Microsoft Security Bulletin Summary for June 2013

Number: AV13-022
Date: 11 June 2013

Purpose

The purpose of this advisory is to bring attention to the monthly Microsoft Security Bulletin Summary for June. The summary covers 5 bulletins (1 Critical and 4 Important), which address multiple vulnerabilities in some Microsoft products.

Assessment

Microsoft has released the following security bulletins:

MS13-047 - Cumulative Security Update for Internet Explorer (2838727)
Details:   The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user.
The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory.
Maximum Security Impact: Remote Code Execution
Aggregate Severity Rating:  Critical
Maximum Exploitability Index:  1 - Exploit code likely
Maximum Denial of Service Exploitability Index:  Not applicable
Affected Products:  Internet Explorer 6, 7, 8, 9 and 10
CVE References:  CVE-2013-3110, CVE-2013-3111, CVE-2013-3112, CVE-2013-3113, CVE-2013-3114, CVE-2013-3116, CVE-2013-3117, CVE-2013-3118, CVE-2013-3119, CVE-2013-3120, CVE-2013-3121, CVE-2013-3122, CVE-2013-3123, CVE-2013-3124, CVE-2013-3125, CVE-2013-3126, CVE-2013-3139, CVE-2013-3141, CVE-2013-3142
https://technet.microsoft.com/en-ca/security/bulletin/ms13-047

MS13-048 - Vulnerability in Windows Kernel Could Allow Information Disclosure (2839229)
Details:   The vulnerability could allow information disclosure if an attacker logs on to a system and runs a specially crafted application or convinces a local, logged-in user to run a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise an affected system.
The security update addresses the vulnerability by correcting the way that the Windows kernel handles certain page fault system calls.
Maximum Security Impact: Information Disclosure
Aggregate Severity Rating:  Important
Maximum Exploitability Index:  3 - Exploit code unlikely
Maximum Denial of Service Exploitability Index:  Permanent
Affected Products:  Windows XP Service Pack 3, Windows Server 2003 Service Pack 2, Windows Vista Service Pack 2, Windows Server 2008 for 32-bit Systems Service Pack 2, Windows 7 for 32-bit Systems Service Pack 1, Windows 8 for 32-bit Systems, Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
CVE References:  CVE-2013-3136
https://technet.microsoft.com/en-ca/security/bulletin/ms13-048

MS13-049 - Vulnerability in Kernel-Mode Driver Could Allow Denial of Service (2845690)
Details:   The vulnerability could allow denial of service if an attacker sends specially crafted packets to the server.
The security update addresses the vulnerability by correcting the way that the Windows TCP/IP driver handles specially crafted packets.
Maximum Security Impact: Denial of Service
Aggregate Severity Rating:  Important
Maximum Exploitability Index:  3 - Exploit code unlikely
Maximum Denial of Service Exploitability Index:  Permanent
Affected Products:  Windows Vista Service Pack 2, Windows Vista x64 Edition Service Pack 2, Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2, Windows Server 2008 for Itanium-based Systems Service Pack 2, Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for Itanium-based Systems Service Pack 1, Windows 8 for 32-bit Systems, Windows 8 for 64-bit Systems, Windows Server 2012, Windows RT, Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation), Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation), Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation), Windows Server 2012 (Server Core installation)
CVE References:  CVE-2013-3138
https://technet.microsoft.com/en-ca/security/bulletin/ms13-049

MS13-050 - Vulnerability in Windows Print Spooler Components Could Allow Elevation of Privilege (2839894)
Details:   The vulnerability could allow elevation of privilege when an authenticated attacker deletes a printer connection. An attacker must have valid logon credentials and be able to log on to exploit this vulnerability.
The security update addresses the vulnerability by correcting how the Windows Print Spooler allocates memory when a printer connection is deleted.
Maximum Security Impact: Elevation of Privilege
Aggregate Severity Rating:  Important
Maximum Exploitability Index:  1 - Exploit code likely
Maximum Denial of Service Exploitability Index:  Permanent
Affected Products:  Windows Vista Service Pack 2, Windows Vista x64 Edition Service Pack 2, Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2, Windows Server 2008 for Itanium-based Systems Service Pack 2, Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for Itanium-based Systems Service Pack 1, Windows 8 for 32-bit Systems, Windows 8 for 64-bit Systems, Windows Server 2012, Windows RT, Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation), Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation), Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation), Windows Server 2012 (Server Core installation),
CVE References:  CVE-2013-1339
https://technet.microsoft.com/en-ca/security/bulletin/ms13-050

MS13-051 - Vulnerability in Microsoft Office Could Allow Remote Code Execution (2839571)
Details:   The vulnerability could allow remote code execution if a user opens a specially crafted Office document using an affected version of Microsoft Office software, or previews or opens a specially crafted email message in Outlook while using Microsoft Word as the email reader. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The security update addresses the vulnerability by correcting the way that Microsoft Office parses specially crafted Office files.
Maximum Security Impact: Remote Code Execution
Aggregate Severity Rating:  Important
Maximum Exploitability Index:  1 - Exploit code likely
Maximum Denial of Service Exploitability Index:  Not applicable
Affected Products:  Microsoft Office 2003 Service Pack 3, Microsoft Office for Mac 2011
CVE References:  CVE-2013-1331
https://technet.microsoft.com/en-ca/security/bulletin/ms13-051

Suggested action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References:
https://technet.microsoft.com/en-ca/security/bulletin/ms13-jun

Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.
http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/_fl/CCIRCPublicPGPKey.txt

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: ps.communications-communications.sp@canada.ca

Date modified: