Akamai Diversity

The Akamai Blog

Patch Tuesday For June Approaches

This month's Microsoft Patch Tuesday has almost arrived. This time out the tech giant has given advance notification that there will be seven fixes rolled out including two critical patches. The issues that are tackled by these patches are remote execution bugs in Windows, Internet Explorer (versions 6-11 depending on OS level), Office and Lync. I should note that the two critical patches require a system restart after they are applied. 

There is a one flaw that is likely to be the focus of the patch roll out this month and that is CVE-2014-1770

From ZDI:

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

This was publicly disclosed by ZDI on May 21st, 2014. This style of attack is such that an attacker could social engineer a victim to view the malicious web content. In so doing the system could then be remotely exploited and controlled. 

Until the patch is released there are some workarounds for the interim.

- Set Internet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones

- Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone

- Install EMET, The Enhanced Mitigation Experience Toolkit (EMET) enables users to manage security mitigation technologies that help make it more difficult for attackers to exploit vulnerabilities in a given piece of software. EMET helps to mitigate this vulnerability in Internet Explorer on systems where EMET is installed and configured to work with Internet Explorer. For more information about EMET, see The Enhanced Mitigation Experience Toolkit.