Patch Priority Index for December 2013

Bulletin CVE

MS13-096

CVE-2013-3906

MS13-097

CVE-2013-5047, CVE-2013-5048, CVE-2013-5049

MS13-099

CVE-2013-5056

APSB13-28

CVE-2013-5331, CVE-2013-5332

MS13-106

CVE-2013-5057

MS13-101

CVE-2013-3899, CVE-2013-3902, CVE-2013-3903

MS13-105

CVE-2013-1330, CVE-2013-5072

MS13-089

CVE-2013-3490

MS13-104

CVE-2013-5054

MS13-092

CVE-2013-3898

Tripwire’s December Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe

To change things up a little this month, we aren’t starting with the expected Internet Explorer update, it’s moved all the way down to number two on the list. Instead, we have the patch for the TIFF 0-day up first. Keep in mind that after you apply this patch, you can remove the FixIt that disabled TIFF processing.

Following the TIFF 0-day fix, we have three potential drive-by fixes. Up first is the standard IE update which, like all IE updates, is cumulative, so if you haven’t applied your November updates, this incorporates the November IE 0-day fix. The second patch in this list resolves an issue with VBScript that could lead to a drive by attack with IE due to the nature of the ActiveX control. The final patch in this list comes from Adobe and resolves a couple of Flash vulnerabilities.

Up next is an information disclosure that most people would likely rank lower on the scale (or maybe not even include in a top 10 list). We’re including this issue because of how it has been used in the past. MS13-106 is a fix for an ASLR bypass that is commonly used in efforts to exploit other vulnerabilities. Blocking this vector should increase the difficulty of successfully exploiting other vulnerabilities (at least for a little while anyways).

The above patches could be defined as first class patches this month, they should be considered for most systems before anything else.  Up next we have a pair of new patches from the December Patch Tuesday and one of two carry-overs from November.

MS13-101 is an expected update, fixing privilege escalations in kernel-mode drivers, that we see every month, these types of vulnerabilities are often used to go from user access to system access and so it’s important to stay on top of them. MS13-105 is an Exchange issue where an email could be sent to a user that would cause code to be executed as LocalService on the Exchange server. MS13-089 allowed for code execution when opening a Windows Write file in WordPad.

Finally, we have our third tier of vulnerabilities one from November and one from December.  MS13-104 is a token theft vulnerability that could allow attackers access to your Office 365 account, while MS13-092 describes a method of running code from one guest VM to another on a Hyper-V system. Both of these are niche vulnerabilities, but definitely worth being aware of if you run either system.