Ivanti Patch News Bulletin: Microsoft has Released KB4014794 to Address a Security Issue with Libjpeg 24-APR-2017

Version 1

    Ivanti Security and Patch News     



    ·      (April 24, 2017) Microsoft has released KB4014794 to address a security issue with libjpeg. An information disclosure vulnerability exists within the open-source libjpeg image-processing library where it fails to properly handle objects in memory, allowing an attacker to retrieve information that could lead to an Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited this vulnerability could cause information to be disclosed that could allow for bypassing the ASLR security feature that protects users from a broad class of vulnerabilities.
    The security feature bypass itself does not allow arbitrary code execution. However, an attacker could use the ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, that could take advantage of the ASLR bypass to run arbitrary code.
    To exploit this vulnerability, an attacker could convince a user to run a specially crafted application. The security update addresses the vulnerability by correcting how libjpeg handles objects in memory.
    Please visit the following page for more details: https://support2.microsoft.com/kb/4014794  


    New Vulnerabilities     

    ·             Vulnerability ID – 4014794_MSU  


    Changed Vulnerabilities     

    ·          Vulnerability ID – N/A    


    New Patch Downloads     

      ·               windows6.0-kb4014794-x86.msu  

      ·               windows6.0-kb4014794-x64.msu  


    Where to Send Feedback           

    At Ivanti, we are constantly striving to improve our products and services and hope you find these changes reflective of our ongoing commitment to listen to you—our partners and customers—in providing the best possible solutions to meet your needs now and in the future.  Please continue to provide feedback by contacting our local support organization.    


    Best regards,  

    Ivanti Product Support  


    Copyright © 2017 Ivanti Software.  All rights reserved. Ivanti is either a registered trademark or trademark of Ivanti Software, Ltd. or its affiliated entities in the United States and/or other countries. Other names or brands may be claimed as the property of others.    


    Information in this document is provided for information purposes only.  The information presented here is subject to change without notice.  This information is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including any implied warranties and conditions of merchantability or fitness for a particular purpose. Ivanti disclaims any liability with respect to this document and Ivanti has no responsibility or liability for any third party products of any content contained on any site referenced herein.  This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. For the most current product information, please visit http://www.ivanti.com