Microsoft Security Bulletin Summary for July 2013

Number: AV13-025
Date: 9 July 2013

Purpose

The purpose of this advisory is to bring attention to the monthly Microsoft Security Bulletin Summary for July. The summary covers 7 bulletins (6 Critical and 1 Important), which address multiple vulnerabilities in some Microsoft products.

Assessment

Microsoft has released the following security bulletins:

MS13-052 - Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution (2861561)
Details: The most severe of these vulnerabilities could allow remote code execution if a trusted application uses a particular pattern of code. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The security update resolves five privately reported vulnerabilities and two publicly disclosed vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight.
Maximum Security Impact: Remote Code Execution
Aggregate Severity Rating: Critical
Maximum Exploitability Index: 1 - Exploit code likely
Maximum Denial of Service Exploitability Index: Permanent
Affected Products: Microsoft Windows, Microsoft .NET Framework, Microsoft Silverlight
CVE References: CVE-2013-3129, CVE-2013-3131, CVE-2013-3132, CVE-2013-3133, CVE-2013-3134, CVE-2013-3171, CVE-2013-3178
https://technet.microsoft.com/en-ca/security/bulletin/ms13-052

MS13-053 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851)
Details: The most severe vulnerability could allow remote code execution if a user views shared content that embeds TrueType font files. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
The security update resolves two publicly disclosed and six privately reported vulnerabilities in Microsoft Windows.
Maximum Security Impact: Remote Code Execution
Aggregate Severity Rating: Critical
Maximum Exploitability Index: 1 - Exploit code likely
Maximum Denial of Service Exploitability Index: Permanent
Affected Products: Microsoft Windows
CVE References: CVE-2013-1300, CVE-2013-1340, CVE-2013-1345, CVE-2013-3129, CVE-2013-3167, CVE-2013-3173, CVE-2013-3660
https://technet.microsoft.com/en-ca/security/bulletin/ms13-053

MS13-054 - Vulnerability in GDI+ Could Allow Remote Code Execution (2848295)
Details: The vulnerability could allow remote code execution if a user views shared content that embeds TrueType font files.
The security update resolves a privately reported vulnerability in Microsoft Windows, Microsoft Office, Microsoft Lync, and Microsoft Visual Studio.
Maximum Security Impact: Remote Code Execution
Aggregate Severity Rating: Critical
Maximum Exploitability Index: 1 - Exploit code likely
Maximum Denial of Service Exploitability Index: Permanent
Affected Products: Microsoft Windows, Microsoft Office, Microsoft Visual Studio, Microsoft Lync
CVE References: CVE-2013-3129
https://technet.microsoft.com/en-ca/security/bulletin/ms13-054

MS13-055 - Cumulative Security Update for Internet Explorer (2846071)
Details: The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The security update resolves seventeen privately reported vulnerabilities in Internet Explorer.
Maximum Security Impact: Remote Code Execution
Aggregate Severity Rating: Critical
Maximum Exploitability Index: 1 - Exploit code likely
Maximum Denial of Service Exploitability Index: Not applicable
Affected Products: Microsoft Windows, Internet Explorer
CVE References: CVE-2013-3115, CVE-2013-3143, CVE-2013-3144, CVE-2013-3145, CVE-2013-3146, CVE-2013-3147, CVE-2013-3148, CVE-2013-3149, CVE-2013-3150, CVE-2013-3151, CVE-2013-3152, CVE-2013-3153, CVE-2013-3161, CVE-2013-3162, CVE-2013-3163, CVE-2013-3164, CVE-2013-3166
https://technet.microsoft.com/en-ca/security/bulletin/ms13-055

MS13-056 - Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2845187)
Details: The vulnerability could allow remote code execution if a user opens a specially crafted image file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The security update resolves a privately reported vulnerability in Microsoft Windows.
Maximum Security Impact: Remote Code Execution
Aggregate Severity Rating: Critical
Maximum Exploitability Index: 1 - Exploit code likely
Maximum Denial of Service Exploitability Index: Temporary
Affected Products: Microsoft Windows
CVE References: CVE-2013-3174
https://technet.microsoft.com/en-ca/security/bulletin/ms13-056

MS13-057 - Vulnerability in Windows Media Format Runtime Could Allow Remote Code Execution (2847883)
Details: The vulnerability could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The security update resolves a privately reported vulnerability in Microsoft Windows.
Maximum Security Impact: Remote Code Execution
Aggregate Severity Rating: Critical
Maximum Exploitability Index: 2 - Exploit code would be difficult to build
Maximum Denial of Service Exploitability Index: Temporary
Affected Products: Microsoft Windows
CVE References: CVE-2013-3127
https://technet.microsoft.com/en-ca/security/bulletin/ms13-057

MS13-058 - Vulnerability in Windows Defender Could Allow Elevation of Privilege (2847927)
Details: The vulnerability could allow elevation of privilege due to the pathnames used by Windows Defender. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.
The security update resolves a privately reported vulnerability in Windows Defender for Windows 7 and Windows Defender when installed on Windows Server 2008 R2.
Maximum Security Impact: Elevation of Privilege
Aggregate Severity Rating: Important
Maximum Exploitability Index: 1 - Exploit code likely
Maximum Denial of Service Exploitability Index: Not applicable
Affected Products: Microsoft Security Software
CVE References: CVE-2013-3154
https://technet.microsoft.com/en-ca/security/bulletin/ms13-058

Suggested action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References:

Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.
http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/_fl/CCIRCPublicPGPKey.txt

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: ps.communications-communications.sp@canada.ca

Date modified: