CVE-2014-4068
published 2014-09-10CVE-2014-4068: The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle exceptions, which allows…
PriorityP431medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
19.69%
97.1th percentile
The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle exceptions, which allows remote attackers to cause a denial of service (daemon hang) via a crafted call, aka "Lync Denial of Service Vulnerability."
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | lync_server | — | — |
| microsoft | lync_server | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
blogs_talos·2014-09-09·CVSS 6.5
[MEDIUM] Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
This month’s Microsoft Update Tuesday is pretty light save for the Internet Explorer bulletin. While there’s only a total of 4 bulletins, they cover a total of 42 CVEs. The IE bulletin, as is usual, has the most updates for bugs and is rated critical. It covers a total of 37 CVEs. The other three bulletins are rated as important and provide updates for the remaining five vulnerabilities.
MS14-052 is the IE bulletin and is rated critical. It covers a total of 37 CVEs. Of these 37 CVEs, 36 are remote code execution vulnerabilities, the other one is an information disclosure vulnerability (CVE-2013-7331). This last vulnerability is publicly known and under active exploitation. This vulnerability allows attackers to use Microsoft’s XMLDOM ActiveX object to gain information on local drive and
Talos
Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
blogs_talos·2014-09-09·CVSS 6.5
[MEDIUM] Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
## Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
This month’s Microsoft Update Tuesday is pretty light save for the Internet Explorer bulletin. While there’s only a total of 4 bulletins, they cover a total of 42 CVEs. The IE bulletin, as is usual, has the most updates for bugs and is rated critical. It covers a total of 37 CVEs. The other three bulletins are rated as important and provide updates for the remaining five vulnerabilities.
MS14-052 is the IE bulletin and is rated critical. It covers a total of 37 CVEs. Of these 37 CVEs, 36 are remote code execution vulnerabilities, the other one is an information disclosure vulnerability ( CVE-2013-7331 ). This last vulnerability is publicly known and under active exploitation. This
http://blogs.technet.com/b/srd/archive/2014/09/09/assessing-risk-for-the-september-2014-security-updates.aspxhttp://www.securityfocus.com/bid/69586http://www.securitytracker.com/id/1030821https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-055https://exchange.xforce.ibmcloud.com/vulnerabilities/95544http://blogs.technet.com/b/srd/archive/2014/09/09/assessing-risk-for-the-september-2014-security-updates.aspxhttp://www.securityfocus.com/bid/69586http://www.securitytracker.com/id/1030821https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-055https://exchange.xforce.ibmcloud.com/vulnerabilities/95544
2014-09-10
Published