Hello Everyone,


With the new year just around the corner, Microsoft hasreleased its final monthly allotment of patches for the year. This PatchTuesday, Microsoft released 11 patches addressing 24 individual vulnerabilities.


One important note is that the November 27thMicrosoft Security Advisory (2896666) CVE-2013-5065 (http://technet.microsoft.com/en-us/security/advisory/2914486)is not included in this Patch Tuesday. This vulnerability is in the NDPROXY.SYSkernel driver and on Windows XP and Server 2003 systems only. It co-ordinatesthe operation of Microsoft's Telephony API (TAPI) allowing the adversary toelevate of privilege (EoP) of the current logged on user. While this exploitcannot be executed remotely, it has reportedly been used in combination withother exploits. For more information about this threat, please check out thisblog by our team at McAfee Labs https://blogs.mcafee.com/tag/cve-2013-5065.


Continuing with today’s eleven releases, five are identifiedby Microsoft as “critical”.  The remainingpatches are labeled “important” by Microsoft. This month’s patches are as follows:

  • MS13-096 Vulnerability in Microsoft GraphicsComponent Could Allow Remote Code Execution (2908005)
  • MS13-097 Cumulative Security Update for InternetExplorer (2898785)
  • MS13-098 Vulnerability in Windows Could AllowRemote Code Execution (2893294)
  • MS13-099 Vulnerability in Microsoft ScriptingRuntime Object Library Could Allow Remote Code Execution (2909158)
  • MS13-105 Vulnerabilities in Microsoft ExchangeServer Could Allow Remote Code Execution (2915705)
  • MS13-100 Vulnerabilities in Microsoft SharePointServer Could Allow Remote Code Execution (2904244)
  • MS13-101 Vulnerabilities in Windows Kernel-ModeDrivers Could Allow Elevation of Privilege (2880430)
  • MS13-102 Vulnerability in LRPC Client CouldAllow Elevation of Privilege (2898715)
  • MS13-104 Vulnerability in Microsoft Office CouldAllow Information Disclosure (2909976)
  • MS13-103 Vulnerability in ASP.NET SignalR CouldAllow Elevation of Privilege (2905244)
  • MS13-106 Vulnerability in a Microsoft Office Shared Component Could AllowSecurity Feature Bypass (2905238)


Looking over the patches, I would like to highlight the followingthree critical updates:



My firsthighlighted patch was discussed last month as a Zero-Day exploit. This remotecode execution vulnerability specifically deals with how one of the MicrosoftGraphics components within Windows, Office, and Lync handles TIFF images.  The key to this attack is convincing a userto open an email message, a file, or a webpage containing the image, thus givingthe adversary the same rights as the current logged on user. For moreinformation about this threat, please see http://blogs.mcafee.com/business/updates-and-mitigation-to-cve-2013-3906-zero-da y-threat. This patch should be the top priority ofyour patching cycle this month if you have these versions of Windows in yourenvironment.



The second updateI would like to highlight consists of patches for 7 critical remote execution vulnerabilitiesfound in all currently supported versions of Internet Explorer including thelatest, IE 11. As with most browser-based attacks, the trajectory for thisvulnerability would be through a malicious webpage or sent to the victim in aspear-phishing e-mail.   Though there noknown uses of these vulnerabilities, with the recent release of this patch itwill be only a short time before an adversary attempts an attack. This patchshould be the top priority of your patching cycle this month.



The third updateI would like to highlight consists of patches for vulnerabilities found in allversions of supported Windows from XP to 2012 server including the RT versionfor Windows for tablets. The security update fixes a vulnerability that couldallow remote code execution if a user views or opens a malicious webpage containinga particular VBscript. Once the webpage containing the VB Script is open, the attackerwill have the same access as the current logged on user. I would recommendpatching this as soon as possible.


Aggregate coverage (combining host and network-basedcountermeasure together) is 11 out of 24. McAfee Vulnerability manager has theability to scan and detect all 24 vulnerabilities.  

  • BOP ( Buffer Overflow Protection ww/ VSE)
  • DAT
  • HIPS
  • NSP
  • App Control
  • MVM
  • McAfee Web Gateway


Further research is being performed 24/7 by McAfee Labs andcoverage may improve as additional results come in.  As more details become available, you’ll findthem on the McAfee Threat Center.  Youmight also be interested in subscribing to McAfee Labs Security Advisories,where you can get real-time updates via email.

Finally, in case you’re interested, these briefings are archived onthe McAfee Community site and newlyarchived on the McAfee Community Site


Happy patching!