As we start the fall season, Microsoft has released the largest group of patches so far for the year. This Patch Tuesday, Microsoft released 13 patches addressing 47 individual vulnerabilities. Of the thirteen patches released, four are identified by Microsoft as “critical”. The remaining patches are labeled “important” by Microsoft. This month’s patches are as follows:
- MS13-067- Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052)
- MS13-068- Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2756473)
- MS13-069- Cumulative Security Update for Internet Explorer (2870699)
- MS13-070- Vulnerability in OLE Could Allow Remote Code Execution (2876217)
- MS13-071- Vulnerability in Windows Theme File Could Allow Remote Code Execution (2864063)
- MS13-072- Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537)
- MS13-073- Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2858300)
- MS13-074- Vulnerabilities in Microsoft Access Could Allow Remote Code Execution (2848637)
- MS13-075- Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2878687)
- MS13-076- Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2876315)
- MS13-077- Vulnerability in Windows Service Control Manager Could Allow Elevation of Privilege (2872339)
- MS13-078- Vulnerability in FrontPage Could Allow Information Disclosure (2825621)
- MS13-079- Vulnerability in Active Directory Could Allow Denial of Service (2853587)
Looking over this list, I would like to highlight the following four critical patches:
MS13-069- This update consists of patches for 10 critical memory corruption vulnerabilities found in all currently supported versions of Internet Explorer. The security update fixes multiple remote code execution vulnerabilities that exist with Internet Explorer. As with most browser-based attacks, the trajectory for this vulnerability would be a malicious webpage or possibly a spear-phishing e-mail. Though there no known attacks, with the recent release of this patch it will be only a short time before an adversary uses this vulnerability. This patch should be the top priority of your patching cycle this month.
MS13-067- The second update I would like to highlight consists of patches for 10 critical vulnerabilities found in SharePoint 2003, 2007, 2010, and 2013, along with Office Web Apps 2010. The security update fixes multiple elevations of privilege vulnerabilities that could allow an attacker to execute code in the environment of another SharePoint user. In certain situations where the default authentication mechanism has been changed, an attacker may be able to take control of the server. Though there are no known attacks, this update resolves one publicly-disclosed vulnerability. With the recent release of this patch it will be only a short time before an adversary uses this vulnerability. This patch should be the second priority of your patching cycle this month.
MS13-068- The third highlighted patch is also listed as critical, but only for Outlook 2007 and 2010 email clients. This privately reported vulnerability can be used by an attacker to execute arbitrary code as the current logged in user. The exploit can be leveraged without a user’s interaction by creating a malicious S/MIME message to send the potential targeted victim. Once the email is open, the user’s system is compromised, allowing the attacker to run code as the user. This patch should be the top priority of your patching cycle this month if you have these versions of Outlook in your environment.
MS13-070- The final highlighted patch is a privately reported vulnerability in the OLE. This vulnerability could allow remote code execution if the user opens a file that contains an OLE object crafted to take advantage of this exploit. The most likely vector would be a Visio file, which can be viewed by the Explorer “Preview” functionality.
Aggregate coverage (combining host and network-based countermeasure together) is 36 out of 47. In particular, coverage for Three of the four most critical are completely covered: IE (MS13-069), OLE (MS13-070), and Outlook (MS13-068) related vulnerabilities are covered by the following McAfee endpoint security software and NSP (McAfee IPS):
- BOP ( Buffer Overflow Protection w/ VSE)
- App Control
Additional research is being performed 24/7 by McAfee Labs, and coverage may improve as additional results come in. As more details become available, you’ll find them on the McAfee Threat Center. You might also be interested in subscribing to McAfee Labs Security Advisories, where you can get real-time updates via email.
Finally, in case you’re interested, these briefings are archived on the McAfee Community site.