Today we released seven security bulletins addressing 34 CVE’s. Six bulletins have a maximum severity rating of Critical, and one has a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
Bulletin | Most likely attack vector | Max Bulletin Severity | Max Exploit-ability rating | Likely first 30 days impact | Platform mitigations and key notes |
MS13-055
(Internet Explorer) |
Victim browses to a malicious webpage. | Critical | 1 | Likely to see reliable exploits developed within next 30 days. | 17 CVE’s being addressed. |
MS13-053
(win32k.sys and TTF font parsing) |
Most likely to be exploited attack vector requires attacker to already be running code on a machine and then uses this vulnerability to elevate from low-privileged account to SYSTEM.
Additional attack vector involves victim browsing to a malicious webpage that serves up TTF font file resulting in code execution as SYSTEM. |
Critical | 1 | Public proof-of-concept exploit code currently exists for CVE-2013-3660. | Public EPATHOBJ issue (CVE-2013-3660) addressed by this update.
Kernel-mode portion of TTF font parsing issue (CVE-2013-3129) addressed by this update. |
MS13-052
(.NET Framework and Silverlight) |
Victim browses to a malicious Silverlight application hosted on a website. | Critical | 1 | Likely to see reliable exploits developed within next 30 days. | .NET Framework and Silverlight exposure to TTF font parsing issue (CVE-2013-3129) addressed by this update. |
MS13-054
(GDI+) |
Victim opens a malicious TTF file using an application that leverages GDI+ for font parsing. | Critical | 1 | Likely to see reliable exploits developed within next 30 days. | User-mode (gdiplus.dll) exposure to TTF font parsing issue (CVE-2013-3129) addressed by this update. |
MS13-056
(DirectShow) |
Victim opens malicious .GIF file using a 3rd-party application that leverages the DirectShow library. | Critical | 1 | Likely to see reliable exploits developed within next 30 days. | No Microsoft end-user applications are known to be vulnerable to the single CVE being addressed by this update. |
MS13-057
(Windows Media) |
Victim browses to a malicious webpage or opens a malicious Windows Media file. | Critical | 2 | Difficult to build a reliable exploit for this issue. Less likely to see an exploit developed within next 30 days. | One CVE being addressed. |
MS13-058
(Windows Defender) |
Attacker having write access to the root of the system drive (C:\) places malicious file that is run as LocalSystem by Windows Defender during its signature update process. | Important | 1 | Likely to see reliable exploits developed within next 30 days.
Unlikely to see wide-spread infection as low privileged users do not have permission to write to root of system drive by default. |
To exploit the vulnerability addressed by this update, attacker must have permission to create a new file at the root of the system drive. (C:\malicious.exe) |
– Jonathan Ness, MSRC Engineering