Microsoft Patch Tuesday – December 2013

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing eleven bulletins covering a total of 24 vulnerabilities. Ten of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the December releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Dec

The following is a breakdown of the issues being addressed this month:

  1. MS13-102 Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege (2898715)

    LPC Server Buffer Overrun Vulnerability (CVE-2013-3878) MS Rating: Important

    An elevation of privilege vulnerability exists in Microsoft Local Procedure Call (LPC) where an attacker uses a specially crafted LPC port message to cause a stack-based buffer overflow condition on either the LPC client or server.

  2. MS13-097 Cumulative Security Update for Internet Explorer (2898785)

    Internet Explorer Security Feature Bypass Vulnerability (CVE-2013-5045) MS Rating: Important

    An elevation of privilege vulnerability exists within Internet Explorer, which bypasses Internet Explorer Enhanced Protected Mode restrictions during the validation of a local file installation and during the secure creation of registry keys.

    Internet Explorer Security Feature Bypass Vulnerability (CVE-2013-5046) MS Rating: Important

    An elevation of privilege vulnerability exists within Internet Explorer, which bypasses Internet Explorer Enhanced Protected Mode restrictions during the validation of a local file installation and during the secure creation of registry keys.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-5047) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-5048) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-5049) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-5051) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2013-5052) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

  3. MS13-100 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2904244)

    SharePoint Page Content Vulnerabilities (CVE-2013-5059) MS Rating: Important

    Remote code execution vulnerabilities exist in Microsoft SharePoint Server. An authenticated attacker who successfully exploited these vulnerabilities could run arbitrary code in the security context of the W3WP service account.

  4. MS13-104 Vulnerability in a Microsoft Office Could Allow Information Disclosure (2909976)

    Token Hijacking Vulnerability (CVE-2013-5054) MS Rating: Important

    An information disclosure vulnerability exists when the affected Microsoft Office software does not properly handle a specially crafted response while attempting to open an Office file hosted on the malicious website. An attacker who successfully exploited this vulnerability could ascertain access tokens used to authenticate the current user on a targeted SharePoint or other Microsoft Office server site.

  5. MS13-096 Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (2908005)

    Microsoft Graphics Component Memory Corruption Vulnerability (CVE-2013-3906) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the affected Windows components and other affected software handle specially crafted TIFF files. The vulnerability could allow a remote code execution if a user views TIFF files in shared content.

  6. MS13-101 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2880430)

    Win32k Integer Overflow Vulnerability (CVE-2013-3899) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that the Win32k.sys kernel-mode driver validates address values in memory.

    Win32k Use After Free Vulnerability (CVE-2013-3902) MS Rating: Important

    An elevation of privilege vulnerability exists in the Microsoft Windows kernel. This vulnerability is caused when the Windows kernel improperly handles objects in memory.

    TrueType Font Parsing Vulnerability (CVE-2013-3903) MS Rating: Important

    A denial of service vulnerability exists in the Microsoft Windows kernel. This vulnerability is caused when the Windows kernel improperly processes a specially crafted TrueType font file.

    Port-Class Driver Double Fetch Vulnerability (CVE-2013-3907) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that the Windows audio port-class driver (portcls.sys) handles objects in memory.

    Win32k Integer Overflow Vulnerability (CVE-2013-5058) MS Rating: Important

    A denial of service vulnerability exists in the way that the Win32k.sys kernel-mode driver handles objects in memory.

  7. MS13-099 Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution (2909158)

    Use-After-Free Vulnerability in Microsoft Scripting Runtime Object Library (CVE-2013-5056) MS Rating: Critical

    A remote code execution vulnerability in the Microsoft Scripting Runtime Object Library that occurs due to a memory-corruption error when handling an object in memory.

  8. MS13-106 Vulnerability in a Microsoft Office Shared Component Could Allow Security Feature Bypass (2905238)

    HXDS ASLR Vulnerability (CVE-2013-5057) MS Rating: Important

    A security feature bypass exists in an Office shared component that does not properly implement Address Space Layout Randomization (ASLR).

  9. MS13-103 Vulnerability in ASP.NET SignalR Could Allow Elevation of Privilege (2905244)

    SignalR XSS Vulnerability (CVE-2013-5042) MS Rating: Important

    An elevation of privilege vulnerability exists in ASP.NET SignalR that could allow an attacker access to resources in the context of the targeted user.

  10. MS13-098 Vulnerability in Windows Could Allow Remote Code Execution (2893294)

    WinVerifyTrust Signature Validation Vulnerability (CVE-2013-3900) MS Rating: Important

    A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles the Windows Authenticode signature verification for portable executable (PE) files.

  11. MS13-105 Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2915705)

    MAC Disabled Vulnerability (CVE-2013-1330) MS Rating: Critical

    An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the Outlook Web Access (OWA) service account.

    OWA XSS Vulnerability (CVE-2013-5072) MS Rating: Critical

    An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the Outlook Web Access (OWA) service account.

    Oracle Outside In Contains Multiple Exploitable Vulnerabilities (CVE-2013-5763) MS Rating: Critical

    Remote code execution vulnerabilities exist in Exchange Server 2007, Exchange Server 2010, and Exchange Server 2013 through the WebReady Document Viewing feature. The vulnerabilities could allow a remote code execution as the LocalService account if a user views a specially crafted file through Outlook Web Access in a browser.

    Oracle Outside In Contains Multiple Exploitable Vulnerabilities (CVE-2013-5791) MS Rating: Critical

    Remote code execution vulnerabilities exist in Exchange Server 2007, Exchange Server 2010, and Exchange Server 2013 through the WebReady Document Viewing feature. The vulnerabilities could allow a remote code execution as the LocalService account if a user views a specially crafted file through Outlook Web Access in a browser.

More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.