Beyondtrust

BeyondTrust Patch Tuesday

May 14, 2013

Microsoft Patch Tuesday

This month, Microsoft released 10 patches that repair a total of 33 vulnerabilities. Of these vulnerabilities, there were 24 remote code execution vulnerabilities, three elevation of privilege vulnerabilities, three information disclosure vulnerabilities, a denial of service vulnerability, a spoofing vulnerability, and an authentication bypass vulnerability.

Administrators are advised to patch MS13-037, MS13-038, and MS13-039 immediately to prevent exploitation by attackers. Next, administrators should patch MS13-040, MS13-041, MS13-042, MS13-043, MS13-044, MS13-045, and MS13-046 as soon as possible.

  • Web Event: https://www1.gotomeeting.com/register/179609688
  • Presenters: BeyondTrust Research Team
  • Date/Time: Wednesday, May 15, 2013 1pm PT/ 4pm ET

BULLETIN / ADVISORY DETAILS

MS13-037

Cumulative Security Update for Internet Explorer (2829530)


Microsoft Rating:

Critical

CVE List:

CVE-2013-0811, CVE-2013-1297, CVE-2013-1306, CVE-2013-1307, CVE-2013-1308, CVE-2013-1309, CVE-2013-1310, CVE-2013-1311, CVE-2013-1312, CVE-2013-1313, and CVE-2013-2551

 

Analysis:

This bulletin addresses 11 privately reported vulnerabilities in Internet Explorer: 10 remote code execution vulnerabilities and an information disclosure vulnerability. The patch fixes multiple use after free vulnerabilities, as well as an issue that occurs when reading JSON files. An attacker that successfully exploited the remote code execution vulnerabilities would gain user level access to the target machine.

 

Recommendation:

Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, block ActiveX controls and block/disable Active Scripting in both Internet and Local intranet zones.

 

MS13-038

Security Update for Internet Explorer (2847204)


Microsoft Rating:

Critical

CVE:

CVE-2013-1347

 

Analysis:

This bulletin addresses a publicly disclosed remote code execution vulnerability in Internet Explorer. The patch fixes a use-after-free vulnerability that occurs when rendering specially crafted content. An attacker that successfully exploited this vulnerability would gain user level access to the target machine. This vulnerability has been exploited in the wild.

 

Recommendation:

Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, apply the "CVE-2013-1347 MSHTML Shim Workaround" provided by Microsoft. Alternatively, block ActiveX controls and block/disable Active Scripting in both Internet and Local intranet zones.

 

MS13-039

Vulnerability in HTTP.sys Could Allow Denial of Service (2829254)


Microsoft Rating:

Important

CVE:

CVE-2013-1305

 

Analysis:

This bulletin addresses a privately reported denial of service vulnerability in the HTTP.sys component of Windows Server 2012. The patch fixes an issue that occurs when parsing HTTP headers, which could cause the server to enter into an infinite loop. An attacker that successfully exploited this vulnerability would be able to cause the target server to stop responding.

 

Recommendation:

Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, block TCP ports 80 and 443 at the perimiter firewall and disable the IIS service if it is no longer necessary.

 

MS13-040

Vulnerabilities in .NET Framework Could Allow Spoofing (2836440)


Microsoft Rating:

Important

CVE List:

CVE-2013-1336 and CVE-2013-1337

 

Analysis:

This bulletin addresses two privately reported vulnerabilities in the .NET framework: a spoofing vulnerability and an authentication bypass vulnerability. The patch fixes how digital signatures are validated for XML files, and fixes how .NET creates policy requirements for authentication. An attacker that successfully exploited the XML signature spoofing vulnerability would be able to modify the contents of an XML file without causing the signature of the XML file to become invalidated.

 

Recommendation:

Deploy patches as soon as possible; no reasonable mitigation is available.

 

MS13-041

Vulnerability in Lync Could Allow Remote Code Execution (2834695)


Microsoft Rating:

Important

CVE:

CVE-2013-1302

 

Analysis:

This bulletin addresses a privately reported remote code execution vulnerability in Lync. The patch fixes a use after free vulnerability that occurs when accessing an in-memory object that has already been freed. An attacker that successfully exploited this vulnerability would gain user level access to the target machine.

 

Recommendation:

Deploy patches as soon as possible; no mitigation is available.

 

MS13-042

Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2830397)


Microsoft Rating:

Important

CVE List:

CVE-2013-1316, CVE-2013-1317, CVE-2013-1318, CVE-2013-1319, CVE-2013-1320, CVE-2013-1321, CVE-2013-1322, CVE-2013-1323, CVE-2013-1327, CVE-2013-1328, and CVE-2013-1329

 

Analysis:

This bulletin addresses 11 privately reported remote code execution vulnerabilities in Publisher. The patch fixes various memory corruption vulnerabilities that occur when parsing specially crafted Publisher documents. An attacker that successfully exploited any of these vulnerability would gain user level access to the target machine.

 

Recommendation:

Deploy patches as soon as possible; no reasonable mitigation is available.

 

MS13-043

Vulnerability in Microsoft Word Could Allow Remote Code Execution (2830399)


Microsoft Rating:

Important

CVE:

CVE-2013-1335

 

Analysis:

This bulletin addresses a privately reported remote code execution vulnerability in Word. The patch fixes a memory corruption vulnerability that occurs when parsing shape data in specially crafted Office files. An attacker that successfully exploited this vulnerability would gain user level access to the target machine.

 

Recommendation:

Deploy patches as soon as possible; no reasonable mitigation is available.

 

MS13-044

Vulnerability in Microsoft Visio Could Allow Information Disclosure (2834692)


Microsoft Rating:

Important

CVE:

CVE-2013-1301

 

Analysis:

This bulletin addresses a privately reported information disclosure vulnerability in Visio. The patch fixes the way that Visio handles XML external entities that are resolved in other XML external entity declarations, which can occur when parsing specially crafted XML files. An attacker that successfully exploited this vulnerability would be able to read arbitrary data from files on the affected system.

 

Recommendation:

Deploy patches as soon as possible; no reasonable mitigation is available.

 

MS13-045

Vulnerability in Windows Essentials Could Allow Information Disclosure (2813707)


Microsoft Rating:

Important

CVE:

CVE-2013-0096

 

Analysis:

This bulletin addresses a privately reported information disclosure vulnerability in Windows Essentials. The patch fixes the way that Windows Writer handles certain URL parameters. An attacker that successfully exploited this vulnerability would be able to override Windows Writer proxy settings, as well as files on the system accessible to the current user.

 

Recommendation:

Deploy patches as soon as possible. Until the patch can be installed, install the Microsoft Fix it solution, "Disable the Windows Writer".

 

MS13-046

Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2840221)


Microsoft Rating:

Important

CVE List:

CVE-2013-1332, CVE-2013-1333, and CVE-2013-1334

 

Analysis:

This bulletin addresses three privately reported elevation of privilege vulnerabilities in Windows kernel mode drivers. The patch fixes a double fetch vulnerability, a buffer overflow vulnerability, and a window handling vulnerability. A local attacker that successfully exploited the window handle vulnerability would be able to execute code in an elevated context.

 

Recommendation:

Deploy patches as soon as possible; no mitigation is available.

 

Feedback

The BeyondTrust staff welcomes any comments, questions or suggestions from our readers. We hope that you will not hesitate to contact us with any feedback you may have. Send all feedback to communications@beyondtrust.com.

Disclaimer

The information within this advisory may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.

Notice

Permission is hereby granted for the redistribution of this newsletter electronically. It is not to be edited in any way without the express consent of BeyondTrust. If you wish to reprint the whole or any part of this newsletter in any other medium excluding electronic medium, please email communications@beyondtrust.com for permission.