Microsoft Patch Tuesday – July 2013

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing seven bulletins covering a total of 36 vulnerabilities. 24 of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the July releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Jul

The following is a breakdown of the issues being addressed this month:

  1. MS13-052 Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution (2861561)

    TrueType Font Parsing Vulnerability (CVE-2013-3129) MS Rating: Critical

    A remote code execution vulnerability exists in the way that affected components handle specially crafted TrueType font files. The vulnerability could allow a remote code execution if a user opens a specially crafted TrueType font file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full administrative rights.

    Array Access Violation Vulnerability (CVE-2013-3131) MS Rating: Critical

    A remote code execution vulnerability exists in the way the .NET Framework handles multidimensional arrays of small structures.

    Delegate Reflection Bypass Vulnerability (CVE-2013-3132) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that the .NET Framework validates the permissions of certain objects performing reflection. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

    Anonymous Method Injection Vulnerability (CVE-2013-3133) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that the .NET Framework validates permissions for objects involved with reflection.

    Array Allocation Vulnerability (CVE-2013-3134) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the .NET Framework allocates arrays of small structures.

    Delegate Serialization Vulnerability (CVE-2013-3171) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that the .NET Framework validates permissions for delegate objects during serialization.

    Null Pointer Vulnerability (CVE-2013-3178) MS Rating: Important

    A remote code execution vulnerability exists in the way Silverlight handles a null pointer.

  2. MS13-053 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851)

    Win32k Memory Allocation Vulnerability (CVE-2013-1300) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated privileges.

    Win32k Dereference Vulnerability (CVE-2013-1340) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated privileges.

    Win32k Vulnerability (CVE-2013-1345) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated privileges.

    TrueType Font Parsing Vulnerability (CVE-2013-3129) MS Rating: Critical

    A remote code execution vulnerability exists in the way that affected components handle specially crafted TrueType font files. The vulnerability could allow a remote code execution if a user opens a specially crafted TrueType font file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full administrative rights.

    Win32k Use After Free Vulnerability (CVE-2013-3167) MS Rating: Important

    An information disclosure vulnerability exists in the way that the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated privileges.

    Win32k Buffer Overflow Vulnerability (CVE-2013-3172) MS Rating: Moderate

    A denial of service vulnerability exists in the way that the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated privileges.

    Win32k Buffer Overwrite Vulnerability (CVE-2013-3173) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated privileges.

    Win32k Read AV Vulnerability (CVE-2013-3660) MS Rating: Critical

    An elevation of privilege vulnerability exists in the way that the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated privileges.

  3. MS13-054 Vulnerability in GDI+ Could Allow Remote Code Execution (2848295)

    TrueType Font Parsing Vulnerability (CVE-2013-3129) MS Rating: Critical

    A vulnerability exists in the way that affected Windows components and other affected software handle specially crafted TrueType font files. The vulnerability could allow a remote code execution if a user opens a specially crafted TrueType font file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full administrative rights.

  4. MS13-055 Cumulative Security Update for Internet Explorer (2846071)

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3115) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3143) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3144) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3145) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3146) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3147) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3148) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3149) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3150) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3151) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3152) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3153) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3161) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3162) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3163) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3164) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Shift JIS Character Encoding Vulnerability (CVE-2013-3166) MS Rating: Important

    A cross-site-scripting (XSS) vulnerability exists in Internet Explorer that could allow an attacker to gain access to information in another domain or Internet Explorer zone. An attacker could exploit the vulnerability by constructing a specially crafted webpage that could allow an information disclosure if a user viewed the webpage. An attacker who successfully exploited this vulnerability could view content from another domain or Internet Explorer zone.

  5. MS13-056 Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2845187)

    DirectShow Arbitrary Memory Overwrite Vulnerability (CVE-2013-3174) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Microsoft DirectShow parses GIF image files. This vulnerability could allow a remote code execution if a user opened a specially crafted GIF file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  6. MS13-057 Vulnerability in Windows Media Format Runtime Could Allow Remote Code Execution (2847883)

    WMV Video Decoder Remote Code Execution Vulnerability (CVE-2013-3127) MS Rating: Critical

    A remote code execution vulnerability exists in the way Windows Media Format Runtime handles certain media files. This vulnerability could allow an attacker to execute arbitrary code if the attacker convinces a user to open a specially crafted media file. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.

  7. MS13-058 Vulnerability in Windows Defender Could Allow Elevation of Privilege (2847927)

    Microsoft Windows 7 Defender Improper Pathname Vulnerability (CVE-2013-3154) MS Rating: Important

    This is an elevation of privilege vulnerability. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take complete control of the system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. An attacker must have valid logon credentials to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.

More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.