Microsoft Patch Tuesday – August 2013

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing eight bulletins covering a total of 23 vulnerabilities. 14 of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the July releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Aug

The following is a breakdown of the issues being addressed this month:

  1. MS13-066 Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (2873872)

    AD FS Information Disclosure Vulnerability (CVE-2013-3185) MS Rating: Important

    An information disclosure vulnerability exists in Active Directory Federation Services (AD FS) that could allow the unintentional disclosure of account information.

  2. MS13-062 Vulnerability in Remote Procedure Call Could Allow Elevation of Privilege (2849470)

    Remote Procedure Call Vulnerability (CVE-2013-3175) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that Windows handles asynchronous RPC requests. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.

  3. MS13-064 Vulnerability in Windows NAT Driver Could Allow Denial of Service (2849568)

    Windows NAT Denial of Service Vulnerability (CVE-2013-3182) MS Rating: Important

    A denial of service vulnerability exists in the Windows NAT Driver that could cause the target system to stop responding until restarted.

  4. MS13-060 Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2850869)

    Uniscribe Font Parsing Engine Memory Corruption Vulnerability (CVE-2013-3181) MS Rating: Critical

    A remote code execution vulnerability exists in the Unicode Scripts Processor included in affected versions of Microsoft Windows. An attacker who successfully exploited this vulnerability could run arbitrary code as the current user.

  5. MS13-065 Vulnerability in ICMPv6 could allow Denial of Service (2868623)

    ICMPv6 Vulnerability (CVE-2013-3183) MS Rating: Important

    A denial of service vulnerability exists in the Windows TCP/IP stack that could cause the target system to stop responding until restarted. The vulnerability is caused when the TCP/IP stack does not properly allocate memory for incoming ICMPv6 packets.

  6. MS13-059 Cumulative Security Update for Internet Explorer (2862772)

    Internet Explorer Process Integrity Level Assignment Vulnerability (CVE-2013-3186) MS Rating: Moderate

    An elevation of privilege vulnerability exists in the way that Internet Explorer handles process integrity level assignment in specific cases. An attacker who successfully exploited this vulnerability could allow arbitrary code to execute with elevated privileges.

    EUC-JP Character Encoding Vulnerability (CVE-2013-3192) MS Rating: Moderate

    An information disclosure vulnerability exists in Internet Explorer that could allow script to perform cross-site scripting attacks. An attacker could exploit the vulnerability by inserting specially crafted strings into a website, resulting in information disclosure when a user viewed the website.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3184) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3187) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3188) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3189) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3190) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3191) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3193) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3194) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3199) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

  7. MS13-063 Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2859537)

    ASLR Security Feature Bypass Vulnerability (CVE-2013-2556) MS Rating: Important

    A security feature vulnerability exists in Windows due to the improper implementation of the Address Space Layout Randomization (ASLR). The vulnerability could allow an attacker to bypass the ASLR security feature, most likely during, or in the course of exploiting, a remote code execution vulnerability. The attacker could then load a DLL in the process.

    Windows Kernel Memory Corruption Vulnerability(CVE-2013-3196) MS Rating: Important

    An elevation of privilege vulnerability exists in the Windows kernel due to a memory corruption condition in the NT Virtual DOS Machine (NTVDM). An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.

    Windows Kernel Memory Corruption Vulnerability(CVE-2013-3197) MS Rating: Important

    An elevation of privilege vulnerability exists in the Windows kernel due to a memory corruption condition in the NT Virtual DOS Machine (NTVDM). An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.

    Windows Kernel Memory Corruption Vulnerability(CVE-2013-3198) MS Rating: Important

    An elevation of privilege vulnerability exists in the Windows kernel due to a memory corruption condition in the NT Virtual DOS Machine (NTVDM). An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.

  8. MS13-061 Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2876063)

    Oracle Outside In Contains Multiple Exploitable Vulnerabilities (CVE-2013-2393) MS Rating: Critical

    Remote Code Execution vulnerabilities exist in Exchange Server 2007 and Exchange Server 2010 through the WebReady Document Viewing feature. The vulnerabilities could allow a remote code execution as the LocalService account if a user views a specially crafted file through Outlook Web Access in a browser.

    Oracle Outside In Contains Multiple Exploitable Vulnerabilities (CVE-2013-3776) MS Rating: Critical

    Remote Code Execution vulnerabilities exist in Exchange Server 2007 and Exchange Server 2010 through the WebReady Document Viewing feature. The vulnerabilities could allow a remote code execution as the LocalService account if a user views a specially crafted file through Outlook Web Access in a browser.

    Oracle Outside In Contains Multiple Exploitable Vulnerabilities (CVE-2013-3781) MS Rating: Critical

    Remote Code Execution vulnerabilities exist in Exchange Server 2007 and Exchange Server 2010 through the WebReady Document Viewing feature. The vulnerabilities could allow a remote code execution as the LocalService account if a user views a specially crafted file through Outlook Web Access in a browser.

More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.