monthly security bulletin briefing - microsoft · 2017. 1. 30. · cve -2013 3180 cve-2013-1315...

1

Monthly Security

Bulletin Briefing

(September 2013)

CSS Security Worldwide Programs

• Teresa GhiorzoeSecurity Program Manager

• Daniel MauserSenior Technical Lead - LATAM CTS

Blog de Segurança:

http://blogs.technet.com/b/risco/

Twitter: LATAMSRC

Email: [email protected]

September

2013

AgendaOther Security

Resources

Detection and Deployment

Table

Product Support Lifecycle

Information

Public Webcast Details

Appendix

Bulletin Resources

Malicious Software

Removal Tool Updates

Non-security updates

New Security Resources

New Security

Bulletins

13


Critical Important

4 9

Security Advisories

1 Re-release

September

2013

Security

Bulletins

Bulletin Impact Component Severity PriorityExploit

IndexPublic

MS13-067 Remote Code Execution SharePoint Critical 1 1 Yes

MS13-068 Remote Code Execution Outlook Critical 1 2 No

MS13-069 Remote Code Execution Internet Explorer Critical 1 1 No

MS13-070 Remote Code Execution OLE Critical 2 1 No

MS13-071 Remote Code Execution Windows Theme Important 3 1 No

MS13-072 Remote Code Execution Office Important 2 1 No

MS13-073 Remote Code Execution Excel Important 2 3 No

MS13-074 Remote Code Execution Access Important 3 1 No

MS13-075 Elevation of Privilege IME Important 3 1 No

MS13-076 Elevation of Privilege Kernel-Mode Driver Important 2 1 No

MS13-077 Elevation of Privilege Service Control Manager Important 3 2 No

MS13-078 Information Disclosure FrontPage Important 3 3 No

MS13-079 Denial of Service Active Directory Important 2 3 No

Exploitability Index: 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected | * - Not Rated


MS13-067

Vulnerabilities in

Microsoft

SharePoint

Server Could

Allow Remote

Code Execution

(2834052)

Affected Software:• SharePoint Portal Server 2003 SP3

• SharePoint Server 2007 SP3 (32-bit and 64-bit)

• SharePoint Server 2010 SP1 and 2

• SharePoint Server 2013

• SharePoint Foundation 2013

• Office Services and Web Apps

Excel Services

InfoPath Forms Services

PerformancePoint Services

Project Services

Visio Services

Word Automation Services

• Excel Web App 2010 SP 1 and 2

• Word Web App 2010 SP 1 and 2

Severity | Critical

Deployment

Priority

Update

Replacement

More Information

and / or

Known Issues

1MS12-050

MS12-066

MS13-030

MS13-035

Yes *

Restart

Requirement

A restart may be

required

Uninstall Support

Use Add or Remove

Programs in Control

Panel


WU MU MBSA WSUS ITMU SCCM* After you install this update on all SharePoint

servers, you must run the PSconfig tool to

complete the installation

No Yes Yes Yes Yes Yes


MS13-067

Vulnerabilities in

Microsoft

SharePoint

Server Could

Allow Remote

Code Execution

(2834052)

Vulnerability Details:

• Seven (7) remote code execution vulnerabilities* exist in the way that affected Microsoft Office software

parses specially crafted files that could allow an attacker to take complete control of an affected system.

• Two elevation of privilege vulnerabilities exist in SharePoint Server that could allow an attacker to perform

cross-site scripting attacks by submitting a specially crafted POST request to a SharePoint server.

• A denial of service vulnerability exists in SharePoint Server, which would cause the W3WP process to stop

responding until it is restarted if an attacker enters a specially crafted URL that is processed on the target

SharePoint site

* CVE-2013-3847, CVE-2013-3848, CVE-2013-3849, CVE-2013-3857, CVE-2013-3858

CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory

CVE-2013-0081

CVE-2013-1330

CVE-2013-3179

CVE-2013-3180

CVE-2013-1315

Multiple *

Important

Critical

Important

Important

Important

Critical

Denial of Service

Remote Code Execution

Elevation of Privilege




3

NA

3

3

NA

NA

3

1

3

3

3

1

P

P

NA

NA

NA

NA

No

No

No

Yes

No

No

None

None

None

None

None

None

None

None

None

None

None

None

Attack Vectors

• A specially crafted Office file

• A specially crafted POST request

to a SharePoint server

• A specially crafted URL that is

processed on the target

SharePoint site

Mitigations

• Users would have to be persuaded

to visit a malicious web site

• Exploitation only gains the same

rights as the logged on account

• Cannot be exploited automatically

through email because a user

must open an attachment that is

sent in an email message

For CVE-2013-0081, CVE-2013-1330,

CVE-2013-3179, CVE-2013-3180

• Microsoft has not identified any

mitigations for these

vulnerabilities

Workarounds

• Do not open Office files that

you receive from untrusted

sources or that you receive

unexpectedly from trusted

sources

For CVE-2013-0081, CVE-2013-

3179, CVE-2013-3180

• Microsoft has not identified

any workarounds for these

vulnerabilities



DoS Rating: T = Temporary (DoS ends when an attack ceases) | P = Permanent (Administrative action required to recover)

MS13-068

Vulnerability in

Microsoft

Outlook Could

Allow Remote

Code Execution

(2756473)

Affected Software: Outlook 2007 SP3

Outlook 2010 SP1 (32-bit & 64-bit editions)

Outlook 2010 SP2 (32-bit & 64-bit editions)

Severity | Critical

Deployment

Priority

Update

Replacement

More Information

and / or

Known Issues

1 MS10-064 None

Restart

Requirement

A restart may be

required

Uninstall Support

Use Add or Remove

Programs in Control

PanelDetection and Deployment

WU MU MBSA WSUS ITMU SCCM If the component discussed in this bulletin was

delivered with the version of the Office Suite

installed on your system, the system will be

offered updates for it whether the component

is installed or not. No Yes Yes Yes Yes Yes


MS13-068

Vulnerability in

Microsoft

Outlook Could

Allow Remote

Code Execution

(2756473)


• A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted

S/MIME email messages. An attacker can exploit this vulnerability and take complete control of an affected

system if they can persuade a user to open or preview a specially crafted email message.


CVE-2013-3870 Critical Remote Code Execution NA 2 NA No None None

Attack Vectors

• A maliciously crafted email

message

Exploitation of this

vulnerability requires that a

user open or preview a

specially crafted email

message with an affected

version of Outlook

Mitigations


user rights as the logged on

account

Workarounds


any workarounds for this

vulnerability




MS13-069

Cumulative

Security Update

for Internet

Explorer

(2870699)

Affected Software:

IE 6 on Windows XP and Windows Server

2003

IE 7 on Windows XP, Windows Server 2003,

Windows Vista, and Windows Server 2008

IE 8 on Windows XP, Windows Server 2003,

Windows Vista, Windows Server 2008,

Windows 7, and Windows Server 2008 R2

IE 9 on Windows Vista, Windows Server

2008, Windows 7, and Windows Server 2008

R2

IE 10 on Windows 7, Windows Server 2008

R2, Windows 8, Windows Server 2012, and

Windows RT

The Internet Explorer 11 Preview in Windows 8.1

Preview and Windows RT 8.1 Preview are both

affected by this bulletin

Severity | Critical

Deployment

Priority

Update

Replacement

More Information

and / or

Known Issues

1 MS13-059 None

Restart

Requirement

A restart is

required

Uninstall Support

Use Add or Remove

Programs in Control

Panel


WU MU MBSA WSUS ITMU SCCM1. The MBSA 2.3 beta fully supports Windows 8,

Windows 8.1, Windows Server 2012, and Windows

Server 2012 R2.

2. Windows RT devices can only be serviced with

Windows and Microsoft UpdateYes Yes Yes 1 | 2 Yes 2 Yes 2 Yes 2


MS13-069

Cumulative

Security Update

for Internet

Explorer

(2870699)


• Ten * (10) remote code execution vulnerabilities exist when Internet Explorer improperly accesses an object

in memory. These vulnerabilities may corrupt memory in such a way that an attacker could execute

arbitrary code in the context of the current user and could allow an attacker to take complete control of an

affected system if a user views a specially crafted website or file


Multiple a Critical Remote Code Execution NA b 1 NA No No None

Attack Vectors

• A maliciously crafted Web page

• Compromised websites and

websites that accept or host

user-provided content or

advertisements

a. CVE-2013-3201 | CVE-2013-3202

CVE-2013-3203 | CVE-2013-3204

CVE-2013-3205 | CVE-2013-3206

CVE-2013-3207 | CVE-2013-3208

CVE-2013-3209 | CVE-2013-3845

b. XI Latest = IE 11 on Windows

8.1, Windows Server 2012 R2,

and Windows RT 8.1

Mitigations

• Users would have to be persuaded

to visit a malicious web site



account

• By default, all Microsoft e-mail

clients open HTML e-mail

messages in the Restricted Sites

zone

• By default, IE runs in a restricted

mode for all Windows Servers

Workarounds

• Set IE security to High for

Internet and Intranet zones

• Configure IE to prompt before

running ActiveX and Active

Scripting




MS13-070

Vulnerability in

OLE Could

Allow Remote

Code Execution

(2876217)

Affected Software: Windows XP (all editions)

Windows Server 2003 (all editions)

Severity | Critical

Deployment

Priority

Update

Replacement

More Information

and / or

Known Issues

2 MS11-093 None

Restart

Requirement

A restart may be

required

Uninstall Support

Use Add or Remove

Programs in Control


WU MU MBSA WSUS ITMU SCCM

• For an attack to be successful by sending an

email message a user must open an

attachment that contains a specially crafted

OLE object.

• Many different types of attached documents

can contain the affected OLE objects, which

includes all Office file types as well as many

other third-party file types.

Yes Yes Yes Yes Yes Yes


MS13-070

Vulnerability in

OLE Could

Allow Remote

Code Execution

(2876217)


• A vulnerability exists in OLE that could lead to remote code execution that could allow an attacker to take

complete control of an affected system if a user can be persuaded to open a file that contains a specially

crafted OLE object


CVE-2013-3863 Critical Remote Code Execution NA 1 NA No None None

Attack Vectors

• A maliciously crafted file that

contains a specially crafted OLE

object

All Office file types, and

many third-party file types,

can contain a malicious OLE

object

Common delivery

mechanisms: a maliciously

crafted webpage, an email

attachment, an instant

message, a peer-to-peer file

share, a network share,

and/or a USB thumb drive

Mitigations



account

• The vulnerability cannot be

exploited automatically through

email, because a user must open

an attachment that is sent in an

email message

Workarounds





sources




MS13-071

Vulnerability in

Windows

Theme File

Could Allow

Remote Code

Execution

(2864063)

Affected Software: Windows XP (all editions)


Windows Vista (all editions)


Severity | Important

Deployment

Priority

Update

Replacement

More Information

and / or

Known Issues

3 None None

Restart

Requirement

A restart may be

required

Uninstall Support

Use Add or Remove

Programs in Control


WU MU MBSA WSUS ITMU SCCM After applying this update, screen savers

associated with custom themes, that were not

delivered in-box, will no longer be automatically

selected when a custom theme is appliedYes Yes Yes Yes Yes Yes


MS13-071

Vulnerability in

Windows

Theme File

Could Allow

Remote Code

Execution

(2864063)


• A remote code execution vulnerability exists in the way Windows handles certain specially crafted Windows

theme and screensaver files. In an attack scenario, an attacker could convince a user to open a maliciously

crafted theme file containing a specially crafted screensaver that executes malicious code when the user

applies the Windows theme.


CVE-2013-0810 Important Remote Code Execution NA 1 NA No None None

Attack Vectors

• A maliciously crafted Windows

Theme file that contains a

specially crafted screensaver

Common delivery


crafted webpage, an email



share, a network share, and/or

a USB thumb drive

Mitigations

• In all cases, a user cannot be

forced to open the file or apply

the theme; for an attack to be

successful, a user must be

convinced to do so

Workarounds

• Do not open Windows Theme

files that you receive from

untrusted sources or that you

receive unexpectedly from

trusted sources




MS13-072

Vulnerabilities in

Microsoft Office

Could Allow

Remote Code

Execution

(2845537)

Affected Software: Office 2003 S3

Word 2003 SP3

Office 2007 SP3

Word 2007 SP3

Office 2010 SP 1 & 2 (32-bit & 64-bit

editions)

Word 2010 SP1 & 2 (32-bit & 64-bit

editions)

Office Compatibility Pack SP3

Word Viewer


Deployment

Priority

Update

Replacement

More Information

and / or

Known Issues

2MS11-089

MS12-057

MS12-079

MS13-043

MS13-051

Yes *

Restart

Requirement

A restart may be

required

Uninstall Support

Use Add or Remove

Programs in Control



delivered with the version of the Microsoft

Office Suite installed on your system, the

system will be offered updates for it whether

the component is installed or not. No Yes Yes Yes Yes Yes


MS13-072

Vulnerabilities in

Microsoft Office

Could Allow

Remote Code

Execution

(2845537)


• Twelve (12) remote code execution vulnerabilities exist in the way that affected Microsoft Office software

parses specially crafted files. An attacker could take complete control of an affected system if they can

convince a user to open a specially crafted file in an affected version of Office software

• CVE-2013-3847, CVE-2013-3848, CVE-2013-3849, CVE-2013-3850, CVE-2013-3851, CVE-2013-3852

CVE-2013-3853, CVE-2013-3854, CVE-2013-3855, CVE-2013-3856, CVE-2013-3857, CVE-2013-3858


Multiple *

CVE-2013-3160

Critical

Important


Information Disclosure

NA

NA

1

3

NA

NA

No

No

None

None

None

None

Attack Vectors

• A maliciously crafted Office file

Common delivery


crafted Web page, an e-mail




a USB thumb drive

Mitigations

• The vulnerabilities cannot be


email because a user must open


email message

• An attacker would have no way to

force users to visit a malicious or

compromised website, or to open

the specially crafted Office file

• An attacker can only gain the

same user rights as the logged on

user

Workarounds

• Install and configure MOICE to

be the registered handler for

.doc files.

• Use Microsoft Office File Block

policy to prevent the opening

of .doc and .dot binary files





sources




MS13-073

Vulnerabilities in

Microsoft Excel

Could Allow

Remote Code

Execution

(2858300)

Affected Software:• Office 2003 SP3

Excel 2003 SP3

• Office 2007 SP3

Excel 2007 SP3

• Office 2010 SP1 & 2 (32-bit & 64-bit editions)

Excel 2010 SP1 & 2 (32-bit & 64-bit

editions)

• Office 2013 (32-bit & 64-bit editions)

Excel 2013 (32-bit & 64-bit editions)

• Office 2013 RT

Excel 2013 RT

• Office for Mac 2011

• Office Compatibility Pack SP3

• Excel Viewer


Deployment

Priority

Update

Replacement

More Information

and / or

Known Issues

2 MS13-012 Yes *

Restart

Requirement

A restart may be

required

Uninstall Support

Use Add or Remove

Programs in Control

Panel


WU MU MBSA WSUS ITMU SCCMIf the component discussed in this bulletin was






MS13-073

Vulnerabilities in

Microsoft Excel

Could Allow

Remote Code

Execution

(2858300)


• Two (2) remote code execution vulnerabilities exist in the way that Excel parses content in Excel files. An

attacker could take complete control of an affected system if they can convince a user to open a specially

crafted Excel file.

• An information disclosure vulnerability exists in the way that Excel parses specially crafted XML files

containing external entities. The vulnerability is caused when Excel improperly handles XML external

entities that are resolved within other XML external entity declarations. An attacker could read data from

files on the target system.


CVE-2013-1315

CVE-2013-3158

CVE-2013-3159

Important

Important

Important



Information Disclosure

3

NA

NA

3

3

3

NA

NA

NA

No

No

No

None

None

None

None

None

None

Attack Vectors

• A maliciously crafted Office

Excel file

Common delivery





share, a network share,

and/or a USB thumb drive

Mitigations

• The vulnerabilities cannot be




email message



compromised website, or to open

the specially crafted Office files



account

Workarounds

• Use Microsoft Office File Block

policy to prevent the opening

of Excel binary files





sources




MS13-074

Vulnerabilities in

Microsoft

Access Could

Allow Remote

Code Execution

(2848637)

Affected Software: Access 2007 SP3

Access 2010 SP1 & SP2 (32-bit & 64-bit

editions)

Access 2013 (32-bit & 64-bit editions)


Deployment

Priority

Update

Replacement

More Information

and / or

Known Issues

3 MS12-046 None

Restart

Requirement

A restart may be

required

Uninstall Support

Use Add or Remove

Programs in Control








MS13-074

Vulnerabilities in

Microsoft

Access Could

Allow Remote

Code Execution

(2848637)


• Three (3) remote code execution vulnerabilities exist in the way that Access handles memory when opening

specially crafted Access files. An attacker could take complete control of an affected system by sending a

specially crafted Access file to the user and then convincing the user to open the file.


CVE-2013-3155

CVE-2013-3156

CVE-2013-3157

Important

Important

Important




1

1

1

1

1

1

NA

NA

NA

No

No

No

None

None

None

None

None

None

Attack Vectors

• A specially crafted Access file

Common delivery






a USB thumb drive

Mitigations



compromised website

• An attacker can only gain the

same user rights as the logged on

user

Workarounds





sources




MS13-075

Vulnerability in

Microsoft Office

IME (Chinese)

Could Allow

Elevation of

Privilege

(2878687)

Affected Software: Pinyin IME 2010 on Office 2010 SP1 (32-bit

editions)

Pinyin IME 2010 (64-bit version) on Office

2010 SP1 (64-bit editions)


Deployment

Priority

Update

Replacement

More Information

and / or

Known Issues

3 None None

Restart

Requirement

A restart may be

required

Uninstall Support

Use Add or Remove

Programs in Control


WU MU MBSA WSUS ITMU SCCM

• Microsoft Pinyin IME 2010 is a Microsoft

Pinyin (MSPY) Input Method Editor (IME) for

Simplified Chinese.

• Microsoft Pinyin IME 2010 is installed with

Chinese versions of Microsoft Office 2010 by

default and is also available as an optional

component in English and other language

versions of Microsoft office 2010.

No Yes Yes Yes Yes Yes


MS13-075

Vulnerability in

Microsoft Office

IME (Chinese)

Could Allow

Elevation of

Privilege

(2878687)


• An elevation of privilege vulnerability exists in Office IME for Chinese that could allow a low-privilege user

to elevate their privileges. In an attack scenario, an authenticated attacker could use the IME toolbar to

launch Internet Explorer with system-level privileges. The attacker could then run a program with system-

level privileges.


CVE-2013-3155 Important Elevation of Privilege NA 1 NA No None None

Attack Vectors

• Malicious use of the IME

Toolbar

Mitigations

• An attacker must have valid logon

credentials and be able to log on

locally to exploit this vulnerability.

The vulnerability could not be

exploited remotely or by

anonymous users.

• Only implementations of

Microsoft Pinyin IME 2010 are

affected by this vulnerability.

Other versions of Simplified

Chinese IME and other

implementations of IME are not

affected.

Workarounds



vulnerability




MS13-076

Vulnerabilities in

Kernel-Mode

Drivers Could

Allow Elevation

of Privilege

(2876315)

Affected Software: Windows XP (all supported editions)

Windows Server 2003 (all supported

editions)

Windows Vista (all supported editions)

Windows Server 2008 (all supported

editions)

Windows 7 (all supported editions)

Windows Server 2008 R2 (all supported

editions)

Windows 8 (all supported editions)

Windows Server 2012

Windows RT


Deployment

Priority

Update

Replacement

More Information

and / or

Known Issues

2 MS13-053 None

Restart

Requirement

A restart is

required

Uninstall Support

Use Add or Remove

Programs in Control

Panel


WU MU MBSA WSUS ITMU SCCM1. The MBSA 2.3 beta fully supports Windows

8, Windows 8.1, Windows Server 2012, and

Windows Server 2012 R2.

2. Windows RT devices can only be serviced

with Windows and Microsoft Update and

the Microsoft StoreYes Yes Yes 1 | 2 Yes 2 Yes 2 Yes 2


MS13-076

Vulnerabilities in

Kernel-Mode

Drivers Could

Allow Elevation

of Privilege

(2876315)


• Seven (7) elevation of privilege vulnerabilities * exist when the Windows kernel-mode driver improperly

handles objects in memory that could allow an attacker to gain elevated privileges and read arbitrary

amounts of kernel memory by logging on to the system and then running a specially crafted application.

CVE Severity Impact XI Latest 2 XI Legacy XI DoS Public Exploited Advisory

Multiple *

CVE-2013-3866

Important

Important



NA

NA

2

1

P

P

No

No

None

None

None

None

Attack Vectors

• A maliciously crafted application

1. CVE-2013-1341, CVE-2013-1342

CVE-2013-1343, CVE-2013-1344

CVE-2013-3864, CVE-2013-3865

2. XI Latest = Windows 8.1,

Windows Server 2012 R2, and

Windows RT 8.1

Mitigations

• An attacker must have valid logon

credentials and be able to log on

locally to exploit this vulnerability.

Workarounds



vulnerability




MS13-077

Vulnerability in

Windows

Service Control

Manager Could

Allow Elevation

of Privilege

(2872339)

Affected Software: Windows 7 (all supported editions)

Windows Server 2008 R2 (all supported

editions)


Deployment

Priority

Update

Replacement

More Information

and / or

Known Issues

3 MS13-019

MS13-063None

Restart

Requirement

A restart is

required

Uninstall Support

Use Add or Remove

Programs in Control


WU MU MBSA WSUS ITMU SCCM The Service Control Manager (SCM) maintains

a database of the installed services and driver

services that allow the operating system to

start successfully, and provides a unified and

secure means of controlling them. Yes Yes Yes Yes Yes Yes


MS13-077

Vulnerability in

Windows

Service Control

Manager Could

Allow Elevation

of Privilege

(2872339)


• A local elevation of privilege vulnerability exists in the way that the Windows Service Control Manager

(SCM) handles objects in memory. The vulnerability is caused when the SCM retrieves a corrupted service

description from the Windows registry resulting in a "double free" condition. An attacker who successfully

exploited this vulnerability could execute arbitrary code within the context of the Service Control Manager

(services.exe).


CVE-2013-3862 Important Elevation of Privilege NA 2 P No None None

Attack Vectors

• A maliciously crafted application

* XI Latest = Windows 8.1,

Windows Server 2012 R2, and

Windows RT 8.1

Mitigations

• To exploit this vulnerability, an

attacker either must have valid

logon credentials and be able to

log on locally or must convince a

user to run the attacker's specially

crafted application.

Workarounds



vulnerability




MS13-078

Vulnerability in

FrontPage

Could Allow

Information

Disclosure

(2825621)

Affected Software: FrontPage 2003 SP3 Severity | Important

Deployment

Priority

Update

Replacement

More Information

and / or

Known Issues

3 None None

Restart

Requirement

A restart may be

required

Uninstall Support

Use Add or Remove

Programs in Control


WU MU MBSA WSUS ITMU SCCMThe vulnerability is caused when Microsoft

FrontPage improperly parses the DTD of an

XML file. DTD, standing for document type

definition, is a file format type that is used in

XML and other markup languages to identify

the markup to be used to format a document.No Yes Yes Yes Yes Yes


MS13-078

Vulnerability in

FrontPage

Could Allow

Information

Disclosure

(2825621)


• An information disclosure vulnerability exists in FrontPage that could allow an attacker to disclose the

contents of a file on a target computer. An attacker who successfully exploited this vulnerability could

disclose the contents of a local file on a target computer if they can convince a user to open a specially

crafted FrontPage document.


CVE-2013-3137 Important Information Disclosure NA 3 NA No None None

Attack Vectors

• A maliciously crafted FrontPage

document

Common delivery






a USB thumb drive

Mitigations

• The vulnerability cannot be




email message



compromised website

Workarounds



vulnerability




MS13-079

Vulnerability in

Active Directory

Could Allow

Denial of

Service

(2853587)

Affected Software:

Active Directory Lightweight Directory Service

(AD LDS) on:

• Windows Vista (all supported editions)

• Windows Server 2008 (all supported 32-bit

and 64-bit editions)

• Windows 7 (all supported editions)

• Windows Server 2008 R2 (all supported

x64-bit editions)

• Windows 8 (all supported editions)

• Windows Server 2012

Active Directory Services on:

• Windows Server 2008 (all supported 32-bit

and 64-bit editions)

• Windows Server 2008 R2 (all supported

x64-bit editions)

• Windows Server 2012


Deployment

Priority

Update

Replacement

More Information

and / or

Known Issues

2 None None

Restart

Requirement

A restart may be

required

Uninstall Support

Use Add or Remove

Programs in Control

Panel


WU MU MBSA WSUS ITMU SCCM* The MBSA 2.3 beta fully supports Windows

8, Windows 8.1, Windows Server 2012, and

Windows Server 2012 R2.Yes Yes Yes * Yes Yes Yes


MS13-079

Vulnerability in

Active Directory

Could Allow

Denial of

Service

(2853587)


• A denial of service vulnerability exists in implementations of Active Directory when the LDAP service fails to

handle a specially crafted query that could cause the service to stop responding if an attacker sends a

specially crafted query to the LDAP service


CVE-2013-3868 Important Denial of Service NA 3 P No None None

Attack Vectors

• A maliciously crafted LDAP

query

* XI Latest = Windows 8.1 and

Windows Server 2012 R2

Mitigations

• Microsoft has not identified any

mitigations for this vulnerability.

Workarounds



vulnerability




Security

Advisory

Rerelease


Security Advisory (2755801)Update for Vulnerabilities in Adobe Flash Player in Internet Explorer

Windows 8 for 32-bit and 64-bit Systems

Windows Server 2012

Windows RT

Note: This update is also available for the IE 11 Preview in Windows 8.1 Preview and Windows

8.1 RT Preview releases via Windows Update

Reason for rerelease:

The update addresses the vulnerabilities described in Adobe Security bulletin

APSB13-21

For more information about this update, including download links, see KB

Article 2880289

September

2013

Manageability

Tools

Reference

BulletinWindows

Update

Microsoft

UpdateMBSA WSUS SMS ITMU SCCM 3

MS13-067 No Yes Yes Yes Yes Yes


MS13-069 Yes Yes Yes 1 | 2 Yes 2 Yes 2 Yes 2

MS13-070 Yes Yes Yes Yes Yes Yes






MS13-076 Yes Yes Yes 1 | 2 Yes 2 Yes 2 Yes 2



MS13-079 Yes Yes Yes 1 Yes Yes Yes

1. The MBSA 2.3 beta fully supports Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2

(see: http://technet.microsoft.com/en-us/security/cc184924)

2. Windows RT devices can only be serviced with Windows and Microsoft Update and the Microsoft Store

3. System Center 2012 R2 is in beta and is required to service Windows 8.1 and Windows Server 2012 R2 – Note

that these platforms are not affected by any of the September 2013 security bulletins


Microsoft

Support

Lifecycle


Lifecycle Changes

The following product families and service pack levels

are scheduled to have their support lifecycle expire on

September 10th 2013

Product Family• None

Service Pack Level• None

Remember that support for the entire Windows XP product

family will expire on 4/8/2014

http://support.microsoft.com/lifecycle

September

2013

Security

Bulletins

Bulletin Description Severity Priority

MS13-067Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code

ExecutionCritical 1

MS13-068 Vulnerability in Microsoft Outlook Could Allow Remote Code Execution Critical 1

MS13-069 Cumulative Security Update for Internet Explorer Critical 1

MS13-070 Vulnerability in OLE Could Allow Remote Code Execution Critical 2

MS13-071Vulnerability in Windows Theme File Could Allow Remote Code

ExecutionImportant 3

MS13-072 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution Important 2

MS13-073 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution Important 2

MS13-074 Vulnerabilities in Microsoft Access Could Allow Remote Code Execution Important 3

MS13-075Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of

PrivilegeImportant 3

MS13-076 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege Important 2

MS13-077Vulnerability in Windows Service Control Manager Could Allow Elevation

of PrivilegeImportant 3

MS13-078 Vulnerability in FrontPage Could Allow Information Disclosure Important 3

MS13-079 Vulnerability in Active Directory Could Allow Denial of Service Important 2


Appendix


MSRT Changes

New malware families added

to the September 2013

MSRT

• Win32/Simda

• Simda is a family of password-

stealing trojans that may also allow

backdoor access and control to an

affected computer.

• Its main purpose is to steal

passwords and system information

from a user's machine.

Additional ToolsMicrosoft Safety Scanner

• Same basic engine as the MSRT, but

with a full set of A/V signatures

Windows Defender Offline

• An offline bootable A/V tool with a

full set of signatures

• Designed to remove rootkits and

other advanced malware that can't

always be detected by antimalware

programs

• Requires you to download an ISO file

and burn a CD, DVD, or USB flash

drive

36

Malicious

Software

Removal Tool

Updates (MSRT)


Public

Security

Bulletin

Links


Monthly Bulletin Links

• Microsoft Security Bulletin Summary for September 2013

http://technet.microsoft.com/en-us/security/bulletin/ms13-sep

• Security Bulletin Search

http://technet.microsoft.com/en-us/security/bulletin

• Security Advisories

http://technet.microsoft.com/en-us/security/advisory

• Microsoft Technical Security Notifications

http://technet.microsoft.com/en-us/security/dd252948.aspx

Blogs

• MSRC Blog

http://blogs.technet.com/msrc

• SRD Team Blog

http://blogs.technet.com/srd

• MMPC Team Blog

http://blogs.technet.com/mmpc

• MSRC Ecosystem Team Blog

http://blogs.technet.com/ecostrat

Supplemental Security Reference Articles

• Detailed Bulletin Information Spreadsheet

http://go.microsoft.com/fwlink/?LinkID=245778

• Security Tools for IT Pros

http://technet.microsoft.com/en-us/security/cc297183

• KB894199 Description of Software Update Services and Windows Server Update Services changes in

content

http://support.microsoft.com/kb/894199

• The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious

software


Links

Públicos

dos

Boletin de

Segurança

Português

LATAM

GBS Security Worldwide Programs

Links do Boletins em Português

• Microsoft Security Bulletin Summary for september

2013-Resumo

http://technet.microsoft.com/pt-

br/security/bulletin/ms13-sep

• Security Bulletin Search/Boletins de Segurança Busca

http://technet.microsoft.com/pt-br/security/bulletin

• Security Advisories/Comunicados de Segurança

http://technet.microsoft.com/pt-br/security/advisory

• Microsoft Technical Security Notifications - Notificações

http://technet.microsoft.com/pt-

br/security/dd252948.aspx

Blogs

Negócios de Risco

• http://blogs.technet.com/b/ris

co/

• MSRC Blog

http://blogs.technet.com/msrc

• SRD Team Blog

http://blogs.technet.com/srd

• MMPC Team Blog

http://blogs.technet.com/mmpc

• MSRC Ecosystem Team Blog

http://blogs.technet.com/ecostrat

Supplemental Security Reference Articles

• Detailed Bulletin Information Spreadsheet

http://go.microsoft.com/fwlink/?LinkID=245778

• Security Tools for IT Pros- Ferramentas de Segurança

http://technet.microsoft.com/pt-br/security/cc297183

• KB894199 Description of Software Update Services and Windows Server Update Services changes in

content


• The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious

software


September

2013 Non-

Security

Content

Description Classification Deployment

Update for Windows 7 (KB2853952) Update

(Recommended)Site, AU, SUS, Catalog





Update for Windows 8 (KB2876415) Update Site, SUS, Catalog

Update for Windows 7 (KB2574819) Update Site, SUS, Catalog

Update for Windows 7 (KB2868116) Critical Update Site, AU, SUS, Catalog



Windows Malicious Software Removal Tool for Windows 8 - September 2013

(KB890830) Update Rollup Site, AU, SUS, Catalog

Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and

Windows XP x86 (KB2836941)

Update


Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows

7, Server 2008 x86 (KB2836939)

Update


Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86

(KB2836943)

Update


Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2008 SP2

x86 (KB2836945)

Update


Update for Microsoft .NET Framework 3.5 on Windows 8 (KB2836946) Update



MBSA 2.3

Preview

Release


MBSA 2.3 Preview ReleaseMBSA 2.3 preview release adds support for

Windows 8, Windows 8.1, Windows Server 2012,

and Windows Server 2012 R2.

Tool Information

• Windows 2000 will no longer

be supported with this

release.

• The final release of MBSA 2.3

is expected to be available in

Fall 2013.

System Center Configuration Manager OpenBeta Program

The MBSA 2.3 preview release can be downloaded from the System Center Configuration

Manager OpenBeta Program “Connect” Page at:

• See: http://technet.microsoft.com/en-us/security/cc184924

Due to the remaining short product cycle, we will be unable to implement any design change requested

for this release. Please tag design change requests appropriately

Webcast

Português

Outubro

GBS Security Worldwide Programs41

Webcast Português (Externa)

• WEBCAST DE OUTUBRO- CLIENTES

10/OUTUBRO/2013

15:30 Hrs

Brasília

• Blog de Segurança:

http://blogs.technet.com/b/risco/

[email protected]

monthly security bulletin briefing - microsoft · 2017. 1. 30. · cve -2013 3180 cve-2013-1315...

Documents