Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (MS14-019)

ITS Advisory Number: 
2014-033
Date(s) Issued: 
Tuesday, April 8, 2014
Subject: 
Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (MS14-019)
Overview: 

A vulnerability has been discovered in Windows that could allow for remote code execution. This vulnerability could be exploited if a user runs specially crafted .bat and .cmd files from a trusted or semi-trusted network location.

Successful exploitation of this vulnerability could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

Systems Affected: 
  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Windows 8
  • Windows 8.1
  • Windows Server 2012
  • Windows RT
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
Low
Description: 

A remote code execution vulnerability exists in the way that Microsoft Windows processes .bat and .cmd files that are run from a network location. The vulnerability is caused by Windows improperly restricting the path used for processing .bat and .cmd files

Successful exploitation of this vulnerability could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

Actions: 
  • Apply appropriate patches provided by Microsoft to vulnerable systems immediately after appropriate testing.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Remind users not to open e-mail attachments from unknown users or suspicious e-mails from trusted sources.
  • Remind users not to download or open files from un-trusted websites.
References: 
Microsoft:
https://technet.microsoft.com/en-us/security/bulletin/ms14-019
CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-0315