TechNet
Export (0) Print
Expand All

Microsoft Security Bulletin MS14-078 - Moderate

Vulnerability in IME (Japanese) Could Allow Elevation of Privilege (2992719)

Published: November 11, 2014

Version: 1.0

This security update resolves a privately reported vulnerability in Microsoft Input Method Editor (IME) (Japanese). The vulnerability could allow sandbox escape based on the application sandbox policy on a system where an affected version of the Microsoft IME (Japanese) is installed. An attacker who successfully exploited this vulnerability could escape the sandbox of a vulnerable application and gain access to the affected system with logged-in user rights. If the affected system is logged in with administrative rights, an attacker could then install programs; view, change or delete data; or create new accounts with full administrative rights.

This security update is rated Moderate on all supported editions of Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2; it is also rated Moderate for all supported editions of Microsoft Office 2007 where Microsoft IME (Japanese) is installed. For more information, see the Affected Software section.

The security update addresses the vulnerability by correcting how the Microsoft IME (Japanese) component loads dictionary files that are associated with the vulnerability. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability.

For more information about this document, see Microsoft Knowledge Base Article 2992719

The following software versions or editions are affected. Versions or editions that are not listed are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, see Microsoft Support Lifecycle

Operating System

Maximum Security Impact

Aggregate Severity Rating

Updates Replaced

Windows Server 2003

Windows Server 2003 Service Pack 2
(2991963)

Elevation of Privilege

Moderate

None

Windows Server 2003 x64 Edition Service Pack 2
(2991963)

Elevation of Privilege

Moderate

None

Windows Server 2003 with SP2 for Itanium-based Systems
(2991963)

Elevation of Privilege

Moderate

None

Windows Vista

Windows Vista Service Pack 2
(2991963)

Elevation of Privilege

Moderate

None

Windows Vista x64 Edition Service Pack 2
(2991963)

Elevation of Privilege

Moderate

None

Windows Server 2008

Windows Server 2008 for 32-bit Systems Service Pack 2
(2991963)

Elevation of Privilege

Moderate

None

Windows Server 2008 for x64-based Systems Service Pack 2
(2991963)

Elevation of Privilege

Moderate

None

Windows Server 2008 for Itanium-based Systems Service Pack 2
(2991963)

Elevation of Privilege

Moderate

None

Windows 7

Windows 7 for 32-bit Systems Service Pack 1
(2991963)

Elevation of Privilege

Moderate

None

Windows 7 for x64-based Systems Service Pack 1
(2991963)

Elevation of Privilege

Moderate

None

Windows Server 2008 R2

Windows Server 2008 R2 for x64-based Systems Service Pack 1
(2991963)

Elevation of Privilege

Moderate

None

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
(2991963)

Elevation of Privilege

Moderate

None

Server Core Installation option

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
(2991963)

Elevation of Privilege

Moderate

None

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
(2991963)

Elevation of Privilege

Moderate

None

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
(2991963)

Elevation of Privilege

Moderate

None

 

Microsoft Office Suites and Components

Microsoft Office Suite

Component

Maximum Security Impact

Aggregate Severity Rating

Updates Replaced

Microsoft Office 2007

Microsoft Office 2007 Service Pack 3

Microsoft Office 2007 IME (Japanese)
(2889913)

Elevation of Privilege

Moderate

None

 

I have an IME installed, but I do not have Microsoft IME (Japanese) installed. Why am I being offered this update? 
Only implementations of Microsoft IME (Japanese) are affected by the vulnerability. Other implementations of IME are not vulnerable; however, this update may be offered to systems with a non-vulnerable IME, such as Chinese IME, Pinyin IME, or Korean IME. 

Microsoft recommends that users install all updates offered to their systems as this helps to maintain consistency in Windows systems, and for shared files across Microsoft Office products. In some cases, an update to non-vulnerable software detects that the files on your system are already up-to-date and as a result, the update does not need to install files. 

I am using Microsoft Office 2010 IME on Windows 7 Service Pack 1. Is my system affected by this vulnerability? 
Yes. The Microsoft IME (Japanese) component in Windows 7 Service Pack 1 is vulnerable and should be replaced with this security update. It is still possible for an attacker to use vulnerable installations of the IME component in an attack scenario. 

The following severity ratings assume the potential maximum impact of the vulnerability. For information regarding the likelihood, within 30 days of this security bulletin's release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Exploitability Index in the November bulletin summary.

Affected Software

Microsoft IME (Japanese) Elevation of Privilege Vulnerability - CVE-2014-4077

Aggregate Severity Rating

Operating System

Windows Server 2003

Windows Server 2003 Service Pack 2

Moderate 
Elevation of Privilege

Moderate

Windows Server 2003 x64 Edition Service Pack 2

Moderate 
Elevation of Privilege

Moderate

Windows Server 2003 with SP2 for Itanium-based Systems

Moderate 
Elevation of Privilege

Moderate

Windows Vista

Windows Vista Service Pack 2

Moderate 
Elevation of Privilege

Moderate

Windows Vista x64 Edition Service Pack 2

Moderate 
Elevation of Privilege

Moderate

Windows Server 2008

Windows Server 2008 for 32-bit Systems Service Pack 2

Moderate 
Elevation of Privilege

Moderate

Windows Server 2008 for x64-based Systems Service Pack 2

Moderate 
Elevation of Privilege

Moderate

Windows Server 2008 for Itanium-based Systems Service Pack 2

Moderate 
Elevation of Privilege

Moderate

Windows 7

Windows 7 for 32-bit Systems Service Pack 1

Moderate 
Elevation of Privilege

Moderate

Windows 7 for x64-based Systems Service Pack 1

Moderate 
Elevation of Privilege

Moderate

Windows Server 2008

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Moderate 
Elevation of Privilege

Moderate

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Moderate 
Elevation of Privilege

Moderate

Server Core installation option

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Moderate 
Elevation of Privilege

Moderate

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Moderate 
Elevation of Privilege

Moderate

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Moderate 
Elevation of Privilege

Moderate

Microsoft Office Suites

Microsoft Office 2007 IME (Japanese)

Moderate 
Elevation of Privilege

Moderate

 

An elevation of privilege vulnerability exists in Microsoft IME for Japanese that is caused when a vulnerable sandboxed application uses Microsoft IME (Japanese). Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was issued, Microsoft was aware of limited attacks that attempt to exploit this vulnerability. The update addresses the vulnerability by correcting how the Microsoft IME (Japanese) component loads dictionary files that are associated with this vulnerability.

Mitigating Factors

The following mitigating factors may be helpful in your situation:

  • An attacker must have authenticated write access to the system to exploit this vulnerability. An anonymous user could not exploit the vulnerability.
  • Only implementations of Microsoft IME for Japanese are affected by this vulnerability. Other versions of Microsoft IME are not affected.

Workarounds

The following workarounds may be helpful in your situation:

  • Use the Enhanced Mitigation Experience Toolkit (EMET)

    Note For the security mitigations to be enabled, EMET must be configured after the EMET installation. See Microsoft Knowledge Base Article 2458544 for additional guidance.

    1. Launch EMET GUI (for example, "C:\Program Files (x86)\EMET 5.0\EMET_GUI.exe").
    2. Click Apps, and then Add Wildcard.
    3. Add Microsoft IME (Japanese) component; type "*\IMJPDCT.EXE” (no quotes) and click OK.
    4. Locate the added entry IMJPDCT.EXE in the App Name list, deselect all checked mitigations, and then select ASR mitigation.
    5. Click Show All Settings.
    6. Scroll down to Attack Surface Reduction, type “IMJP*.DIC” in Modules, then click OK.
    7. Close EMET.

    Impact of workaround. There is no impact to the functionality of Microsoft IME (Japanese).

    How to undo the workaround. 

    To undo this workaround, follow these steps:

    1. Launch EMET GUI (for example, "C:\Program Files (x86)\EMET 5.0\EMET_GUI.exe").
    2. Click Apps, then select IMJPDCT.EXE in the App Name list.
    3. Click Remove Selected, then click OK.
    4. Close EMET.

FAQ

What might an attacker use the vulnerability to do? 
An attacker who successfully exploited this vulnerability could compromise the sandbox of a vulnerable application and gain access to the affected system with the rights of the logged-on user. If a user on an affected system is logged in with administrative rights, an attacker could then install programs; view, change or delete data; or create new accounts with full administrative rights.

How could an attacker exploit the vulnerability? 
In an attack scenario, an attacker would have to convince the user to open a specially crafted file that would invoke the vulnerable sandboxed application, resulting in a compromise of the sandbox policy. The attacker could then run a program with the privileges of the logged on user.

What systems are primarily at risk from the vulnerability? 
Any system running the affected versions of Microsoft IME (Japanese), including workstations and terminal servers, are primarily at risk. Servers could be at more risk if administrators allow users to log on to servers and to run programs. However, best practices strongly discourage allowing this.

Does the Enhanced Mitigation Experience Toolkit (EMET) help mitigate attacks that could attempt to exploit these vulnerabilities? 
Yes. EMET enables users to manage security mitigation technologies that help make it more difficult for attackers to exploit vulnerabilities in a given piece of software. EMET helps to mitigate this vulnerability in Microsoft IME on systems where EMET is installed and configured.

For more information about EMET, see The Enhanced Mitigation Experience Toolkit.

For Security Update Deployment information, see the Microsoft Knowledge Base article referenced here in the Executive Summary.

Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure. See Acknowledgments for more information. 

The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

  • V1.0 (November 11, 2014): Bulletin published.

Page generated 2015-01-14 12:00Z-08:00.
Show:
© 2016 Microsoft