Microsoft Patch Tuesday – November 2013

      No Comments on Microsoft Patch Tuesday – November 2013

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing eight bulletins covering a total of 19 vulnerabilities. Nine of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the November releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Nov

The following is a breakdown of the issues being addressed this month:

  1. MS13-089 Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution (2876331)

    Graphics Device Interface Integer Overflow Vulnerability (CVE-2013-3940) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) processes specially crafted Windows Write files in Wordpad. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  2. MS13-088 Cumulative Security Update for Internet Explorer (2888505)

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3871) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Information Disclosure Vulnerability (CVE-2013-3908) MS Rating: Important

    An information disclosure vulnerability exists in the way that Internet Explorer handles specially crafted web content when generating print previews. This vulnerability could gather information from any page that the victim is viewing.

    Internet Explorer Information Disclosure Vulnerability (CVE-2013-3909) MS Rating: Moderate

    An information disclosure vulnerability exists in the way that Internet Explorer processes CSS special characters. An attacker could exploit the vulnerability by constructing a specially crafted webpage that could allow an information disclosure if a user viewed the webpage. This vulnerability could view content from another domain or Internet Explorer zone.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3910) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3911) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3912) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3914) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3915) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3916) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3917) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

  3. MS13-092 Vulnerability in Hyper-V Could Allow Elevation of Privilege (2893986)

    Address Corruption Vulnerability (CVE-2013-3898) MS Rating: Important

    An elevation of privilege vulnerability exists in Hyper-V on Windows 8 and Windows Server 2012. An attacker who successfully exploited this vulnerability could execute arbitrary code as System in another virtual machine (VM) on the shared Hyper-V host. An attacker would not be able to execute code on the Hyper-V host, but would be able to on guest VMs on the same host. The vulnerability could also allow a denial-of-service in Hyper-V on the same platforms, allowing an attacker to cause the Hyper-V host to stop responding or to restart.

  4. MS13-093 Vulnerability in Windows Ancillary Function Driver Could Allow Information Disclosure (2875783)

    Ancillary Function Driver Information Disclosure Vulnerability (CVE-2013-3887) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel-mode driver improperly handles copying data between kernel and user memory.

  5. MS13-095 Vulnerability in XML Digital Signatures Could Allow Denial of Service (2868626)

    XML Digital Signatures Vulnerability (CVE-2013-3869) MS Rating: Important

    A denial of service vulnerability exists in implementations of X.509 certificate parsing that could cause the service to stop responding. The vulnerability is caused when the X.509 certificate vailidation operation fails to handle a specially crafted X.509 certificate.

  6. MS13-094 Vulnerability in Microsoft Outlook Could Allow Information Disclosure (2894514)

    S/MIME AIA Vulnerability (CVE-2013-3905) MS Rating: Important

    An information disclosure vulnerability when Microsoft Outlook does not properly handle the expansion of S/MIME certificate metadata. An attacker who successfully exploited this vulnerability could ascertain system information, such as the IP address, and open TCP ports, from the target system and other systems that share the network with the target system.

  7. MS13-090 Cumulative Security Update of ActiveX Kill Bits (2900986)

    InformationCardSigninHelper Vulnerability (CVE-2013-3918) MS Rating: Critical

    A remote code execution vulnerability exists in the the InformationCardSigninHelper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.

  8. MS13-091 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2885093)

    WPD File Format Memory Corruption Vulnerability (CVE-2013-0082) MS Rating: Important

    A remote code execution vulnerability exists in the way that affected Microsoft Office software parses a specially crafted WordPerfect document (.wpd) files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

    Word Stack Buffer Overwrite Vulnerability (CVE-2013-1324) MS Rating: Important

    A remote code execution vulnerability exists in the way that affected Microsoft Office software parses specially crafted WordPerfect document files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Word Heap Overwrite Vulnerability (CVE-2013-1325) MS Rating: Important

    A remote code execution vulnerability exists in the way that affected Microsoft Office software parses specially crafted WordPerfect document files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.

Leave a Reply