With the New Year just around the corner, Microsoft has released its final monthly allotment of patches for the year. This Patch Tuesday, Microsoft released 11 patches addressing 24 individual vulnerabilities.
One important note is that the November 27 Microsoft Security Advisory (2896666) CVE-2013-5065 is not included in this Patch Tuesday. This vulnerability is in the NDPROXY.SYS kernel driver and on Windows XP and Server 2003 systems only. It co-ordinates the operation of Microsoft’s Telephony API (TAPI) allowing the adversary to elevate of privilege (EoP) of the current logged on user. While this exploit cannot be executed remotely, it has reportedly been used in combination with other exploits. For more information about this threat, please check out our McAfee Labs blog post about the subject.
Continuing with today’s 11 releases, five are identified by Microsoft as “critical”. The remaining patches are labeled “important” by Microsoft. This month’s patches are as follows:
- MS13-096 Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (2908005)
- MS13-097 Cumulative Security Update for Internet Explorer (2898785)
- MS13-098 Vulnerability in Windows Could Allow Remote Code Execution (2893294)
- MS13-099 Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution (2909158)
- MS13-105 Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2915705)
- MS13-100 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2904244)
- MS13-101 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2880430)
- MS13-102 Vulnerability in LRPC Client Could Allow Elevation of Privilege (2898715)
- MS13-104 Vulnerability in Microsoft Office Could Allow Information Disclosure (2909976)
- MS13-103 Vulnerability in ASP.NET SignalR Could Allow Elevation of Privilege (2905244)
- MS13-106 Vulnerability in a Microsoft Office Shared Component Could Allow Security Feature Bypass (2905238)
Looking over the patches, I would like to highlight the following three critical updates:
My first highlighted patch was discussed last month as a Zero-Day exploit. This remote code execution vulnerability specifically deals with how one of the Microsoft Graphics components within Windows, Office, and Lync handles TIFF images. The key to this attack is convincing a user to open an email message, a file, or a webpage containing the image, thus giving the adversary the same rights as the current logged on user. For more detailed information, please see last month’s blog post about this threat. This patch should be the top priority of your patching cycle this month if you have these versions of Windows in your environment.
The second update I would like to highlight consists of patches for seven critical remote execution vulnerabilities found in all currently supported versions of Internet Explorer including the latest, IE 11. As with most browser-based attacks, the trajectory for this vulnerability would be through a malicious webpage or sent to the victim in a spear-phishing e-mail. Though there are no known uses of these vulnerabilities, with the recent release of this patch it will be only a short time before an adversary attempts an attack. This patch should be the top priority of your patching cycle this month.
The third update I would like to highlight consists of patches for vulnerabilities found in all versions of supported Windows from XP to 2012 server including the RT version of Windows for tablets. The security update fixes a vulnerability that could allow remote code execution if a user views or opens a malicious webpage containing a particular VBscript. Once the webpage containing the VB Script is open, the attacker will have the same access as the current logged on user. I would recommend patching this as soon as possible.
Aggregate coverage (combining host and network-based countermeasure together) is 11 out of 24. McAfee Vulnerability manager has the ability to scan and detect all 24 vulnerabilities.
- BOP ( Buffer Overflow Protection ww/ VSE)
- App Control
- McAfee Web Gatewayg
Further research is being performed 24/7 by McAfee Labs and coverage may improve as additional results come in. As more details become available, you’ll find them on the McAfee Threat Center. You might also be interested in subscribing to McAfee Labs Security Advisories, where you can get real-time updates via email.
Finally, in case you’re interested, these briefings are archived for further reading.