MS14-027: Vulnerability in Windows shell handler could allow elevation of privilege: May 13, 2014

2017-01-07T22:07:24
ID KB2962488
Type mskb
Reporter Microsoft
Modified 2014-05-15T08:01:17

Description

<html><body><p>Resolves a vulnerability in Windows that could allow elevation of privilege if an attacker runs a specially crafted application that uses ShellExecute.</p><h2>INTRODUCTION</h2><div class="kb-summary-section section">Microsoft has released security bulletin MS14-027. To learn more about this security bulletin: <br/><ul class="sbody-free_list"><li>Home users:<br/><div class="indent"><a href="https://www.microsoft.com/security/pc-security/updates.aspx" id="kb-link-1" target="_self">https://www.microsoft.com/security/pc-security/updates.aspx</a></div><span class="text-base">Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now:<br/><div class="indent"><a href="https://update.microsoft.com/microsoftupdate/" id="kb-link-2" target="_self">https://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<br/><div class="indent"><a href="https://technet.microsoft.com/security/bulletin/ms14-027" id="kb-link-3" target="_self">https://technet.microsoft.com/security/bulletin/MS14-027</a></div></li></ul><h3 class="sbody-h3">How to obtain help and support for this security update</h3>Help installing updates:<br/><a href="https://support.microsoft.com/ph/6527" id="kb-link-4" target="_self">Support for Microsoft Update</a><br/><br/>Security solutions for IT professionals:<br/><a href="https://technet.microsoft.com/security/bb980617.aspx" id="kb-link-5" target="_self">TechNet Security Troubleshooting and Support</a><br/><br/>Help protect your Windows-based computer Windows from viruses and malware:<br/><a href="https://support.microsoft.com/contactus/cu_sc_virsec_master" id="kb-link-6" target="_self">Virus Solution and Security Center</a><br/><br/>Local support according to your country:<br/><a href="https://support.microsoft.com/common/international.aspx" id="kb-link-7" target="_self">International Support</a><br/><br/></div><h2>More Information</h2><div class="kb-moreinformation-section section"><h3 class="sbody-h3">Known issues and additional information about this security update</h3>The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.<br/><br/><ul class="sbody-free_list"><li><div class="indent"><a href="https://support.microsoft.com/en-us/help/2926765" id="kb-link-8">2926765 </a> MS14-027: Description of the security update for Windows: May 13, 2014</div>This update is for systems running the following operating systems:<ul class="sbody-free_list"><li>Windows Server 2003</li><li>Windows Vista and Windows Server 2008</li><li>Windows 7 and Windows Server 2008 R2</li><li>Windows 8 and Windows Server 2012</li><li>Windows 8.1 and Windows Server 2012 R2 systems that have applied the April 2014 update 2919355.</li></ul></li><li><div class="indent"><a href="https://support.microsoft.com/en-us/help/2962123" id="kb-link-9">2962123 </a> MS14-027: Description of the security update for Windows systems that do not have update 2919355 installed: May 13, 2014</div></li></ul></div><h2>FILE INFORMATION</h2><div class="kb-summary-section section"><div class="faq-section" faq-section=""><div class="faq-panel"><div class="faq-panel-heading" faq-panel-heading=""><span class="link-expand-image"><span class="faq-chevron win-icon win-icon-ChevronUpSmall"></span></span><span class="bold btn-link link-expand-text"><span class="bold btn-link">File hash information</span></span></div><div class="faq-panel-body" faq-panel-body=""><span><div class="kb-collapsible kb-collapsible-collapsed"><div class="table-responsive"><table class="sbody-table table"><tr class="sbody-tr"><th class="sbody-th">File name</th><th class="sbody-th">SHA1 hash</th><th class="sbody-th">SHA256 hash</th></tr><tr class="sbody-tr"><td class="sbody-td">Windows6.0-KB2926765-ia64.msu</td><td class="sbody-td">067C72E70D6C76580732FDA908946704B2609FB5</td><td class="sbody-td">3626789D6A1EDFCEC3A2516D78C755F60DB56C4D9D63853B0D622CF1F705CFEB</td></tr><tr class="sbody-tr"><td class="sbody-td">Windows6.0-KB2926765-x64.msu</td><td class="sbody-td">F1D23D15125102220FC676C4A959D8778F9A9A67</td><td class="sbody-td">A937230663DC78E3A3107E6E33AF75E5B19CFF067A19553B95CF2E80D2C2A653</td></tr><tr class="sbody-tr"><td class="sbody-td">Windows6.0-KB2926765-x86.msu</td><td class="sbody-td">5627C12E7832FA1684F7EE8206A824B2E4D7A23F</td><td class="sbody-td">48271DEC323CBB94AFDDBD67412A34112FA04BC41437EC62A23054247A35ECB2</td></tr><tr class="sbody-tr"><td class="sbody-td">Windows6.1-KB2926765-ia64.msu</td><td class="sbody-td">20D75402C10CFC28A20A2710E6311F39ADFE3973</td><td class="sbody-td">C0B92BAB09B6134D67BAC38E202A0ECD2068FA64E81CC068188FE66DC43B4A71</td></tr><tr class="sbody-tr"><td class="sbody-td">Windows6.1-KB2926765-x64.msu</td><td class="sbody-td">74681DD9F36164F213DC43565FEFB263D6B046B3</td><td class="sbody-td">CE1A3A90C2A5B5EAA08A23FF670369CFAEC73DB504E55A625D47F0DA60474D9C</td></tr><tr class="sbody-tr"><td class="sbody-td">Windows6.1-KB2926765-x86.msu</td><td class="sbody-td">B8147514216BED93A4DA14835E04000D8745F961</td><td class="sbody-td">F0F7EF63E0763F006704E98FDCAAAEC6F6CD4C13D886968690519ABAB40B80BD</td></tr><tr class="sbody-tr"><td class="sbody-td">Windows8-RT-KB2926765-x64.msu</td><td class="sbody-td">DAB9A5F881FF08CDFED042E595B4D3BAE2D328A0</td><td class="sbody-td">0F2711D73CC5E34B41FE0E1981CE3FD569D432A9BA2DE7D976801EFA4733A3FE</td></tr><tr class="sbody-tr"><td class="sbody-td">Windows8-RT-KB2926765-x86.msu</td><td class="sbody-td">1507120BDCB915582FD8B3C42AE7BDFC21F5DD4A</td><td class="sbody-td">BAAC7988300C5488CCDAF87E8D69C78B82F02266211229165C1F158FD1FF9A6E</td></tr><tr class="sbody-tr"><td class="sbody-td">Windows8.1-KB2926765-x64.msu</td><td class="sbody-td">B8521026DD8C07C9166258FA20E62DD9284D607A</td><td class="sbody-td">7936ED8D1566EAEFC7BC0C96F33D3D8BEFC3879DA7A6D3A0A781461899B186FB</td></tr><tr class="sbody-tr"><td class="sbody-td">Windows8.1-KB2926765-x86.msu</td><td class="sbody-td">D04AE140512AADEB5CB1562C543C08EA59487DC0</td><td class="sbody-td">A8A18B3AC4017C68C60415AF79C19EFC627A9D9A173A98AA082CD3C2BF601E77</td></tr><tr class="sbody-tr"><td class="sbody-td">Windows8.1-KB2962123-x64.msu</td><td class="sbody-td">7037022F4A884AAC79A47F0BE7F5E96939C0D9AF</td><td class="sbody-td">846A9990386C515C3537CEB53DFBB70B763BA2C673CA8140FF9A0017C0145734</td></tr><tr class="sbody-tr"><td class="sbody-td">Windows8.1-KB2962123-x86.msu</td><td class="sbody-td">59B51E5A93FF7208F54944B1A1BE92609D143232</td><td class="sbody-td">E09D33B253D147EA69A01D44F6ED87F2D5B1029766054A1AFDF4BABF6ACC62C7</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-ia64-DEU.exe</td><td class="sbody-td">459129F7DCCD2607145862C52DF2B744883EFCE5</td><td class="sbody-td">34456AC6EED4910CFE38422E2C875A07B407D1BE01C36BA063EB24756BD091C8</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-ia64-ENU.exe</td><td class="sbody-td">030EAF19292F5354557917490621F2113696D6FD</td><td class="sbody-td">2CC6F229B88CF50968B7AAFC3A59A95B254C725A284BF8154C604467279ACBFB</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-ia64-FRA.exe</td><td class="sbody-td">D6A87DE58D61DC8D10A5EE17CA4CB9B2CFA4FABD</td><td class="sbody-td">3144EDAF143E3DCDAB565B8A69A5769401EBA61B66876D972A065D175E4E4968</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-ia64-JPN.exe</td><td class="sbody-td">6A6835152531D1EFF1C40597716CE428D9451EA0</td><td class="sbody-td">C7ABA12CC5764D764AA41CDFBBCF20F876609AF3E8BA5982028394C9891C903B</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-x64-CHS.exe</td><td class="sbody-td">40B9B713BCC3C818D7768489F1CE883552F2EA8B</td><td class="sbody-td">F7F2873EAB72F1C6B29B7A6F8FD72B1DA9BB04961DD3740E79FB04D4C7C598AC</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-x64-CHT.exe</td><td class="sbody-td">FBADF36D6AE3070B222CA74CAA4D8ECAFCE62077</td><td class="sbody-td">CBAF16FFCBEA1012732985D1F3B0F9A543E0DCF2B08ED77083E8B67245BDAAB1</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-x64-DEU.exe</td><td class="sbody-td">7D45CAE38A140B84716440BEA80EFED212F715B2</td><td class="sbody-td">8AC6D0E496DFA5F93189E3BBA462092216C5BDD7B2C4A47E75950958BAB352AE</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-x64-ENU.exe</td><td class="sbody-td">54911D56858F0941DF9DB48EB5434C658590FAAD</td><td class="sbody-td">EF4526B44F7E128EDF87C36CF6FD07F0EE2F71D65FB7079B6345E85A49DD9B67</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-x64-ESN.exe</td><td class="sbody-td">33CD54288E54CFB3ED23CDC8D5C68DC327AA660A</td><td class="sbody-td">12D1D942A5221176735F4D30331C07C2B5F228520FE52A18797CD11EFAF5D3B1</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-x64-FRA.exe</td><td class="sbody-td">AD234DF1CAE19721A6F64ACEC2616324360550DC</td><td class="sbody-td">E6FEEA1A8B95955E5AB442699DBDCD83669D3FB077E00B8970B9E7F0B57FB37B</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-x64-ITA.exe</td><td class="sbody-td">479466C9CD2CF828804E51E6C3F0C484D5F7051D</td><td class="sbody-td">DF90505B744A65C58C0631BB7BB2A93C80DED626A11A6ADA4BD5B51B84F241D9</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-x64-JPN.exe</td><td class="sbody-td">6AF4F38771FDAA6DD1E8E282F4A61AA58D942F59</td><td class="sbody-td">BEA3C50FB7A23FA6C38A95DC8629239B7306F6C332C6E4C705921FDAC274CECC</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-x64-KOR.exe</td><td class="sbody-td">0A8FC1EEDFE7B84F0A10D9D0319AECBE75456F21</td><td class="sbody-td">191704949DCDA5B6922C753031B284E25BDB75FFEA6B1590B86ED9D88690E6DC</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-x64-PTB.exe</td><td class="sbody-td">3AED1DA16276AA14B32922528A1C6BE9E9B22744</td><td class="sbody-td">BFFAF66DB6117F48F2EEA59B965F4CB8370B8A790C959F44FA55DBB0BD4520CB</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-x64-RUS.exe</td><td class="sbody-td">6A82156917670F2F97B66FFD4263BE1769A4C8CE</td><td class="sbody-td">ABE52F6FFBB4972D6D4F44B698FEF2319ED99B9071732B1883D8FEC7D06CAC60</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-x86-CHS.exe</td><td class="sbody-td">09F7E2DB6FF07427103FB76148EC701D14654214</td><td class="sbody-td">C7BA0782529C65D9E0D29A0BABE2F26CE59FC74F23E096C29195E8642995B7FF</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-x86-CHT.exe</td><td class="sbody-td">3DFB7D6D1C1BDBC33FC8E6598B91C6DC4A53C035</td><td class="sbody-td">DAF431BA7853658EAA67BA21DDB942CBD65D3DA54BF15037475315EFC8BBD94D</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-x86-CSY.exe</td><td class="sbody-td">0DF2208767C6637A4A11308F4FA93CB5CEF84C6A</td><td class="sbody-td">B1E652BD67006765DAF74C8CE56CEC9E3F2490CDE2E0F56B0E3592D53C5B2EC2</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-x86-DEU.exe</td><td class="sbody-td">83281E021D51032C88AFB6D119973599B734DB1B</td><td class="sbody-td">B9914F4687B09E177C88BFE2B794328605AEF2F4C49DC3E496CB41F9E5E35582</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-x86-ENU.exe</td><td class="sbody-td">8C3D446B41A953C4663B2D437C193D81C34347AA</td><td class="sbody-td">9CD80AD3A1784FC8274EFE52AE6BFDD8D82242915D3A99F78F88CAB8CEDE29B1</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-x86-ESN.exe</td><td class="sbody-td">5F4EBCC4A6612FD3590DB80B26C563CC84BBD1FA</td><td class="sbody-td">8F0E35EBC9A0AB20D634B85402F2D173669B30424C7FA40A22E2471973358433</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-x86-FRA.exe</td><td class="sbody-td">4329C236DE1C9786DEFDAFBEDBCC6796D0DBCFC4</td><td class="sbody-td">4A7515BBB607C08D139F74F65A587C5AD19BE96935ECFA16D3BFE9AE49254F44</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-x86-HUN.exe</td><td class="sbody-td">ADFB6DFFA35DBCE7BCAB61190C0B8060F729118F</td><td class="sbody-td">63B31C18F9296807DCF0BB11F38A3680FA8E89F7F3BDF2613DE76345EC663214</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-x86-ITA.exe</td><td class="sbody-td">0CBA91CE99BF542CDC451F6AF310E3F37A9FC94C</td><td class="sbody-td">2539734414FBB39BCAB33654A0153CBE89EA78BBA02F5085A5F8F05AC1E9FA8F</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-x86-JPN.exe</td><td class="sbody-td">2686535C1E2B1FA80E96FAF0DB57839338F08335</td><td class="sbody-td">7281908BE02EBC6942E8E6549EAFAB60BE52E85B71D93178ACA755AD4E5FBCB0</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-x86-KOR.exe</td><td class="sbody-td">B2E2B29961FB4832239024EB732A2B6D4B8C4C8A</td><td class="sbody-td">C4A0C15922F14E7E06AA00A43C238C6B824A675F2A16A7FB537A95C9DF0BE100</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-x86-NLD.exe</td><td class="sbody-td">5854E33EAE6A220F9B39C84D546FD9C2C5F8B0F6</td><td class="sbody-td">04D5FDA22F044BC894DF3819183E1F79B61A18078841D834BAA2898F4625C81D</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-x86-PLK.exe</td><td class="sbody-td">D53835547D1F70959706343F26B5A24CD330564B</td><td class="sbody-td">244136C5273C672550509029A5BB7BF321EB3FD4EC0B0B382A74CC25B2E02F83</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-x86-PTB.exe</td><td class="sbody-td">144C5B9AB89C61D8F48CC0F764AC603D0B8F6373</td><td class="sbody-td">0A14473CCAB3D546E453C674F32188E780CCAE412141F21C6AAEE6FE2AD03730</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-x86-PTG.exe</td><td class="sbody-td">A407BFC8988B2CF5A95893419F4DB971BBF9566D</td><td class="sbody-td">941B655B882585D816CE9133E0044D0F77E1916A92A9FCF6153EE24733DF15F6</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-x86-RUS.exe</td><td class="sbody-td">E5719534E61B06DA8377E3D4EB558C03D02A5F8E</td><td class="sbody-td">05266FCE40EC87F65CEA09B703C9F2B1CBB359337E7A50126D5389CD104F5CF8</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-x86-SVE.exe</td><td class="sbody-td">D850F8E5ABA60BA030F1B83696EDCD3787F9AD3B</td><td class="sbody-td">AFE061816FA9FB150B806CD3AD76961DCA9FE4785A31F7A5F881850E5420C31A</td></tr><tr class="sbody-tr"><td class="sbody-td">WindowsServer2003-KB2926765-x86-TRK.exe</td><td class="sbody-td">E98E3CB9B428A5BB2DB9FC9AD27E7AA58D069A15</td><td class="sbody-td">1B7A3375917F527E19B570038646ADB9EB69E668BD4AA25E4322991C8B2B624C</td></tr></table></div></div><br/></span></div></div></div></div></body></html>