September 2013 - Microsoft Releases 14 Security Advisories

Microsoft addresses the following vulnerabilities in its September batch of patches:

• (MS13-067) Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052)
  Risk Rating: Critical
  
  

  This security update addresses ten vulnerabilities in Microsoft Office Serve, which may allow execution of malware once attacker sends a maliciously crafted content to the affected system. Read more here.

• (MS13-068) Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2756473)
  Risk Rating: Critical
  
  

  This security update addresses a vulnerability in MS Outlook that may lead to malware execution once user previews a malicious email message using specific MS Outlook versions. It can also lead to attackers gaining same user rights as current user. Read more here.

• (MS13-069) Cumulative Security Update for Internet Explorer (2870699)
  Risk Rating: Critical
  
  

  This security update addresses ten vulnerabilities in Internet Explorer, the most severe of which may lead to malware execution once user access specific webpages. Read more here.

• (MS13-070) Vulnerability in OLE Could Allow Remote Code Execution (2876217)
  Risk Rating: Critical
  
  

  This security update addresses a vulnerability in MS Windows, which may lead to malware execution once user opens a file containing malicious OLE object. An attacker can also gain same user rights as currently loggedin user.Read more here.

• (MS13-071) Vulnerability in Windows Theme File Could Allow Remote Code Execution (2864063)
  Risk Rating: Important
  
  

  This security update addresses a vulnerability in MS Windows, which may lead to malware execution once attacker convinces user to apply a malicious Windows theme on vulnerable system. Read more here.

• (MS13-072) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537)
  Risk Rating: Important
  
  

  This security update addresses 13 vulnerabilities in Microsoft Office, which can lead to malware execution once users open a malicious file in a vulnerable system. Read more here.

• (MS13-073) Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2858300)
  Risk Rating: Important
  
  

  This security update addresses three vulnerabilities in MS Office, which may lead to malware execution once user opens a malicious Office file using affected Excel versions or other MS Office software. Read more here.

• (MS13-074) Vulnerabilities in Microsoft Access Could Allow Remote Code Execution (2848637)
  Risk Rating: Important
  
  

  This security update addresses three vulnerabilities in MS Office that may lead to malware execution once a user opens a malciious Access file using an affected MS Access version . Read more here.

• (MS13-075) Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2878687)
  Risk Rating: Important
  
  

  This security update addresses a reported vulnerability in MS Office IME (Chinese), which may lead to elevation of privileges once attacker is logged in and launches Internet Explorer from the toolbar in Microsoft Pinyin IME for Simplified Chinese. Read more here.

• (MS13-076) Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2876315)
  Risk Rating: Important
  
  

  This security update addresses seven vulnerabilities in MS Windows, which may lead to elevation of privilege if a malicious actor logs in the system and runs a malicious application. Read more here.

• (MS13-077) Vulnerability in Windows Service Control Manager Could Allow Elevation of Privilege (2872339)
  Risk Rating: Important
  
  

  This security update resolves a vulnerability in MS Windows that can lead to elevation of privilege if an attacker persuades a user to execute a malicious application. Read more here.

• (MS13-078) Vulnerability in FrontPage Could Allow Information Disclosure (2825621)
  Risk Rating: Important
  
  

  This security update addresses a vulnerability in MS FrontPage, which may lead to unwanted data disclosure once user open a malicious FrontPAge document. Read more here.

• (MS13-079) Vulnerability in Active Directory Could Allow Denial of Service (2853587)
  Risk Rating: Important
  
  

  This security update addresses a vulnerability in Active Directory that may result to denial of service if an attacker executes a malicious query to Lightweight Directory Access Protocol (LDAP) service. Read more here.