Microsoft Patch Tuesday – September 2013

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing thirteen bulletins covering a total of 47 vulnerabilities. Thirteen of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the September releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Sep

The following is a breakdown of the issues being addressed this month:

  1. MS13-068 Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2756473)

    Message Certificate Vulnerability (CVE-2013-3870) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted S/MIME email messages. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

  2. MS13-069 Cumulative Security Update for Internet Explorer (2870699)

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3201) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3202) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3203) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3204) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3205) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3206) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3207) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3208) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3209) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3845) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

  3. MS13-067 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052)

    SharePoint Denial of Service Vulnerability (CVE-2013-0081) MS Rating: Important

    A denial of service vulnerability exists in Microsoft SharePoint Server. An attacker who successfully exploited this vulnerability could cause the W3WP process on an affected version of SharePoint Server to stop responding, causing the SharePoint site, and any other sites running under that process, to become unavailable until the process is restarted.

    MAC Disabled Vulnerability (CVE-2013-1330) MS Rating: Critical

    A remote code execution vulnerability exists in the way SharePoint Server handles unassigned workflows. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the W3WP service account.

    SharePoint XSS Vulnerability (CVE-2013-3179) MS Rating: Important

    An elevation of privilege exists in Microsoft SharePoint Server. An attacker who successfully exploited this vulnerability could allow an attacker to perform cross-site scripting attacks and run script in the security context of the logged-on user.

    POST XSS Vulnerability (CVE-2013-3180) MS Rating: Important

    An elevation of privilege exists in Microsoft SharePoint Server. An attacker who successfully exploited this vulnerability could allow an attacker to perform cross-site scripting attacks and run script in the security context of the logged-on user.

  4. MS13-072 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537)

    XML External Entities Resolution Vulnerability (CVE-2013-3160) MS Rating: Important

    An information disclosure vulnerability exists in the way that Microsoft Word parses specially crafted XML files containing external entities.

    Word Memory Corruption Vulnerability (CVE-2013-3847) MS Rating: Important

    A remote code execution vulnerability exists in the way that affected Microsoft Office software parses specially crafted files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

    Word Memory Corruption Vulnerability (CVE-2013-3848) MS Rating: Important

    A remote code execution vulnerability exists in the way that affected Microsoft Office software parses specially crafted files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

    Word Memory Corruption Vulnerability (CVE-2013-3849) MS Rating: Important

    A remote code execution vulnerability exists in the way that affected Microsoft Office software parses specially crafted files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

    Word Memory Corruption Vulnerability (CVE-2013-3850) MS Rating: Important

    A remote code execution vulnerability exists in the way that affected Microsoft Office software parses specially crafted files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

    Word Memory Corruption Vulnerability (CVE-2013-3851) MS Rating: Important

    A remote code execution vulnerability exists in the way that affected Microsoft Office software parses specially crafted files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

    Word Memory Corruption Vulnerability (CVE-2013-3852) MS Rating: Important

    A remote code execution vulnerability exists in the way that affected Microsoft Office software parses specially crafted files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

    Word Memory Corruption Vulnerability (CVE-2013-3853) MS Rating: Important

    A remote code execution vulnerability exists in the way that affected Microsoft Office software parses specially crafted files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

    Word Memory Corruption Vulnerability (CVE-2013-3854) MS Rating: Important

    A remote code execution vulnerability exists in the way that affected Microsoft Office software parses specially crafted files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

    Word Memory Corruption Vulnerability (CVE-2013-3855) MS Rating: Important

    A remote code execution vulnerability exists in the way that affected Microsoft Office software parses specially crafted files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

    Word Memory Corruption Vulnerability (CVE-2013-3856) MS Rating: Important

    A remote code execution vulnerability exists in the way that affected Microsoft Office software parses specially crafted files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

    Word Memory Corruption Vulnerability (CVE-2013-3857) MS Rating: Important

    A remote code execution vulnerability exists in the way that affected Microsoft Office software parses specially crafted files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

    Word Memory Corruption Vulnerability (CVE-2013-3858) MS Rating: Important

    A remote code execution vulnerability exists in the way that affected Microsoft Office software parses specially crafted files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

  5. MS13-074 Vulnerabilities in Microsoft Access Could Allow Remote Code Execution (2848637)

    Access Memory Corruption Vulnerability (CVE-2013-3155) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Access parses content in Access files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Access Memory Corruption Vulnerability (CVE-2013-3156) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Access parses content in Access files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Access Memory Corruption Vulnerability (CVE-2013-3157) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Access parses content in Access files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  6. MS13-073 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2858300)

    Microsoft Office Memory Corruption Vulnerability (CVE-2013-1315) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Excel parses content in Excel files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Microsoft Office Memory Corruption Vulnerability (CVE-2013-3158) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Excel parses content in Excel files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    XML External Entities Resolution Vulnerability (CVE-2013-3159) MS Rating: Important

    An information disclosure vulnerability exists in the way that Microsoft Excel parses specially crafted XML files containing external entities.

  7. MS13-071 Vulnerability in Windows Theme File Could Allow Remote Code Execution (2864063)

    Windows Theme File Remote Code Execution Vulnerability (CVE-2013-0810) MS Rating: Important

    A remote code execution vulnerability exists in the way Windows handles certain specially crafted Windows theme files. This vulnerability could allow an attacker to execute arbitrary code if the attacker convinces a user to apply a specially crafted Windows theme. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

  8. MS13-077 Vulnerability in Windows Service Control Manager Could Allow Elevation of Privilege (2872339)

    Service Control Manager Double Free Vulnerability (CVE-2013-3862) MS Rating: Important

    A vulnerability exists in the way that the Windows Service Control Manager (SCM) handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

  9. MS13-070 Vulnerability in OLE Could Allow Remote Code Execution (2876217)

    OLE Property Vulnerability (CVE-2013-3863) MS Rating: Important

    A vulnerability exists in OLE that could lead to remote code execution if a user opens a file that contains a specially crafted OLE object. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  10. MS13-078 Vulnerability in FrontPage Could Allow Information Disclosure (2825621)

    XML Disclosure Vulnerability (CVE-2013-3137) MS Rating: Important

    An information disclosure vulnerability exists in FrontPage that could allow an attacker to disclose the contents of a file on a target system.

  11. MS13-075 Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2878687)

    Chinese IME Vulnerability (CVE-2013-3859) MS Rating: Important

    An elevation of privilege vulnerability exists in Office IME (Chinese) that could allow a low-privilege user to elevate their privileges.

  12. MS13-076 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2876315)

    Win32k Multiple Fetch Vulnerability (CVE-2013-1341) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Multiple Fetch Vulnerability (CVE-2013-1342) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Multiple Fetch Vulnerability (CVE-2013-1343) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Multiple Fetch Vulnerability (CVE-2013-1344) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Multiple Fetch Vulnerability (CVE-2013-3864) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Multiple Fetch Vulnerability (CVE-2013-3865) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Elevation of Privilege Vulnerability (CVE-2013-3866) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and read arbitrary amounts of kernel memory.

  13. MS13-079 Vulnerability in Active Directory Could Allow Denial of Service (2853587)

    Remote Anonymous DoS Vulnerability (CVE-2013-3868) MS Rating: Important

    A denial of service vulnerability exists in implementations of Active Directory that could cause the service to stop responding until an administrator restarts the service. The vulnerability is caused when the LDAP service fails to handle a specially crafted query.

More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.