Happy summer and welcome to our first patch Tuesday of the season. While Scott is on holiday, I have been given the privilege of taking over his duties of writing an assessment of Microsoft’s patch releases for the month of June. Today Microsoft released 5 patches, addressing 23 individual vulnerabilities. Only one patch is identified by Microsoft as “critical” and resolves 19 reported vulnerabilities in Internet Explorer.  The remaining 4 patches are labeled by Microsoft as “important.” 

This month’s patches are as follows:

  • MS13-047       Cumulative Security Update for Internet Explorer (2838727)
  • MS13-048       Vulnerability in Windows Kernel Could Allow Information Disclosure (2839229)
  • MS13-049       Vulnerability in Kernel-Mode Driver Could Allow Denial of Service (2845690)
  • MS13-050       Vulnerability in Windows Print Spooler Components Could Allow Elevation of Privilege (2839894)
  • MS13-051       Vulnerability in Microsoft Office Could Allow Remote Code Execution (2839571) 

 

Looking over the patches I would like to highlight the following two patches:

MS13-047: This is the bulk of the update consisting of patches for 19 critical vulnerabilities found in versions of Internet Explorer 6 through 10. Regardless of whether the device is a desktop, server, or tablet version of the Windows OS, they will need to be patched. At this time, there are no known use of the vulnerability, but due to the scale of available Windows platforms it is likely to be exploited in the near term. This is undoubtedly the most important patch of the month with Microsoft listing.

MS13-051: While our second highlighted patch is only listed as an “important” update by Microsoft, I would argue that for environments with Office 2003 for Windows or Office 2011 for Mac, this should be looked at as a “critical” update. Although user interaction is required in this vulnerability, adversaries have proven time and again that getting a user to open a file is quite easy.  According to Microsoft, this vulnerability has already been used in targeted attacks; it should be applied ASAP if you run the affected versions.

 

McAfee’s coverage for this month’s vulnerabilities is as follows:

•           McAfee VirusScan's buffer overflow protection is expected to provide proactive protection against exploits of 20 out of 23 vulnerabilities this month.

•           McAfee Host Intrusion Prevention is expected to provide protection against exploits of 20 out of 23 vulnerabilities this month.

•           McAfee Application Control is expected to provide protection against exploits of 20 out of 23 vulnerabilities this month.

•           McAfee's Network Security Platform has new signatures confirmed to protect exploits of 12 out of 23 vulnerabilities this month.

•           McAfee Vulnerability Manager and Policy Auditor will very shortly have content to assess whether your systems are exposed to any of these new vulnerabilities.

Aggregate coverage (combining host and network-based countermeasure together) is 21 out of 23.  Specifically, coverage for the most critical IE- and Office-related vulnerabilities is covered by the McAfee endpoint security software listed above.  Additional research is being performed by McAfee Labs and coverage may improve as additional results come in.  As more details become available, you’ll find them on the McAfee Threat Center.  You might also be interested in subscribing to McAfee Labs Security Advisories, where you can get real-time updates via email.

Finally, in case you’re interested, these briefings are archived on the McAfee Community site.

Happy Patching!

-Doug Neuman