NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

September 2013 Patch Tuesday

September 10, 2013

  • Blog
  • Archive
September's Patch Tuesday fixes vulnerabilities in SharePoint, Outlook, Word, Excel, Kernel drivers, and more. There are a total of 13 patches, fixing 47 unique CVEs; four bulletins are rated critical and nine bulletins are rated important. MS13-067 addresses ten vulnerabilities in SharePoint server, including versions 2003, 2007, 2010, and 2013, along with Office Web Apps 2010. The patch addresses multiple elevation of privilege vulnerabilities that could allow an attacker to execute code in the context of another SharePoint user. It also fixes multiple remote code execution vulnerabilities; many deal with memory corruptions having to do with processing Word documents. The patch also addresses a denial of service vulnerability. It should be noted that one of the elevation of privilege vulnerabilities, CVE-2013-3180, has been publicly disclosed, and is therefore going gain more attention by attackers. As the Snowden leaks have showed us, it is important to keep information stored on things like SharePoint as secure as possible. Therefore, make sure to get this patch rolled out as soon as possible. MS13-068 fixes a critical privately reported vulnerability in Outlook, which could be used to execute arbitrary code in the context of the current user. It affects Outlook 2007 and 2010. Attackers can exploit this by crafting malicious S/MIME messages and sending them to target users. When the user opens the malicious message, the vulnerability will be exploited, causing the user's system to be compromised and the attacker's code to run in the context of the current user. Because of this attack vector, it is very important that this patch be rolled out as soon as possible. MS13-069 addresses ten memory corruption vulnerabilities in Internet Explorer. While every supported version is affected, no single CVE affects every version of Internet Explorer. This is different than recent months where at least one CVE affected every supported version of Internet Explorer. Any of these vulnerabilities can be used in drive-by exploits that would result in the attacker's code being executed in the context of the current user. This patch should be deployed as soon as possible. A couple of non-Office client-side pieces of user land software were patched this month. MS13-070 fixes a privately disclosed vulnerability in Object Linking and Embedding (OLE), which is often used to embed multimedia content in documents. Additionally, MS13-071 addresses a vulnerability dealing with themes in Windows. Exploitation of this vulnerability would only be possible if a user applied a malicious theme. In the case of both of these bulletins, successful exploitation of the vulnerabilities would result in remote code being executed on the user's system in the context of the current user's account. A number of Office products were fixed this month, including Word, Excel, and Access. MS13-072 patches 13 vulnerabilities in Office Word, in versions 2003, 2007, and 2010. Office 2013 was not affected by these vulnerabilities. MS13-073 addresses three vulnerabilities in Excel, spanning versions 2003, 2007, 2010, and 2013, as well as Office for Mac 2011. MS13-074 fixes three vulnerabilities in Access, affecting versions 2007, 2010, and 2013. All of these bulletins fix remote code execution vulnerabilities, as well as some other types of vulnerabilities. It should be noted that some of the vulnerabilities addressed in MS13-072 and MS13-073 were also addressed in MS13-067. A few privilege elevation vulnerabilities, which could lead to system privileges, were fixed this month. MS13-075 addresses an issue with the Office 2010 Pinyin Input Method Editor (IME), which permits an attacker to launch Internet Explorer from the IME toolbar with system-level privileges, rather than the normal user-level privileges. MS13-076 fixes seven vulnerabilities in Windows kernel-mode drivers, affecting every supported version of Windows, with the exception of Windows 8.1, RT 8.1, and Server 2012 R2. MS13-077 patches a vulnerability in the Service Control Manager for Windows 7 and Server 2008 that can be exploited by attackers that modify the system's registry. All of these bulletins require that an attacker be able to locally execute code on a system, meaning that unauthenticated exploitation is not possible. Attackers would likely combine this exploit with another exploit that targeted user land client-side software, such as one of the Office vulnerabilities patched this month. Finishing off the patch cycle this month are the last couple of bulletins. MS13-078 fixes an information disclosure vulnerability in Microsoft FrontPage 2003. To exploit this, attackers would convince users to view a malicious FrontPage document, which would disclose local file contents to the attacker. Lastly, MS13-079 addresses a vulnerability in Active Directory, which could allow an attacker to cause a denial of service condition to occur on vulnerable systems by sending a malicious LDAP query. This could be used by attackers to cause a distraction while performing attacks on other systems throughout the network. Be sure to patch SharePoint (MS13-067), Outlook (MS13-068), and Internet Explorer (MS13-069) as soon as possible, followed by the rest of the patches. Also, be sure to join us for the Vulnerability Expert Forum tomorrow, Wednesday, September 11 at 1pm PT, where we cover these patches, as well as other security news. Sign up here. >> Hey September VEF Attendees! Answer the question below and have a chance at winning an iPad Mini! Winner will be selected next week. "What's your best strategy (how-to) for managing and patching vulnerabilities in Microsoft products like SharePoint server and Office products?" >> VEF News Articles CxO: Internet has vuln. Forget Passwords: Nymi Knows You By Your Heartbeat IT Admin: What NSA snoops like about the iPhone Researcher: Researchers outwit Apple, plant malware in the App Store >> VEF Questions & Comments Haralambos mentioned that KB2817630 was pulled by Microsoft for an incompatibility with Outlook 2013. If your folder pane is blank in Outlook 2013, uninstall the update. Thanks Haralambos! Jeffrey asked if Windows Theme files would be a good attack vector for bypassing anti-virus. Our take on this is that unless you have specifically told your AV engine to not scan theme files, the AV scan engine will scan the theme file while when it is downloaded and when it is accessed. If a malicious theme file is found in the wild or submitted to an antivirus company, a signature will be created and whatever AV solutions that have the signature will detect exploit attempts, provided the signature is effective. Thank you to everyone that attended this month's VEF. We appreciate all the questions and comments. If there was a question you asked that we did not answer on the VEF, or did not mention in this blog post, please contact us directly research@BeyondTrust.com.
Photograph of Scott Lang

Scott Lang, Sr. Director, Product Marketing at BeyondTrust

Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.