CVE-2014-4071
published 2014-09-10CVE-2014-4071: The Server in Microsoft Lync Server 2013 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon hang) via a crafted request…
PriorityP432medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
18.99%
97.0th percentile
The Server in Microsoft Lync Server 2013 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon hang) via a crafted request, aka "Lync Denial of Service Vulnerability."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | lync_server | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
blogs_talos·2014-09-09·CVSS 6.5
[MEDIUM] Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
This month’s Microsoft Update Tuesday is pretty light save for the Internet Explorer bulletin. While there’s only a total of 4 bulletins, they cover a total of 42 CVEs. The IE bulletin, as is usual, has the most updates for bugs and is rated critical. It covers a total of 37 CVEs. The other three bulletins are rated as important and provide updates for the remaining five vulnerabilities.
MS14-052 is the IE bulletin and is rated critical. It covers a total of 37 CVEs. Of these 37 CVEs, 36 are remote code execution vulnerabilities, the other one is an information disclosure vulnerability (CVE-2013-7331). This last vulnerability is publicly known and under active exploitation. This vulnerability allows attackers to use Microsoft’s XMLDOM ActiveX object to gain information on local drive and
Talos
Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
blogs_talos·2014-09-09·CVSS 6.5
[MEDIUM] Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
## Microsoft Update Tuesday September 2014: another generally light month but with a significant IE bulletin
This month’s Microsoft Update Tuesday is pretty light save for the Internet Explorer bulletin. While there’s only a total of 4 bulletins, they cover a total of 42 CVEs. The IE bulletin, as is usual, has the most updates for bugs and is rated critical. It covers a total of 37 CVEs. The other three bulletins are rated as important and provide updates for the remaining five vulnerabilities.
MS14-052 is the IE bulletin and is rated critical. It covers a total of 37 CVEs. Of these 37 CVEs, 36 are remote code execution vulnerabilities, the other one is an information disclosure vulnerability ( CVE-2013-7331 ). This last vulnerability is publicly known and under active exploitation. This
http://blogs.technet.com/b/srd/archive/2014/09/09/assessing-risk-for-the-september-2014-security-updates.aspxhttp://www.securityfocus.com/bid/69592http://www.securitytracker.com/id/1030821https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-055https://exchange.xforce.ibmcloud.com/vulnerabilities/95547http://blogs.technet.com/b/srd/archive/2014/09/09/assessing-risk-for-the-september-2014-security-updates.aspxhttp://www.securityfocus.com/bid/69592http://www.securitytracker.com/id/1030821https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-055https://exchange.xforce.ibmcloud.com/vulnerabilities/95547
2014-09-10
Published