Quantcast
Channel: TechNet Blogs
Viewing all articles
Browse latest Browse all 34890

Assessing risk for the August 2013 security updates

$
0
0

Today we released eight security bulletins addressing 23 CVE’s. Three bulletins have a maximum severity rating of Critical while the other five have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.

BulletinMost likely attack vectorMax Bulletin SeverityMax Exploit-ability IndexLikely first 30 days impactPlatform mitigations and key notes
MS13-059

(Internet Explorer)

Victim browses to a malicious webpage.Critical1Likely to see reliable exploits developed within next 30 days.Defense-in-depth changes made in this update also address the LdrHotPatchRoutine ASLR bypass. You can read more about that aspect of this update in this SRD blog post.
MS13-060

(Unicode font in browser)

Victim with Indic language pack installed browses to a malicious webpage.Critical2Less likely to see reliable exploit code within 30 days.Affects only Windows XP and Windows 2003 machines where the Bangali font is installed. More detail here: http://www.bhashaindia.com/ilit/GettingStarted.aspx?languageName=Tamil
MS13-061

(Oracle Outside In for Exchange)

Attacker sends email with malicious attachment and lures victim to view the attachment as a webpage within Outlook Web Access. The attacker could potentially compromise the server-side process generating the web page.Critical2Less likely to see reliable exploit code within 30 days.

 Addresses Oracle Outside In issues included in the Oracle July 2013 security update: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html

MS13-063

(Kernel)

Attacker who is already running code on a machine uses this vulnerability to elevate from low-privileged account to SYSTEM.Important1Likely to see reliable exploits developed within next 30 days.Also addresses CVE-2013-2556, a Windows ASLR bypass used as part of a CanSecWest pwn2own exploit.
MS13-062

(RPC)

Attacker on the same machine as a higher-privileged user making asynchronous RPC requests to a remote resource may be able to have RPC request executed as the higher-privileged user. (Example: print server scenario where higher privileged user is continually submitting print jobs)Important1Likely to see reliable exploits developed within next 30 days. However, limited scenarios in which attack could be used.This is a post-auth race condition attack with several pre-conditions. Difficult to trigger reliably.
MS13-066

(Active Directory Federated Services)

Attacker can leverage information leak to lock out service account used by ADFS, denying service to users.Important3Denial of service only. 
MS13-065

(ICMP)

Attacker send malicious ICMP packet causing denial-of-service on victim recipient.Important3Denial of Service only.Difficult to reproduce this one. Likely will require third party driver installed and packet stored in memory aligned with the page boundary.
MS13-064

(NAT driver)

Attacker can send malicious network attack against Direct Access server causing denial-of-service.Important3Denial of Service only.Only affects machines running WinNat service. This service was first introduced with Windows Server 2012 and is off by default.

- Jonathan Ness, MSRC Engineering


Viewing all articles
Browse latest Browse all 34890

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>