Microsoft Patch Tuesday – October 2013

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing eight bulletins covering a total of 26 vulnerabilities. Sixteen of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the October releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Oct

The following is a breakdown of the issues being addressed this month:

  1. MS13-087 Vulnerability in Silverlight Could Allow Information Disclosure (2890788)

    Silverlight Vulnerability (CVE-2013-3896) MS Rating: Important

    An information disclosure vulnerability exists in how Silverlight handles certain objects in memory.

  2. MS13-080 Cumulative Security Update for Internet Explorer (2879017)

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3871) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3872) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3873) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3874) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3875) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3882) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3885) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3886) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3893) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-3897) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

  3. MS13-082 Vulnerabilities in .Net Framework Could Allow Remote Code Execution (2878890)

    OpenType Font Parsing Vulnerability (CVE-2013-3128) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Windows parses specially crafted OpenType fonts (OTF). An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

    Entity Expansion Vulnerability (CVE-2013-3860) MS Rating: Critical

    A denial of service vulnerability exists in the .NET Framework that could allow an attacker to cause a server or application to crash or become unresponsive.

    JSON Parsing Vulnerability (CVE-2013-3861) MS Rating: Critical

    A denial of service vulnerability exists in the .NET Framework that could allow an attacker to cause a server or application to crash or become unresponsive.

  4. MS13-085 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080)

    Microsoft Excel Memory Corruption Vulnerability (CVE-2013-3890) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Excel parses content in Excel files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Microsoft Excel Memory Corruption Vulnerability (CVE-2013-3889) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Excel parses content in Excel files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  5. MS13-086 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2885084)

    Memory Corruption Vulnerability (CVE-2013-3892) MS Rating: Important

    A remote code execution vulnerability exists in the way that the affected Microsoft Word software parses specially crafted files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

    Memory Corruption Vulnerability (CVE-2013-3891) MS Rating: Important

    A remote code execution vulnerability exists in the way that the affected Microsoft Word software parses specially crafted files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

  6. MS13-084 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2885089)

    Microsoft Excel Memory Corruption Vulnerability (CVE-2013-3889) MS Rating: Important

    A remote code execution vulnerability exists in the way that the affected Microsoft Office Services and Web Apps parse content in specially crafted files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Parameter Injection Vulnerability (CVE-2013-3895) MS Rating: Important

    An elevation of privilege vulnerability exists in Microsoft SharePoint Server. An attacker who successfully exploited this vulnerability could perform cross-site scripting attacks and run script in the security context of the logged-on user.

  7. MS13-083 Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2864058)

    Comctl32 Integer Overflow Vulnerability (CVE-2013-3195) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Windows common control library handles allocating memory for data structures. The vulnerability could allow remote code execution if an attacker sends a specially crafted web request to an ASP.NET web application running on an affected system.

  8. MS13-081 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008)

    OpenType Font Parsing Vulnerability (CVE-2013-3128) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Windows parses specially crafted OpenType fonts (OTF). An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

    Windows USB Descriptor Vulnerability (CVE-2013-3200) MS Rating: Important

    An elevation of privilege vulnerability exists when Windows USB drivers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

    Win32k Use After Free Vulnerability (CVE-2013-3879) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

    App Container Elevation of Privilege Vulnerability (CVE-2013-3880) MS Rating: Important

    An elevation of privilege vulnerability exists in the Windows App Container.

    Win32k NULL Page Vulnerability (CVE-2013-3881) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

    DirectX Graphics Kernel Subsystem Double Fetch Vulnerability (CVE-2013-3888) MS Rating: Important

    An elevation of privilege vulnerability exists when the Microsoft DirectX graphics kernel subsystem (dxgkrnl.sys) improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

    TrueType Font CMAP Table Vulnerability (CVE-2013-3894) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Windows parses specially crafted TrueType fonts (TTF). An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.