Today we released thirteen security bulletins addressing 47 CVE’s. Four bulletins have a maximum severity rating of Critical while the other ten have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
Bulletin | Most likely attack vector | Max Bulletin Severity | Max Exploit-ability | Likely first 30 days impact | Platform mitigations and key notes |
MS13-069
(Internet Explorer) |
Victim browses to a malicious webpage. | Critical | 1 | Likely to see reliable exploits developed within next 30 days. | |
MS13-068
(Outlook) |
Victim views or previews email having a large number of embedded S/MIME certificates. | Critical | 2 | Unlikely to see reliable exploit code within 30 days. | We’ve written a blog post describing the difficulty attackers would have in exploiting this for code execution: http://blogs.technet.com/b/srd/archive/2013/09/10/ms13-068-a-difficult-to-exploit-double-free-in-outlook.aspx |
MS13-067
(SharePoint) |
Attacker engaged in a session with victim SharePoint server tampers with the viewstate value used to maintain state, potentially resulting in code execution server-side. | Critical | 1 | Likely to see reliable exploits developed within next 30 days. | By default, SharePoint requires users (including attackers) to authenticate. This is not a pre-authentication vulnerability unless the SharePoint server is configured to not require authentication. |
MS13-070
(OLE32) |
Victim opens malicious Visio file. | Critical | 1 | Likely to see reliable exploits developed within next 30 days. | Most likely to be exploited via Visio attack vector. But vulnerability is also reachable via shell (Explorer) preview functionality. |
MS13-072
(Word) |
Victim opens malicious Word document. | Important | 1 | Likely to see reliable exploits developed within next 30 days. | Office 2013 not affected. |
MS13-073
(Excel) |
Victim opens malicious Excel spreadsheet. | Important | 1 | Likely to see reliable exploits developed within next 30 days. | |
MS13-074
(Access) |
Attacker lures victim to double-clicking a malicious Access database (.accdb) | Important | 1 | Likely to see reliable exploits developed within next 30 days. | |
MS13-076
(win32k.sys) |
Attacker who is already running code on a machine uses this vulnerability to elevate from low-privileged account to SYSTEM. | Important | 1 | Likely to see reliable exploits developed within next 30 days. | |
MS13-079
(Active Directory) |
Attacker sends malicious LDAP request to a domain controller, resulting in a denial of service condition. | Important | n/a | Denial of service only. | |
MS13-071
(Windows Theme) |
Attacker lures victim to double-clicking a malicious .theme file. | Important | 1 | Likely to see reliable exploits developed within next 30 days. | Does not affect Windows 7 or later platforms. |
MS13-075
(IME) |
Attacker who is already running code on a machine uses this vulnerability to elevate from low-privileged account to SYSTEM. | Important | 1 | Likely to see reliable exploits developed within next 30 days. | |
MS13-077
(Windows Service Control Manager) |
Attacker able to modify the registry on a system uses this vulnerability to elevate from low-privileged account to SYSTEM. | Important | 2 | Less likely to see reliable exploits developed within next 30 days. | |
MS13-078
(FrontPage) |
Victim opens malicious XML document in FrontPage, leads to information disclosure. | Important | n/a | Information Disclosure only |
– Jonathan Ness, MSRC Engineering