Shulou(Shulou.com)06/01 Report--

This article introduces Microsoft's Windows high-risk vulnerabilities, the content is very detailed, interested friends can refer to, hope to be helpful to you.

Among the high-risk vulnerabilities released by Microsoft in July, there are two patches that even ordinary users can see, because they are Windows gadgets that ordinary users rarely use: diaries and on-screen keyboards. Experts say that tools that are not often used by ordinary netizens precisely give hackers the opportunity to invade, and netizens should repair them as soon as possible so as not to cause the tragedy of "a thousand-mile dike breaking in an ant's nest".

Summary of security vulnerabilities in July 2014

1. A vulnerability in Windows Diary could allow remote code execution

Security Bulletin: MS14-038

Knowledge base number: KB2971850

Level: severe

Description: this security update addresses a secret reported vulnerability in Microsoft Windows. If a user opens a specially crafted journal file, the vulnerability may allow remote code execution. Users whose accounts are configured to have fewer system user rights are less affected than those who have administrative user rights.

Impact system: vista_32/64 (SP2); win7_32/64 (SP1); win8_32/64 (SP0); win8.1_32/64 (SP0)

2. Vulnerabilities in the on-screen keyboard may allow for privilege escalation

Security Bulletin: MS14-039

Knowledge base number: KB2973201

Level: important

Description: this security update addresses a secret reported vulnerability in Microsoft Windows. If an attacker uses a vulnerability in the low integrity process to execute an on-screen keyboard (OSK) and upload a specially crafted program to the target system, the vulnerability may allow for privilege escalation.

Impact system: vista_32/64 (SP2); win7_32/64 (SP1); win8_32/64 (SP0); win8.1_32/64 (SP0)

3. Internet Explorer cumulative security updates

Security Bulletin: MS14-037

Knowledge base number: KB2962872

Level: severe

Description: this security update addresses one publicly disclosed vulnerability and 23 secretly reported vulnerabilities in Internet Explorer. The most serious vulnerability could allow remote code execution when a user views a specially crafted web page using Internet Explorer. An attacker who successfully exploits these vulnerabilities can gain the same user privileges as the current user.

Impact system: vista_32/64 (SP2); win7_32/64 (SP1); 2003 (SP2); win8_32/64 (SP0); win8.1_32/64 (SP0)

4. A vulnerability in the accessibility driver (AFD) may allow for privilege escalation

Security Bulletin: MS14-040

Knowledge base number: KB2961072

Level: important

Description: this security update addresses a secret reported vulnerability in Microsoft Windows. This vulnerability could allow for privilege escalation if an attacker logs in to the system and runs a specially crafted application. An attacker must have valid login credentials and be able to log in locally to exploit this vulnerability.

Impact system: vista_32/64 (SP2); win7_32/64 (SP1); 2003 (SP2); win8_32/64 (SP0); win8.1_32/64 (SP0)

5. Vulnerabilities in DirectShow may allow for privilege escalation

Security Bulletin: MS14-041

Knowledge base number: KB2972280

Level: important

Description: this security update addresses a secret reported vulnerability in Microsoft Windows. If an attacker first exploits another vulnerability in a low integrity process and then uses this vulnerability to execute specially crafted code in the context of the logged-in user, the vulnerability may allow for privilege escalation.

Impact system: vista_32/64 (SP2); win7_32/64 (SP1); win8_32/64 (SP0); win8.1_32/64 (SP0)

About Microsoft's Windows high-risk vulnerability is how to share here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.