Microsoft released a set of updates, October 2013
Microsoft announced the release of a series of updates aimed at eliminating vulnerabilities in their products. Previously announced in the pre-release (October 3) security fixes cover 27 unique vulnerabilities (4 fixes with the Critical status and 4 with the Important status). A detailed report (including correlation fixes with CVE ID) can be found here .
MS13-080 closes the known Remote Code Execution 0day vulnerability [memory corruption / use-after-free] CVE-2013-3893 (ESET: Win32 / Exploit.CVE-2013-3893.A, Symantec: Bloodhound.Exploit.513, Microsoft: Exploit: JS / ShellCode.BB), which was previously used in targeted attacks . The update aims to fix a total of ten Critical vulnerabilities in Internet Explorer (starting with version 6 and ending with the latest IE11 for all Windows XP - 8 - 8.1 - RT 8.1, x32 and x64, server versions of the OS as Moderate). The attackers used an exploit for this vulnerability to covertly install malicious code (drive-by). This is the first public fix for the newest Internet Explorer 11 browser [as part of patch tuesday], which is used in Windows 8.1 and RT 8.1 operating systems. A reboot is required to apply the patch.
')
The MS13-081 update (Critical / Important) fixes seven vulnerabilities in the OS kernel and user-mode components that are responsible for processing font files. An attacker can execute arbitrary code in the system through a specially formed font file (OpenType Font, TrueType Font). All existing operating systems are vulnerable, starting with Windows XP and ending with 8.1. The following components are subject to correction: USB driver (CVE-2013-3200 - LPE), win32k.sys (CVE-2013-3879, CVE-2013-3881 - LPE), App Container (CVE-2013-3880 - LPE), graphics core DirectX dxgkrnl.sys (CVE-2013-3888 - LPE), OS (CVE-2013-3128, CVE-2013-3894 - RCE). Exploit code likely / Exploit code would be difficult to build .
The MS13-082 update (Critical / Important) fixes three vulnerabilities in all versions of the .NET Framework for all supported operating systems. An attacker can execute arbitrary code on the system through a specially crafted OpenType font file displayed in the browser (Remote Code Execution). For some versions of the .NET Framework, vulnerabilities can be used to organize Denial of Service attacks. CVE-2013-3128 (RCE), CVE-2013-3860 (DoS), CVE-2013-3861 (DoS). Exploit code would be difficult to build / Exploit code unlikely .
The MS13-083 (Critical) update fixes one RCE vulnerability CVE-2013-3195 in the comctl32 library for all operating systems except 32-bit Windows XP SP3 and 8.1, RT 8.1. An attacker can execute arbitrary code in the system through a specially crafted request to an ASP .NET web application. [Exploit code likely]
Update MS13-084 (Important) fixes one RCE vulnerability CVE-2013-3889 and one EoP CVE-2013-3895 in the Microsoft Office server software (Microsoft SharePoint Server, Microsoft Office Services, Web Apps). Exploit code likely .
Update MS13-085 (Important) fixes two RCE vulnerabilities (CVE-2013-3889, CVE-2013-3890) in all versions of Microsoft Excel (Microsoft Office 2007-2010-2013 RT and 2011 for Mac). Through a specially crafted Excel file, an attacker can initiate remote code execution in the system. Exploit code likely .
Update MS13-086 (Important) fixes two RCE vulnerabilities (CVE-2013-3891, CVE-2013-3892) in Microsoft Word 2003, 2007. Through a specially crafted doc file, an attacker can initiate remote code execution in the system.
Update MS13-087 (Important) fixes one Information Disclosure vulnerability CVE-2013-3896 in the Silverlight 5 platform. An attacker could take advantage of this vulnerability through a website with a specially prepared Silverlight application. Exploit code unlikely .
1 - Exploit code likely
The probability of exploiting the vulnerability is very high, attackers can use an exploit, for example, for remote code execution.
2 - Exploit code would be difficult to build
The exploitation probability is average, since attackers are unlikely to be able to achieve a situation of sustainable exploitation, as well as due to the technical peculiarities of vulnerability and the complexity of developing an exploit.
3 - Exploit code unlikely
The exploitation probability is minimal and attackers are unlikely to be able to develop successfully working code and take advantage of this vulnerability to conduct an attack.
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
be secure.
MS13-080 closes the known Remote Code Execution 0day vulnerability [memory corruption / use-after-free] CVE-2013-3893 (ESET: Win32 / Exploit.CVE-2013-3893.A, Symantec: Bloodhound.Exploit.513, Microsoft: Exploit: JS / ShellCode.BB), which was previously used in targeted attacks . The update aims to fix a total of ten Critical vulnerabilities in Internet Explorer (starting with version 6 and ending with the latest IE11 for all Windows XP - 8 - 8.1 - RT 8.1, x32 and x64, server versions of the OS as Moderate). The attackers used an exploit for this vulnerability to covertly install malicious code (drive-by). This is the first public fix for the newest Internet Explorer 11 browser [as part of patch tuesday], which is used in Windows 8.1 and RT 8.1 operating systems. A reboot is required to apply the patch.
')
The MS13-081 update (Critical / Important) fixes seven vulnerabilities in the OS kernel and user-mode components that are responsible for processing font files. An attacker can execute arbitrary code in the system through a specially formed font file (OpenType Font, TrueType Font). All existing operating systems are vulnerable, starting with Windows XP and ending with 8.1. The following components are subject to correction: USB driver (CVE-2013-3200 - LPE), win32k.sys (CVE-2013-3879, CVE-2013-3881 - LPE), App Container (CVE-2013-3880 - LPE), graphics core DirectX dxgkrnl.sys (CVE-2013-3888 - LPE), OS (CVE-2013-3128, CVE-2013-3894 - RCE). Exploit code likely / Exploit code would be difficult to build .
The MS13-082 update (Critical / Important) fixes three vulnerabilities in all versions of the .NET Framework for all supported operating systems. An attacker can execute arbitrary code on the system through a specially crafted OpenType font file displayed in the browser (Remote Code Execution). For some versions of the .NET Framework, vulnerabilities can be used to organize Denial of Service attacks. CVE-2013-3128 (RCE), CVE-2013-3860 (DoS), CVE-2013-3861 (DoS). Exploit code would be difficult to build / Exploit code unlikely .
The MS13-083 (Critical) update fixes one RCE vulnerability CVE-2013-3195 in the comctl32 library for all operating systems except 32-bit Windows XP SP3 and 8.1, RT 8.1. An attacker can execute arbitrary code in the system through a specially crafted request to an ASP .NET web application. [Exploit code likely]
Update MS13-084 (Important) fixes one RCE vulnerability CVE-2013-3889 and one EoP CVE-2013-3895 in the Microsoft Office server software (Microsoft SharePoint Server, Microsoft Office Services, Web Apps). Exploit code likely .
Update MS13-085 (Important) fixes two RCE vulnerabilities (CVE-2013-3889, CVE-2013-3890) in all versions of Microsoft Excel (Microsoft Office 2007-2010-2013 RT and 2011 for Mac). Through a specially crafted Excel file, an attacker can initiate remote code execution in the system. Exploit code likely .
Update MS13-086 (Important) fixes two RCE vulnerabilities (CVE-2013-3891, CVE-2013-3892) in Microsoft Word 2003, 2007. Through a specially crafted doc file, an attacker can initiate remote code execution in the system.
Update MS13-087 (Important) fixes one Information Disclosure vulnerability CVE-2013-3896 in the Silverlight 5 platform. An attacker could take advantage of this vulnerability through a website with a specially prepared Silverlight application. Exploit code unlikely .
1 - Exploit code likely
The probability of exploiting the vulnerability is very high, attackers can use an exploit, for example, for remote code execution.
2 - Exploit code would be difficult to build
The exploitation probability is average, since attackers are unlikely to be able to achieve a situation of sustainable exploitation, as well as due to the technical peculiarities of vulnerability and the complexity of developing an exploit.
3 - Exploit code unlikely
The exploitation probability is minimal and attackers are unlikely to be able to develop successfully working code and take advantage of this vulnerability to conduct an attack.
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
be secure.
Source: https://habr.com/ru/post/196610/
All Articles