Today we released eight security bulletins addressing 23 CVE’s. Three bulletins have a maximum severity rating of Critical while the other five have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
Bulletin | Most likely attack vector | Max Bulletin Severity | Max Exploit-ability Index | Likely first 30 days impact | Platform mitigations and key notes |
MS13-059 (Internet Explorer) | Victim browses to a malicious webpage. | Critical | 1 | Likely to see reliable exploits developed within next 30 days. | Defense-in-depth changes made in this update also address the LdrHotPatchRoutine ASLR bypass. You can read more about that aspect of this update in this SRD blog post. |
MS13-060 (Unicode font in browser) | Victim with Indic language pack installed browses to a malicious webpage. | Critical | 2 | Less likely to see reliable exploit code within 30 days. | Affects only Windows XP and Windows 2003 machines where the Bangali font is installed. More detail here: http://www.bhashaindia.com/ilit/GettingStarted.aspx?languageName=Tamil |
MS13-061 (Oracle Outside In for Exchange) | Attacker sends email with malicious attachment and lures victim to view the attachment as a webpage within Outlook Web Access. The attacker could potentially compromise the server-side process generating the web page. | Critical | 2 | Less likely to see reliable exploit code within 30 days. | Addresses Oracle Outside In issues included in the Oracle July 2013 security update: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html |
MS13-063 (Kernel) | Attacker who is already running code on a machine uses this vulnerability to elevate from low-privileged account to SYSTEM. | Important | 1 | Likely to see reliable exploits developed within next 30 days. | Also addresses CVE-2013-2556, a Windows ASLR bypass used as part of a CanSecWest pwn2own exploit. |
MS13-062 (RPC) | Attacker on the same machine as a higher-privileged user making asynchronous RPC requests to a remote resource may be able to have RPC request executed as the higher-privileged user. (Example: print server scenario where higher privileged user is continually submitting print jobs) | Important | 1 | Likely to see reliable exploits developed within next 30 days. However, limited scenarios in which attack could be used. | This is a post-auth race condition attack with several pre-conditions. Difficult to trigger reliably. |
MS13-066 (Active Directory Federated Services) | Attacker can leverage information leak to lock out service account used by ADFS, denying service to users. | Important | 3 | Denial of service only. | |
MS13-065 (ICMP) | Attacker send malicious ICMP packet causing denial-of-service on victim recipient. | Important | 3 | Denial of Service only. | Difficult to reproduce this one. Likely will require third party driver installed and packet stored in memory aligned with the page boundary. |
MS13-064 (NAT driver) | Attacker can send malicious network attack against Direct Access server causing denial-of-service. | Important | 3 | Denial of Service only. | Only affects machines running WinNat service. This service was first introduced with Windows Server 2012 and is off by default. |
- Jonathan Ness, MSRC Engineering