Threat Advisories - NVD Disclosed October 15, 2014

CVE-2014-4148

Microsoft Windows Font Parsing Remote Code Execution Advisory.

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

A vulnerability in Windows kernel-mode drivers allows for arbitrary code execution through crafted TrueType fonts. This impacts affected systems and data by enabling unauthorized code execution via user interaction with malicious content, posing a business risk.

NVD published: October 15, 2014 • CISA KEV

CVE advisoryKnown Exploit

CVE-2014-4123

Internet Explorer Privilege Escalation Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

Microsoft Internet Explorer versions 7 through 11 can allow attackers to gain privileges via a crafted website. This impacts affected systems and data, posing a business risk.

NVD published: October 15, 2014 • CISA KEV

CVE advisoryKnown Exploit

CVE-2014-4114

Windows OLE Remote Code Execution Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

Microsoft Windows systems are affected by a vulnerability in the Object Linking and Embedding (OLE) component, allowing arbitrary code execution via crafted Office documents. This presents a risk of unauthorized system control and data compromise for organizations.

NVD published: October 15, 2014 • CISA KEV

CVE advisoryKnown Exploit

CVE-2014-4113

Microsoft Windows Kernel Privilege Escalation

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A flaw in Microsoft Windows kernel-mode drivers allows local users to gain elevated privileges. This may enable attackers with common user skills to gain unauthorized system control. Affected organizations face business risks including potential data compromise and operational disruption.

NVD published: October 15, 2014 • CISA KEV