CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

Microsoft Patch Tuesday, July 2013 - CRITICAL

This is probably one of the most important Patch Tuesday's we have seen in quite some time. While it is not the biggest Patch Tuesday, either in bulletins or in CVE's, there are a very high number of critical issues this month that are present in very popular items. Of the six Critical remote Code Execution issues Microsoft thinks five of them will most likely be exploited. The fifth one MS13-057 may be exploited but Microsoft says it would be pretty difficult and with five other relatively easy ones why bother with the hard one? The severity of this months vulnerabilities and their ease of exploitation really makes it important for users to update this month. Especially those folks who tend to put things off or let updates pile up for several months in a row, this is not a month to let things slide to when you get around to it. While none of these have yet been seen in the wild it will not be long (days? hours?) before bad guys develop and deploy exploits for at least some of these vulnerabilities.

MS13-052 (KB2861561)

CRITICAL

Remote Code Execution in .NET

CVE-2013-3129CVE-2013-3131 CVE-2013-3132 CVE-2013-3133 CVE-2013-3134

CVE-2013-3171CVE-2013-3178

This bulletin has to fix quite a bit of stuff including how the .NET Framework handles multidimensional arrays of small structures, validates the permissions of objects performing reflection, allocates object arrays, and handles partial trust vulnerabilities among other things. So much stuff you may be offered multiple updates depending on what versions of stuff you have installed.

 

MS13-053 (KB2850851)

CRITICAL

Remote Code Execution in Kernel Mode Drivers

CVE-2013-1300CVE-2013-1340 CVE-2013-1345 CVE-2013-3129 CVE-2013-3167

CVE-2013-3172CVE-2013-3173 CVE-2013-3660

Most of those CVEs have to do with memory usage issues in Win32k.sys. Most result in non critical elevation of privilege but some like CVE-2013-3129 (see below) can result in remote code execution which gives the entire bulletin a critical rating.

 

MS13-054 (KB2848295)

CRITICAL

Remote Code Execution in GDI+

CVE-2013-3129

GDI+is the Graphics Device Interface for 2D vector graphics (yeah, I had to look it up to). Windows, Office, Visual Studio, and Lync often use it to render TrueType Fonts. Successful exploitation of this vulnerability could allow an attacker to could run arbitrary code in kernel mode, which would basically mean game over. A specially crafted web page, a specially crafted document file or a specially crafted application could all be used to take advantage of this issue.

You may notice that CVE 2013-3129 is listed in three different bulletins MS13-052,MS13-053 and MS13-054. True Type parsing vulnerabilities can be nasty and often impact multiple products like this one does. MS13-052 covers .NET and Silverlight, MS13-053 deals with the kernel mode drivers and MS13-054 take scare of the rest.

 

MS13-055 (KB2846071)

CRITICAL

Remote Code Execution in Internet Explorer

CVE-2013-3115CVE-2013-3143 CVE-2013-3144 CVE-2013-3145 CVE-2013-3146

CVE-2013-3147CVE-2013-3148 CVE-2013-3149 CVE-2013-3150 CVE-2013-3151

CVE-2013-3152CVE-2013-3153 CVE-2013-3161 CVE-2013-3162 CVE-2013-3163

CVE-2013-3164CVE-2013-3166

That's Seventeen CVEs in that list up there; of those sixteen of them are rated critical. If you only apply one patch it should definitely be this one. Of course if you if you only apply one of the seven patches this month you might want to make an appointment with your local psychotherapist. The most severe of these CVEs could allow remote code execution via a specially crafted webpage viewed in Internet Explorer. It doesn't matter which version, Internet Explorer 6,Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10 are all impacted. Most of these vulnerabilities are memory corruption issues and one is a cross-site-scripting issue.

 

MS13-056 (KB2845187)

CRITICAL

Remote Code Execution in Direct Show

CVE-2013-3174

Funny animated GIFs have become a popular way for users to spread internet memes. Unfortunately an issue in Direct Show could lead to Remote Code Execution the next time someone sends around a specially crafted cat GIF. What makes this even worse is the GIF file could be hosted on a website meaning the attacker only needs to convince a user to click on a link or to get their specially crafted graphic file onto a website they know the user will visit. This could be done by compromising the website or more likely by simply buying some advertising on the site. About the only god thing here is that Microsoft has not yet seen this one being used in the wild so if you apply the patch now you should be OK.

 

MS13-057 (KB2847883)

CRITICAL

Remote Code Execution in Windows Media

CVE-2013-3127

If you are running an Itanium based Windows Server, consider yourself lucky, this vulnerability is not rated Critical for you. For everyone else however a specially crafted media file could allow a bad guy to do nasty things on your system. Of course if you are not logged in as an Administrator you can greatly reduce the harm an attacker can do when they compromise your system with this or any other vulnerability so be sure to restrict your normal every day account and have a separate account that can be used for Administrative duties.

 

MS13-058 (KB2847927)

IMPORTANT

Elevation of Privilege in Windows Defender

CVE-2013-3154

I always consider it a little but ironic when security software itself has a security vulnerability. At least this month the issue isn't a critical one like all the other ones this Patch Tuesday. An issue with the path names used by Windows Defender, which is Microsoft's Anti-Spyware software, could allow an attacker who has valid login credentials to elevate his privilege level.

Latest SpiderLabs Blogs

CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway

Overview A command injection vulnerability has been discovered in the GlobalProtect feature within Palo Alto Networks PAN-OS software for specific versions that have distinct feature configurations...

Read More

CNAPP, CSPM, CIEM, CWPP – Oh My!

We all know the cybersecurity industry loves its acronyms, but just because this fact is widely known doesn’t mean everyone knows the story behind the alphabet soup groups of letters, we must deal...

Read More

Phishing Deception - Suspended Domains Reveal Malicious Payload for Latin American Region

Recently, we observed a phishing campaign targeting the Latin American region. The phishing email contained a ZIP file attachment that when extracted reveals an HTML file that leads to a malicious...

Read More