Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers – is the security community’s go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Microsoft Patch Tuesday, June 2013

Finally, patch Tuesday has arrived and fortunately this one will be a real treat. This release should be a breeze with only five (5) bulletins, which only one of these being critical. Some of these bulletins might not affect you if you are running a Windows 64-bit system (such as MS13-048) or running an unaffected version of Microsoft Office (MS13-051). So I'm expecting the update process will go fairly quickly, so no need to wait to perform these security updates before bed time or during lunch. But of-course there is no guarantees. However, I would 'Just do it' as the Nike slogan says. But, there is always the exception if your running a critical application on a Windows Server where you need to schedule a time-window to get security updates installed, but this shouldn't be a big deal. Without further ado, let's jump into these bulletins.

Win7_update

MS13-047 (KB2838727)

CRITICAL

Remote Code Execution in Internet Explorer

CVE-2013-3110, CVE-2013-3111, CVE-2013-3112, CVE-2013-3113, CVE-2013-3114, CVE-2013-3116, CVE-2013-3117, CVE-2013-3118, CVE-2013-3119, CVE-2013-3120, CVE-2013-3121, CVE-2013-3122, CVE-2013-3123, CVE-2013-3124, CVE-2013-3125, CVE-2013-3139, CVE-2013-3141, CVE-2013-3142

It is rare of having only one bulletin in an entire release that contains more than one CVE. However, it is also unusual for one bulletin having at least eighteen of them. Similar to last month, Internet Explorer is plagued with more critical vulnerabilities, which appear to be caused from memory corruption issues. Many of the CVEs appear to suffer from use-after-free vulnerabilities, which could allow arbitrary code to be executed and/or cause denial of service conditions. However, there are many CVEs in here that can result in remote code execution, which is definitely something to worry about especially when it affects a browser. Traditionally, we've seen exploit kits, such as the Blackhole Exploit Kit to implement exploits that target IE vulnerabilities. Fortunately, none of these appear to be added quite yet.

MS13-048 (KB2839229)

IMPORTANT

Windows Kernel Information Disclosure Vulnerability

CVE-2013-3136

This bulletin patches one (1) CVE for an information disclosure in a Windows kernel. In order for the attacker to exploit this vulnerability, this individual would need sufficient access to execute a malicious application, or this individual might use various social engineering techniques to trick a privileged user to execute a malicious program. Its a no-brainer that if the attacker succeeds in this attempt, you have bigger problems then disclosing information about the system, such as gaining additional privileges or injecting a shell. Fortunately, this vulnerability will not result in escalation of privileges or remote code execution conditions. Additionally, this vulnerability only exists in x86 Windows systems up to Windows 7.


MS13-049 (KB2845690)

IMPORTANT

TCP/IP Integer Overflow Vulnerability

CVE-2013-3138

Similar to the last vulnerability, this also just contains one (1) CVE. This vulnerability is based on how the Windows TCP/IP driver handles certain specially crafted packets. If this vulnerability is left unpatched, an attacker could potentially send specially crafted packets to a server in order to cause denial of service conditions. Since it requires these malicious crafted packets to be transmitted over a network, technologies, such as Intrusion Detection System (IDS) with proper signatures will be able to detect this vulnerability. Additionally, this vulnerability does not affect certain older versions of the Windows operating system, such as Windows XP SP3 and Windows Server 2003 SP2.


MS13-050 (KB2839894)

IMPORTANT

Print Spooler Vulnerability

CVE-2013-1339

This appears to be a use-after-free vulnerability based on a memory corruption flaw for how Window deletes printer spooler connections. The attacker would need to be authenticated to the system in order to exploit this vulnerability. However, this vulnerability could be potentially useful for gaining escalated privileges to the system. Someone developing an exploit for this vulnerability is very likely since it wouldn't be terribly difficult. However, this one doesn't result in remote code execution so there are bigger fish to fry.


MS13-051 (KB2839571)

IMPORTANT

Office Buffer Overflow Vulnerability

CVE-2013-1331

Microsoft Office 2003 SP3 and/or Microsoft for Mac 2011 users should pay particularly close attention to this vulnerability since an attacker could specially craft an office document that could potentially allow remote code execution conditions. This includes a user viewing a specially crafted email message in Outlook. This vulnerability could especially be risky for those users who always login under an administrator privilege account since this exploit could be used for escalated privileges.

On that note, its best to use the Least-Privileged User Account (LUA) approach to alleviate some of these risks. Additionally, if you're a Mac Office user, don't forget to update too. When the security updates come available, Mac users can update Office by selecting "Software Update..." in the operating system. As always, Windows users can download these updates from the Microsoft Download Center or simply ensure that the automatic security update feature is enabled.

That's all folks. Thanks again for listening. Hopefully, you've enjoyed this one and you will look forward to another exciting patch Tuesday release for next month.

Recent SpiderLabs Blog Posts