Microsoft released another set of updates, August 2013
Microsoft announced the release of a series of updates aimed at eliminating vulnerabilities in their products. Reported earlier in the pre-release (August 8), security fixes cover more than 20 unique vulnerabilities (3 fixes with the Critical status and 5 with the Important status). A detailed report (including correlation fixes with CVE ID) can be found here . One of the MS13-059 updates is aimed at fixing eleven Critical vulnerabilities in Internet Explorer (starting with version 6 and ending with the latest IE 10 for all Windows XP - 8 - RT, x32 and x64, OS versions of the server as Moderate). Vulnerabilities are of type Remote Code Execution and can be used to stealthily install malicious code (drive-by). A reboot is required to apply the patch.
Update MS13-063 fixes vulnerabilities for CVE-2013-2556, CVE-2013-3196, CVE-2013-3197, CVE-2013-3198 of type Elevation of Privelege in 32-bit Windows XP, Windows Server 2003, Windows 8 and all versions Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2. CVE-2013-2556 is present in the Address Space Layout Randomization (ASLR) implementation code. The vulnerability allows an attacker to bypass the ASLR capabilities and pre-calculate the desired component load address in memory. That is, this feature could potentially be part of an exploit that exploits another vulnerability such as Remote Code Execution for remote code execution. The other three vulnerabilities are present in the kernel code and are related to the use of memory corruption in the NT Virtual DOS Machine (NTVDM) to run its code in kernel mode. These vulnerabilities were discovered by VUPEN rewriters as part of Pwn2Own 2013 .
')
Critical update MS13-061 fixes three RCE vulnerabilities (CVE-2013-2393, CVE-2013-3776, CVE-2013-3781) in Microsoft Exchange Server 2007, 2010 and 2013. Vulnerabilities can be used by attackers through a specially crafted file when viewing it through the interface in the Outlook Web Access browser. In this case, the attacker can run arbitrary code on the Exchange Server.
Update MS13-062 fixes the CVE-2013-3175 Elevation of Privelege vulnerability , which is present in all versions of Windows XP - 8 - RT, x32 and x64 in the Remote Procedure Call (RPC). The attacker can take advantage of the error when processing the OS asynchronous RPC requests and increase their privileges. Exploit code likely .
Another Critical update MS13-060 fixes vulnerabilities in outdated Windows XP and Windows Server 2003 (Unicode Scripts Processor). Vulnerability could lead to remote execution of arbitrary code in the system (RCE).
Update MS13-064 eliminates the CVE-2013-3182 type Denial of Service vulnerability that is present in the NAT driver (Windows Server 2012) responsible for IP address translation. A specially formed ICMP packet may trigger memory-corruption, which will cause the server to hang up before rebooting. Exploit code unlikely.
The MS13-065 updating eliminates the CVE-2013-3183 Denial of Service vulnerability in the implementation of the ICMPv6 protocol for Windows Vista +. Through a specially crafted network packet, an attacker could cause the system to freeze before rebooting. Exploit code unlikely .
Update MS13-066 fixes an Information Disclosure type CVE-2013-3185 vulnerability in Active Directory Federation Services for Windows Server 2008, Server 2012. An attacker can use this vulnerability to obtain user account information that will allow him to log in remotely. Exploit code unlikely .
1 - Exploit code likely
The probability of exploiting the vulnerability is very high, attackers can use an exploit, for example, for remote code execution.
2 - Exploit code would be difficult to build
The exploitation probability is average, since attackers are unlikely to be able to achieve a situation of sustainable exploitation, as well as due to the technical peculiarities of vulnerability and the complexity of developing an exploit.
3 - Exploit code unlikely
The exploitation probability is minimal and attackers are unlikely to be able to develop successfully working code and take advantage of this vulnerability to conduct an attack.
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
be secure.
Update MS13-063 fixes vulnerabilities for CVE-2013-2556, CVE-2013-3196, CVE-2013-3197, CVE-2013-3198 of type Elevation of Privelege in 32-bit Windows XP, Windows Server 2003, Windows 8 and all versions Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2. CVE-2013-2556 is present in the Address Space Layout Randomization (ASLR) implementation code. The vulnerability allows an attacker to bypass the ASLR capabilities and pre-calculate the desired component load address in memory. That is, this feature could potentially be part of an exploit that exploits another vulnerability such as Remote Code Execution for remote code execution. The other three vulnerabilities are present in the kernel code and are related to the use of memory corruption in the NT Virtual DOS Machine (NTVDM) to run its code in kernel mode. These vulnerabilities were discovered by VUPEN rewriters as part of Pwn2Own 2013 .
')
Critical update MS13-061 fixes three RCE vulnerabilities (CVE-2013-2393, CVE-2013-3776, CVE-2013-3781) in Microsoft Exchange Server 2007, 2010 and 2013. Vulnerabilities can be used by attackers through a specially crafted file when viewing it through the interface in the Outlook Web Access browser. In this case, the attacker can run arbitrary code on the Exchange Server.
Update MS13-062 fixes the CVE-2013-3175 Elevation of Privelege vulnerability , which is present in all versions of Windows XP - 8 - RT, x32 and x64 in the Remote Procedure Call (RPC). The attacker can take advantage of the error when processing the OS asynchronous RPC requests and increase their privileges. Exploit code likely .
Another Critical update MS13-060 fixes vulnerabilities in outdated Windows XP and Windows Server 2003 (Unicode Scripts Processor). Vulnerability could lead to remote execution of arbitrary code in the system (RCE).
Update MS13-064 eliminates the CVE-2013-3182 type Denial of Service vulnerability that is present in the NAT driver (Windows Server 2012) responsible for IP address translation. A specially formed ICMP packet may trigger memory-corruption, which will cause the server to hang up before rebooting. Exploit code unlikely.
The MS13-065 updating eliminates the CVE-2013-3183 Denial of Service vulnerability in the implementation of the ICMPv6 protocol for Windows Vista +. Through a specially crafted network packet, an attacker could cause the system to freeze before rebooting. Exploit code unlikely .
Update MS13-066 fixes an Information Disclosure type CVE-2013-3185 vulnerability in Active Directory Federation Services for Windows Server 2008, Server 2012. An attacker can use this vulnerability to obtain user account information that will allow him to log in remotely. Exploit code unlikely .
1 - Exploit code likely
The probability of exploiting the vulnerability is very high, attackers can use an exploit, for example, for remote code execution.
2 - Exploit code would be difficult to build
The exploitation probability is average, since attackers are unlikely to be able to achieve a situation of sustainable exploitation, as well as due to the technical peculiarities of vulnerability and the complexity of developing an exploit.
3 - Exploit code unlikely
The exploitation probability is minimal and attackers are unlikely to be able to develop successfully working code and take advantage of this vulnerability to conduct an attack.
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
be secure.
Source: https://habr.com/ru/post/189578/
All Articles