Beyondtrust

BeyondTrust Patch Tuesday

August 13, 2013

Microsoft Patch Tuesday

This month, Microsoft released eight patches that repair a total of 23 vulnerabilities. Of these vulnerabilities, there were 12 remote code execution vulnerabilities, five elevation of privilege vulnerabilities, three denial of service vulnerabilities, two information disclosure vulnerabilities, and one security feature bypass vulnerability.

Administrators are advised to patch MS13-059 and MS13-060 immediately to prevent exploitation by attackers. Next, administrators should patch MS13-061, MS13-062, MS13-063, MS13-064, MS13-065, and MS13-066 as soon as possible.

  • Web Event: Vulnerability Expert Forum (VEF)
  • Presenters: BeyondTrust Research Team
  • Date/Time: Wednesday, August 14, 2013 1pm PT/ 4pm ET

BULLETIN / ADVISORY DETAILS

MS13-059

Cumulative Security Update for Internet Explorer (2862772)


Microsoft Rating:

Critical

CVE List:

CVE-2013-3184, CVE-2013-3186, CVE-2013-3187, CVE-2013-3188, CVE-2013-3189, CVE-2013-3190, CVE-2013-3191, CVE-2013-3192, CVE-2013-3193, CVE-2013-3194, and CVE-2013-3199

 

Analysis:

This bulletin addresses 11 privately reported vulnerabilities in Internet Explorer, composed of nine memory corruption vulnerabilities, an information disclosure vulnerability, and an elevation of privilege vulnerability. The patch fixes how Internet Explorer handles process integrity level assignment, how certain character sequences are processed, and how in-memory objects are handled. An attacker that successfully exploited one of the memory corruption vulnerabilities would gain user level access to the target machine.

 

Recommendation:

Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, block ActiveX controls and block/disable Active Scripting in both Internet and Local intranet zones. There is no mitigation for the elevation of privilege vulnerability, CVE-2013-3186.

 

MS13-060

Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2850869)


Microsoft Rating:

Critical

CVE:

CVE-2013-3181

 

Analysis:

This bulletin addresses a privately reported remote code execution vulnerability in the Unicode Scripts Processor. The patch fixes a memory corruption vulnerability that occurs when processing specific font types. An attacker that successfully exploited this vulnerability would gain user level access to the target machine.

 

Recommendation:

Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, use CACLS to restrict access to usp10.dll and disable Internet Explorer's ability to parse embedded fonts. Note: using CACLS to restrict access to usp10.dll may cause Firefox to not load.

 

MS13-061

Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2876063)


Microsoft Rating:

Critical

CVE List:

CVE-2013-2393, CVE-2013-3776, and CVE-2013-3781

 

Analysis:

This bulletin addresses three publicly disclosed vulnerabilities in Microsoft Exchange: two remote code execution vulnerabilities and a denial of service vulnerability. The patch fixes the Oracle Outside In libraries that are used by Exchange within the WebReady Document Viewing feature. An attacker that successfully exploited one of the remote code execution vulnerabilities would gain the ability to execute arbitrary code in the context of LocalService on the affected Exchange Server.

 

Recommendation:

Deploy patches as soon as possible. Until the patch can be installed, disable the Data Loss Prevention feature and the WebReady document view.

 

MS13-062

Vulnerability in Remote Procedure Call Could Allow Elevation of Privilege (2849470)


Microsoft Rating:

Important

CVE:

CVE-2013-3175

 

Analysis:

This bulletin addresses a privately reported elevation of privilege vulnerability in remote procedure calls in Windows. The patch fixes a failure to properly handle asynchronous RPC requests. An attacker that successfully exploited this vulnerability would gain the ability to execute code as another user.

 

Recommendation:

Deploy patches as soon as possible; no mitigation is available.

 

MS13-063

Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2859537)


Microsoft Rating:

Important

CVE List:

CVE-2013-2556, CVE-2013-3196, CVE-2013-3197, and CVE-2013-3198

 

Analysis:

This bulletin addresses one publicly reported security feature bypass vulnerability and three privately reported elevation of privilege vulnerabilities in the Windows kernel. The patch fixes the Windows address space layout randomization (ASLR) implementation and how objects are handled in-memory in the kernel. A local attacker that successfully exploited one of the memory corruption vulnerabilities would gain kernel level access to the target machine.

 

Recommendation:

Deploy patches as soon as possible; no mitigation is available for the ASLR bypass vulnerability. To mitigate against the memory corruption vulnerabilities, use group policy to disable the NTVDM subsystem.

 

MS13-064

Vulnerability in Windows NAT Driver Could Allow Denial of Service (2849568)


Microsoft Rating:

Important

CVE:

CVE-2013-3182

 

Analysis:

This bulletin addresses a privately reported denial of service vulnerability in the Windows NAT driver. The patch fixes how the NAT driver handles ICMP packets. An attacker that successfully exploited this vulnerability would be able to cause the system to stop responding until it is restarted.

 

Recommendation:

Deploy patches as soon as possible; no mitigation is available.

 

MS13-065

Vulnerability in ICMPv6 could allow Denial of Service (2868623)


Microsoft Rating:

Important

CVE:

CVE-2013-3183

 

Analysis:

This bulletin addresses a privately reported denial of service vulnerability in the ICMPv6 implementation on Windows. The patch fixes how the system allocates memory during the processing of certain ICMPv6 packets. An attacker that successfully exploited this vulnerability would be able to cause the system to stop responding until it is restarted.

 

Recommendation:

Deploy patches as soon as possible; no mitigation is available.

 

MS13-066

Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (2873872)


Microsoft Rating:

Important

CVE:

CVE-2013-3185

 

Analysis:

This bulletin addresses a privately reported information disclosure vulnerability in Active Directory Federation Services (AD FS). The patch fixes an unintentional disclosure of account information through an open endpoint. An attacker that successfully exploited this vulnerability would gain access to account information.

 

Recommendation:

Deploy patches as soon as possible; no mitigation is available.

 

Feedback

The BeyondTrust staff welcomes any comments, questions or suggestions from our readers. We hope that you will not hesitate to contact us with any feedback you may have. Send all feedback to communications@beyondtrust.com.

Disclaimer

The information within this advisory may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.

Notice

Permission is hereby granted for the redistribution of this newsletter electronically. It is not to be edited in any way without the express consent of BeyondTrust. If you wish to reprint the whole or any part of this newsletter in any other medium excluding electronic medium, please email communications@beyondtrust.com for permission.