November 2013 - Microsoft Releases 8 Security Advisories
DESCRIPTION
Microsoft addresses the following vulnerabilities in its October batch of patches:
- (MS13-088) Cumulative Security Update for Internet Explorer (2888505)
Risk Rating: Critical
This security update resolves ten reported vulnerabilities in Internet Explorer. A successful exploit may permit an attacker to execute a malware once user views a malicious webpage via Internet Explorer. Read more here.
- (MS13-089) Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution (2876331)
Risk Rating: Critical
This security update addresses a vulnerability in Microsoft Windows, which can lead to remote execution of malware once users open a specially crafted Windows Write file in WordPad. Read more here.
- (MS13-090) Cumulative Security Update of ActiveX Kill Bits (2900986)
Risk Rating: Critical
This security update resolves a reported vulnerability which may lead to remote malware execution if user visits a maliciously-crafted website. Read more here.
- (MS13-091) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2885093)
Risk Rating: Important
This security update resolves three reported vulnerabilities in Microsoft Office, which may allow remote execution of malware if a user opens a maliciously-crafted WordPerfect file in an affected version of Microsoft Office. Read more here.
- (MS13-092) Vulnerability in Hyper-V Could Allow Elevation of Privilege (2893986)
Risk Rating: Important
This security update resolves a vulnerability in Microsoft Windows. It may lead to denial of service if the attacker passes a speciall-crafted function parameter in a hypercall from an existing running virtual machine to the hypervisor. Read more here.
- (MS13-093) Vulnerability in Windows Ancillary Function Driver Could Allow Information Disclosure (2875783)
Risk Rating: Important
This security update resolves a vulnerability in Microsoft Windows, which may allow information theft if an an attacker logs on to an affected system as a local user and runs a malware crafted to steal information. The attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. Read more here.
- (MS13-094) Vulnerability in Microsoft Outlook Could Allow Information Disclosure (2894514)
Risk Rating: Important
This security update resolves a vulnerability in Microsoft Outlook. It may result in information theft if a user opens or previews a malicious email using an affected version of Outlook. Read more here.
- (MS13-095) Vulnerability in Digital Signatures Could Allow Denial of Service (2868626)
Risk Rating: Important
This security update resolves a vulnerability in Microsoft Windows that could result in denial of service when an affected web service processes a malicious certificate. Read more here.
TREND MICRO PROTECTION INFORMATION
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.
| MS Bulletin ID | Vulnerability ID | DPI Rule Number | DPI Rule Name | Release Date | IDF Compatibility |
| MS13-088 | CVE-2013-3871 | 1005705 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3871) | 12-Nov-13 | YES |
| MS13-088 | CVE-2013-3908 | 1005784 | Internet Explorer Information Disclosure Vulnerability (CVE-2013-3908) | 12-Nov-13 | YES |
| MS13-088 | CVE-2013-3910 | 1005778 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3910) | 12-Nov-13 | YES |
| MS13-088 | CVE-2013-3911 | 1005781 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3911) | 12-Nov-13 | YES |
| MS13-088 | CVE-2013-3912 | 1005782 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3912) | 12-Nov-13 | YES |
| MS13-088 | CVE-2013-3914 | 1005774 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3914) | 12-Nov-13 | YES |
| MS13-088 | CVE-2013-3915 | 1005775 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3915) | 12-Nov-13 | YES |
| MS13-088 | CVE-2013-3916 | 1005777 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3916) | 12-Nov-13 | YES |
| MS13-088 | CVE-2013-3917 | 1005773 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3917) | 12-Nov-13 | YES |
| MS13-089 | CVE-2013-3940 | 1005783 | Microsoft Windows Graphics Device Interface Integer Overflow Vulnerability (CVE-2013-3940) | 12-Nov-13 | YES |
| MS13-090 | CVE-2013-3918 | 1005779 | Microsoft Internet Explorer ActiveX Control Code Execution Vulnerability (CVE-2013-3918) | 12-Nov-13 | YES |
| MS13-090 | CVE-2013-3918 | 1005785 | Restrict Information Card Signin Helper ActiveX Control | 12-Nov-13 | YES |
| MS13-091 | CVE-2013-1324 | 1005780 | Microsoft Word WordPerfect Document Stack Buffer Overwrite Vulnerability | 12-Nov-13 | YES |
| MS13-091 | CVE-2013-1325 | 1005780 | Microsoft Word WordPerfect Document Stack Buffer Overwrite Vulnerability | 12-Nov-13 | YES |
Featured Stories
The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more