June 11, 2013 1:24 PM (PT)
Today?s VERT Alert addresses 5 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-514 on Wednesday, June 12th.
| MS13-047 | Internet Explorer Script Debug Vulnerability | CVE2013-3126 |
| Multiple Memory Corruption Vulnerabilities in Internet Explorer | MULTIPLE | |
| MS13-048 | Kernel Information Disclosure Vulnerability | CVE-2013-3136 |
| MS13-049 | TCP/IP Integer Overflow Vulnerability | CVE-2013-3138 |
| MS13-050 | Print Spooler Vulnerability | CVE-2013-1339 |
| MS13-051 | Office Buffer Overflow Vulnerability | CVE-2011-1331 |
MS13-047
Another month, another Internet Explorer patch, this one containing fixes for 19 CVEs. The most interesting part of the bulletin is the acknowledgements section. It looks like ZDI was busy buying IE vulnerabilities this month and Google contributed a few as well. IE likely rivals Flash for the most frequently patched software, so there aren?t any surprises here? just a new number for the top of the priority list.
MS13-048
The second bulletin this month resolves a memory address disclosure. While on it?s own this is not an interesting issue, chained with other exploits this could be a potentially valuable exploit. There are no issues with waiting to include this patch in your regular patch cycle, as it?s doubtful it will be targeted in the near future.
MS13-049
This month?s "remote" is fixed in MS13-049. According to the Microsoft Security Research & Defense blog post1, exploiting this vulnerability requires sending thousands of packets to a victim resulting in non-paged pool memory exhaustion. The host will essentially need to be restarted in order to resume network communication (alternatively, the network stack can be restarted, but a host reboot is likely easier). The interesting aspect of this denial of service is that while Vista and newer are affected, only Server 2012 and Windows 8 can be targeted remotely.
MS13-050
Vulnerabilities affecting the Print Spooler aren?t nearly as common as other vulnerabilities but this is the second time we?re seeing a patch this year. Once again, Vista and newer are affected and the end result is code execution as SYSTEM. A Microsoft patch release without a privilege escalation vulnerability simply wouldn?t be a true Microsoft patch release and with Win32K.sys absent this month, this vulnerability is taking its place.
MS13-051
We finish out the month with a Office vulnerability affect Office 2003 and Office for Mac 2011. Microsoft has released a detailed blog post2 on this vulnerability that includes example URLs and the file hashes for known malicious files to assist with detection. It?s also important to know the products affected include the full suite of Office Products as well as Word Viewer. Given that this one is already in the wild, it is important to apply this patch as soon as possible if you have Office for Mac 2011 or Office 2003 in your environment.
As always, VERT recommends that you apply patches as soon as possible but also that you fully vet patches (when possible) before applying them to production systems.
Ease of Use (published exploits) to Risk Table
|
Automated Exploit
|
MS13-051 |
|
|||||
|
Easy
|
|||||||
|
Moderate
|
|||||||
|
Difficult
|
|||||||
|
Extremely Difficult
|
|||||||
|
No Known Exploit
|
|||||||
|
Exposure
|
Local Availability
|
Local
Access |
Remote Availability
|
Remote Access
|
Local Privileged
|
Remote Privileged
|
All data and commentary is based on information available when the VERT Alert is published. The VERT Alert may be updated on the website as new information surfaces: http://www.ncircle.com/index.php?s=resources_VERT-Alert.