LocalService account. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network.

MS13-013 – Important : Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2784242) – Version: 1.0

 Microsoft Security Bulletins  Comments Off on MS13-013 – Important : Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2784242) – Version: 1.0
Feb 122013
 

Severity Rating: Important
Revision Note: V1.0 (February 12, 2013): Bulletin published.
Summary: This security update resolves publicly disclosed vulnerabilities in Microsoft FAST Search Server 2010 for SharePoint. The vulnerabilities could allow remote code execution in the security context of a user account with a restricted token. FAST Search Server for SharePoint is only affected by this issue when Advanced Filter Pack is enabled. By default, Advanced Filter Pack is disabled.

%d bloggers like this: