September 2013 - Microsoft Releases 14 Security Advisories
Description
Microsoft addresses the following vulnerabilities in its September batch of patches:
- (MS13-067) Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052)
Risk Rating: Critical
This security update addresses ten vulnerabilities in Microsoft Office Serve, which may allow execution of malware once attacker sends a maliciously crafted content to the affected system. Read more here.
- (MS13-068) Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2756473)
Risk Rating: Critical
This security update addresses a vulnerability in MS Outlook that may lead to malware execution once user previews a malicious email message using specific MS Outlook versions. It can also lead to attackers gaining same user rights as current user. Read more here.
- (MS13-069) Cumulative Security Update for Internet Explorer (2870699)
Risk Rating: Critical
This security update addresses ten vulnerabilities in Internet Explorer, the most severe of which may lead to malware execution once user access specific webpages. Read more here.
- (MS13-070) Vulnerability in OLE Could Allow Remote Code Execution (2876217)
Risk Rating: Critical
This security update addresses a vulnerability in MS Windows, which may lead to malware execution once user opens a file containing malicious OLE object. An attacker can also gain same user rights as currently loggedin user.Read more here.
- (MS13-071) Vulnerability in Windows Theme File Could Allow Remote Code Execution (2864063)
Risk Rating: Important
This security update addresses a vulnerability in MS Windows, which may lead to malware execution once attacker convinces user to apply a malicious Windows theme on vulnerable system. Read more here.
- (MS13-072) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537)
Risk Rating: Important
This security update addresses 13 vulnerabilities in Microsoft Office, which can lead to malware execution once users open a malicious file in a vulnerable system. Read more here.
- (MS13-073) Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2858300)
Risk Rating: Important
This security update addresses three vulnerabilities in MS Office, which may lead to malware execution once user opens a malicious Office file using affected Excel versions or other MS Office software. Read more here.
- (MS13-074) Vulnerabilities in Microsoft Access Could Allow Remote Code Execution (2848637)
Risk Rating: Important
This security update addresses three vulnerabilities in MS Office that may lead to malware execution once a user opens a malciious Access file using an affected MS Access version . Read more here.
- (MS13-075) Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2878687)
Risk Rating: Important
This security update addresses a reported vulnerability in MS Office IME (Chinese), which may lead to elevation of privileges once attacker is logged in and launches Internet Explorer from the toolbar in Microsoft Pinyin IME for Simplified Chinese. Read more here.
- (MS13-076) Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2876315)
Risk Rating: Important
This security update addresses seven vulnerabilities in MS Windows, which may lead to elevation of privilege if a malicious actor logs in the system and runs a malicious application. Read more here.
- (MS13-077) Vulnerability in Windows Service Control Manager Could Allow Elevation of Privilege (2872339)
Risk Rating: Important
This security update resolves a vulnerability in MS Windows that can lead to elevation of privilege if an attacker persuades a user to execute a malicious application. Read more here.
- (MS13-078) Vulnerability in FrontPage Could Allow Information Disclosure (2825621)
Risk Rating: Important
This security update addresses a vulnerability in MS FrontPage, which may lead to unwanted data disclosure once user open a malicious FrontPAge document. Read more here.
- (MS13-079) Vulnerability in Active Directory Could Allow Denial of Service (2853587)
Risk Rating: Important
This security update addresses a vulnerability in Active Directory that may result to denial of service if an attacker executes a malicious query to Lightweight Directory Access Protocol (LDAP) service. Read more here.
Information Exposure Rating:
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.
MS Bulletin ID | Vulnerability ID | DPI Rule Number | DPI Rule Name | Release Date | IDF Compatibility |
MS13-067 | CVE-2013-0081 | 1003835 | Web Server - Microsoft IIS Server Security | 10-Sep-13 | NO |
MS13-067 | CVE-2013-3180 | 1000552 | Generic Cross Site Scripting(XSS) Prevention | 10-Sep-13 | NO |
MS13-069 | CVE-2013-3202 | 1005675 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3202) | 13-Sep-13 | YES |
MS13-069 | CVE-2013-3203 | 1005678 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3203) | 10-Sep-13 | YES |
MS13-069 | CVE-2013-3204 | 1005681 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3204) | 10-Sep-13 | YES |
MS13-069 | CVE-2013-3205 | 1005672 | Internet Explorer Memory Corruption Vulnerability (CVE-2013-3205) | 10-Sep-13 | YES |
MS13-069 | CVE-2013-3206 | 1005673 | Internet Explorer Memory Corruption Vulnerability (CVE-2013-3206) | 10-Sep-13 | YES |
MS13-069 | CVE-2013-3207 | 1005679 | Internet Explorer Memory Corruption Vulnerability (CVE-2013-3207) | 10-Sep-13 | YES |
MS13-069 | CVE-2013-3208 | 1005682 | Internet Explorer Memory Corruption Vulnerability (CVE-2013-3208) | 10-Sep-13 | YES |
MS13-069 | CVE-2013-3209 | 1005683 | Internet Explorer Memory Corruption Vulnerability (CVE-2013-3209) | 10-Sep-13 | YES |
MS13-069 | CVE-2013-3845 | 1005674 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3845) | 10-Sep-13 | YES |
MS13-071 | CVE-2013-0810 | 1005677 | Windows Theme File Remote Code Execution Vulnerability (CVE-2013-0810) | 10-Sep-13 | YES |
MS13-078 | CVE-2013-3137 | 1005676 | Identified Download Of XML File With External Entity Reference | 10-Sep-13 | YES |