Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses 8 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-536 on Wednesday, November 13th.

MS13-088

 

Internet Explorer Information Disclosure Vulnerability CVE-2013-3908
Internet Explorer Information Disclosure Vulnerability CVE-2013-3909
Multiple Memory Corruption Vulnerabilities in Internet Explorer MULTIPLE

MS13-089

Graphics Device Interface Integer Overflow Vulnerability CVE-2013-3940

MS13-090

InformationCardSigninHelper Vulnerability CVE-2013-3918

MS13-091

WPD File Format Memory Corruption Vulnerability CVE-2013-0082
Word Stack Buffer Overwrite Vulnerability CVE-2013-1324
Word Heap Overwrite Vulnerability CVE-2013-1325

MS13-092

Address Corruption Vulnerability CVE-2013-3898

MS13-093

Ancillary Function Driver Information Disclosure Vulnerability CVE-2013-3887

MS13-094

S/MIME AIA Vulnerability CVE-2013-3905

MS13-095

Digital Signatures Vulnerability CVE-2013-3869

MS13-088

November starts like any other month this year, with the always-expected Internet Explorer cumulative update. Unlike most months where the first patch is the most critical, this month the IE fix is overshadowed by MS13-090 (essentially a second IE Patch but really an ActiveX killbits update). So the IE cumulative update should probably rank #2 on patch priority lists.

MS13-089

The second bulletin this month describes another critical update… this one impacting GDI. It’s important to note that while Windows Write files (.wri) are listed as the primary attack vector, the vulnerable code could be utilized by anyone, which means that third party applications could be targets for this issue [1]. Pay attention to security information released by other vendors for additional updates you may need to apply related to this update.

MS13-090

This is the update that everyone should rush to apply to their systems. Luckily, ActiveX killbits generally don’t cause negative interactions (although proper testing should still occur) so this patch can be pushed out a bit quicker than your average update. This update resolves the current 0-day discovered by FireEye [2]. Microsoft has provided additional details on this subject [3].

MS13-091

Office updates are typical on Patch Tuesday and this month is no exception. This bulletin resolves three Office vulnerabilities; two of which affect Word, while the third affects the WordPerfect document converter.

MS13-092

This bulletin is the first of three interesting bulletins this month. The vulnerability described here affects Microsoft Hyper-V and allows a user to DoS a Hyper-V host. Interestingly, if the user is logged into a Hyper-V guest, then it is possible to execute code on another Hyper-V guest OS. This is a fairly unique vulnerability and it’ll be interesting to see if it opens the door to future vulnerabilities of this type.

MS13-093

While not necessarily useful on it’s own, MS13-093 is likely valuable in chained exploits as it allowed data in kernel memory to be copied to user memory.

MS13-094

The title doesn’t reveal much about this vulnerability but it’s nicely summarized as, “MS13-094: Using Outlook as a Port Scanner”. This vulnerability allows you to target ports on hosts on the network determining if they are open or not. It’s an interesting information disclosure issue but unlikely to be a viable attack since scanning a single host would require multiple emails and would cause Outlook to hang for an extended period of time.

MS13-095

The final bulletin this month is the third that we consider interesting, although it barely meets the requirements. It’s a denial of service in X.509 certificate parsing; meaning services that accept client-side certificates are vulnerable. However, since it’s only a denial of service in a special case, this ranks fairly low in risk compared to other vulnerabilities this month.

Additional Information

As always, VERT recommends that you apply patches as soon as possible but also that you fully vet patches (when possible) before applying them to production systems.

Ease of Use (published exploits) to Risk Table

Automated Exploit MS13-090
Easy
Moderate
Difficult
Extremely Difficult
No Known Exploit
MS13-093
MS13-094
MS13-088
MS13-089
MS13-091
MS13-095 MS13-092
Exposure
Local
Availability
Local
Access
Remote
Availability
Remot
Access
Local
Privileged
Remote
Privileged