Microsoft Patch Tuesday – May 2013

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing 10 bulletins covering a total of 33 vulnerabilities. Eleven of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the May releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-May

The following is a breakdown of the issues being addressed this month:

  1. MS13-037 Cumulative Security Update for Internet Explorer (2829530)

    Internet Explorer Use After Free Vulnerability (CVE-2013-1306) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    JSON Array Information Disclosure Vulnerability (CVE-2013-1297) MS Rating: Important

    An information disclosure vulnerability exists in Internet Explorer that could allow an attacker to gain access and read the contents of JSON data files.

    Internet Explorer Use After Free Vulnerability (CVE-2013-1309) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Use After Free Vulnerability (CVE-2013-1307) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Use After Free Vulnerability (CVE-2013-1308) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Use After Free Vulnerability (CVE-2013-1310) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Use After Free Vulnerability (CVE-2013-0811) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Use After Free Vulnerability (CVE-2013-1311) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Use After Free Vulnerability (CVE-2013-2551) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Use After Free Vulnerability (CVE-2013-1312) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Use After Free Vulnerability (CVE-2013-1313) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

  2. MS13-038 Security Update for Internet Explorer (2847204)

    Internet Explorer Use After Free Vulnerability (CVE-2013-1347) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

  3. MS13-039 Vulnerability in HTTP.sys Could Allow Denial of Service (2829254)

    HTTP.sys Denial of Service Vulnerability (CVE-2013-1305) MS Rating: Important

    A denial of service vulnerability exists in Windows Server 2012 and Windows 8 when the HTTP protocol stack (HTTP.sys) improperly handles a malicious HTTP header. An attacker who successfully exploited this vulnerability could trigger an infinite loop in the HTTP protocol stack by sending a specially crafted HTTP header to an affected Windows server or client.

  4. MS13-040 Vulnerabilities in .NET Framework Could Allow Spoofing (2836440)

    XML Digital Signature Spoofing Vulnerability (CVE-2013-1336) MS Rating: Important

    A spoofing vulnerability exists when the Microsoft .NET Framework fails to properly validate the signature of a specially crafted XML file. An attacker who successfully exploited this vulnerability could modify the contents of an XML file without invalidating the signature associated with the file.

    Authentication Bypass Vulnerability (CVE-2013-1337) MS Rating: Important

    A security feature bypass vulnerability exists in the way that the Microsoft .NET Framework improperly creates policy requirements for authentication when setting up custom WCF endpoint authentication. An attacker who successfully exploited this vulnerability would have access to the endpoint functions as if they were authenticated, allowing an attacker to steal information or take any actions in the context of an authenticated user.

  5. MS13-041 Vulnerability in Lync Could Allow Remote Code Execution (2834695)

    Lync RCE Vulnerability (CVE-2013-1302) MS Rating: Important

    A remote code execution vulnerability exists when the Lync control attempts to access an object in memory that has been deleted. An attacker could exploit the vulnerability by convincing a target user to accept an invitation to launch specially crafted content within a Lync or Communicator session. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.

  6. MS13-042 Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2830397)

    Publisher Negative Value Allocation Vulnerability (CVE-2013-1316) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Publisher Corrupt Interface Pointer Vulnerability (CVE-2013-1318) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Publisher Integer Overflow Vulnerability (CVE-2013-1317) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Publisher Buffer Overflow Vulnerability (CVE-2013-1320) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Publisher Return Value Handling Vulnerability (CVE-2013-1319) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Publisher Return Value Validation Vulnerability (CVE-2013-1321) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Publisher Invalid Range Check Vulnerability (CVE-2013-1322) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Publisher Incorrect NULL Value Handling Vulnerability (CVE-2013-1323) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Publisher Signed Integer Vulnerability (CVE-2013-1327) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Publisher Pointer Handling Vulnerability (CVE-2013-1328) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Publisher Buffer Underflow Vulnerability (CVE-2013-1329) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  7. MS13-043 Vulnerability in Microsoft Word Could Allow Remote Code Execution (2830399)

    Word Shape Corruption Vulnerability (CVE-2013-1335) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Word parses content in Word files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  8. MS13-044 Vulnerability in Microsoft Visio Could Allow Information Disclosure (2834692)

    XML External Entities Resolution Vulnerability (CVE-2013-1301) MS Rating: Important

    An information disclosure vulnerability exists in the way that Microsoft Visio parses specially crafted XML files containing external entities.

  9. MS13-045 Vulnerability in Windows Essentials Could Allow Information Disclosure (2813707)

    Windows Essentials Improper URI Handling Vulnerability (CVE-2013-0096) MS Rating: Important

    An information disclosure vulnerability exists when Windows Writer fails to properly handle a specially crafted URL. An attacker who successfully exploited the vulnerability could override Windows Writer proxy settings and overwrite files accessible to the user on the target system.

  10. MS13-046 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2840221)

    DirectX Graphics Kernel Subsystem Double Fetch Vulnerability (CVE-2013-1332) MS Rating: Important

    An elevation of privilege vulnerability exists when the Microsoft DirectX graphics kernel subsystem (dxgkrnl.sys) improperly handles objects in memory.

    Win32k Buffer Overflow Vulnerability (CVE-2013-1333) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could cause system instability.

    Win32k Window Handle Vulnerability (CVE-2013-1334) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated privileges.

More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.