Microsoft Patch Tuesday - SANS Internet Storm Center

Handler on Duty: Didier Stevens

Threat Level: green

Microsoft Patch Tuesday 2013-09-10

MS13-067
Title	A multitude of vulnerabilities in sharepoint (Office Server) have been fixed. It could lead to a Denial of Service over privilege escalation to random code execution with the rights of the W3WP service account. CVE-2013-1315 is also mentioned in MS13-073
Replaces
Affected	Sharepoint
KB	KB2834052
Known Exploits	Yes
Microsoft Rating	Critical
ISC Client Rating	N/A
ISC Server Rating	N/A

CVE	Exploitability
2013-0081	1

Top of page

MS13-068
Title	A input validation error dealign with S/MIME messages leads to random code execution with the rights of the logged on user. The vulnerability can be triggered by merely viewing or previewing a message.
Replaces
Affected	Outlook
KB	KB2756473
Known Exploits	No
Microsoft Rating	Critical
ISC Client Rating	Critical
ISC Server Rating	Critical

CVE	Exploitability
2013-3870	2

Top of page

MS13-069
Title	A set of 10 new memory corruption vulnerabilities in this monthly instance of the cumulative MSIE patch. They lead to random code execution withthe rights of the logged on user.
Replaces
Affected	MSIE
KB	KB2870699
Known Exploits	No
Microsoft Rating	Critical
ISC Client Rating	Critical
ISC Server Rating	Critical

CVE	Exploitability
2013-3201	1

Top of page

MS13-070
Title	A memory handling error in OLE allows for random code execution with the rights of the logged on user.
Replaces
Affected	OLE
KB	KB2876217
Known Exploits	No
Microsoft Rating	Critical
ISC Client Rating	Critical
ISC Server Rating	Critical

CVE	Exploitability
2013-3863	1

Top of page

MS13-071
Title	A vulnerability in handling the theme files allows for random code execution with the rights of the logged on user.
Replaces
Affected	Theme
KB	KB2864063
Known Exploits	No
Microsoft Rating	Important
ISC Client Rating	Critical
ISC Server Rating	Critical

CVE	Exploitability
2013-0810	1

Top of page

MS13-072
Title	Multiple vulnerabilities allow information leaks and random code execution with the rights of the logged on user. CVE-2013-3847, CVE-2013-3848, CVE-2013-3849, CVE-2013-3857 and CVE-2013-3858 are also mentioned in MS13-067.
Replaces
Affected	Office
KB	KB2845537
Known Exploits	No
Microsoft Rating	Important
ISC Client Rating	Critical
ISC Server Rating	Critical

CVE	Exploitability
2013-3160	1

Top of page

MS13-073
Title	Multiple vulnerabilities in Excel allow for information leak and random code execution with the rights of the logged on user. CVE-2013-1315 is also mentioned in MS13-067.
Replaces
Affected	Excel
KB	KB2858300
Known Exploits	No
Microsoft Rating	Important
ISC Client Rating	Critical
ISC Server Rating	Critical

CVE	Exploitability
2013-1315	3

Top of page

MS13-074
Title	Multiple vulnerabilities allow random code execution with the rights of the logged on user.
Replaces
Affected	Access
KB	KB2848637
Known Exploits	No
Microsoft Rating	Important
ISC Client Rating	Critical
ISC Server Rating	Critical

CVE	Exploitability
2013-3155	1

Top of page

MS13-075
Title	Pinyn Input Method Editor (IME) for Simplified Chinese allows for a privilege escalation by the user to local system.
Replaces
Affected	Office IME (Chinese)
KB	KB2878687
Known Exploits	No
Microsoft Rating	Important
ISC Client Rating	Important
ISC Server Rating	Important

CVE	Exploitability
2013-3859	1

Top of page

MS13-076
Title	Multiple memory corruption vulnerabilities allow privilege escalation.
Replaces
Affected	Kernel Mode Drivers
KB	KB2876315
Known Exploits	No
Microsoft Rating	Important
ISC Client Rating	Important
ISC Server Rating	Important

CVE	Exploitability
2013-1341	1

Top of page

MS13-077
Title	A double free vulnerability in the Service Control manager (SCM) allows privilege escalation.
Replaces
Affected	Service Control Manager
KB	KB2872339
Known Exploits	No
Microsoft Rating	Important
ISC Client Rating	Important
ISC Server Rating	Important

CVE	Exploitability
2013-3862	2

Top of page

MS13-078
Title	An information leak vulnerability in Frontpage while handling the DTD of an XML file.
Replaces
Affected	Frontpage
KB	KB2825621
Known Exploits	No
Microsoft Rating	Important
ISC Client Rating	Important
ISC Server Rating	Important

CVE	Exploitability
2013-3137	3

Top of page

MS13-079
Title	A Denial of Service vulnerability in Active Directory by a query to the LDAP service. Lasts till an administroator restarts the service.
Replaces
Affected	Active Directory
KB	KB2853587
Known Exploits	No
Microsoft Rating	Important
ISC Client Rating	N/A
ISC Server Rating	N/A

CVE	Exploitability
2013-3868	3

Top of page

We will update issues on this page for about a week or so as they evolve. We appreciate your updates!
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY

(*): ISC rating

We use 4 levels:
- PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
- Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
- Important: Things where more testing and other measures can help.
- Less Urgent: practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
- The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.