Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 25 vulnerabilities that were fixed in 8 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 8 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
Microsoft Internet Explorer is affected by following vulnerabilities. Multiple memory corruption vulnerabilities that exists in the way that Internet Explorer improperly handles objects in memory. An attacker could host a specially crafted website designed to exploit these vulnerabilities through Internet Explorer and then convince a user to view the website.
This security update is rated Critical for Internet Explorer 6, 7, 8, 9 and 10 on Windows clients and Moderate for Internet Explorer 6, 7, 8, 9 and 10 on Windows servers
Please refer to MS13-080 for details.
Workaround:
1. Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
2. Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-080 Windows 7 for 32-bit Systems Service Pack 1(Internet Explorer 10)
MS13-080 Windows 7 for 32-bit Systems Service Pack 1(Internet Explorer 8)
MS13-080 Windows 7 for 32-bit Systems Service Pack 1(Internet Explorer 9)
MS13-080 Windows 7 for x64-based Systems Service Pack 1(Internet Explorer 10)
MS13-080 Windows 7 for x64-based Systems Service Pack 1(Internet Explorer 8)
MS13-080 Windows 7 for x64-based Systems Service Pack 1(Internet Explorer 9)
MS13-080 Windows 8 for 32-bit Systems(Internet Explorer 10)
MS13-080 Windows 8 for 64-bit Systems(Internet Explorer 10)
MS13-080 Windows Server 2003 Service Pack 2(Internet Explorer 6)
MS13-080 Windows Server 2003 Service Pack 2(Internet Explorer 7)
MS13-080 Windows Server 2003 Service Pack 2(Internet Explorer 8)
MS13-080 Windows Server 2003 with SP2 for Itanium-based Systems(Internet Explorer 6)
MS13-080 Windows Server 2003 with SP2 for Itanium-based Systems(Internet Explorer 7)
MS13-080 Windows Server 2003 x64 Edition Service Pack 2(Internet Explorer 6)
MS13-080 Windows Server 2003 x64 Edition Service Pack 2(Internet Explorer 7)
MS13-080 Windows Server 2003 x64 Edition Service Pack 2(Internet Explorer 8)
MS13-080 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(Internet Explorer 8)
MS13-080 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Internet Explorer 10)
MS13-080 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Internet Explorer 8)
MS13-080 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Internet Explorer 9)
MS13-080 Windows Server 2008 for 32-bit Systems Service Pack 2(Internet Explorer 7)
MS13-080 Windows Server 2008 for 32-bit Systems Service Pack 2(Internet Explorer 8)
MS13-080 Windows Server 2008 for 32-bit Systems Service Pack 2(Internet Explorer 9)
MS13-080 Windows Server 2008 for Itanium-based Systems Service Pack 2(Internet Explorer 7)
MS13-080 Windows Server 2008 for x64-based Systems Service Pack 2(Internet Explorer 7)
MS13-080 Windows Server 2008 for x64-based Systems Service Pack 2(Internet Explorer 8)
MS13-080 Windows Server 2008 for x64-based Systems Service Pack 2(Internet Explorer 9)
MS13-080 Windows Server 2012(Internet Explorer 10)
MS13-080 Windows Vista Service Pack 2(Internet Explorer 7)
MS13-080 Windows Vista Service Pack 2(Internet Explorer 8)
MS13-080 Windows Vista Service Pack 2(Internet Explorer 9)
MS13-080 Windows Vista x64 Edition Service Pack 2(Internet Explorer 7)
MS13-080 Windows Vista x64 Edition Service Pack 2(Internet Explorer 8)
MS13-080 Windows Vista x64 Edition Service Pack 2(Internet Explorer 9)
MS13-080 Windows XP Professional x64 Edition Service Pack 2(Internet Explorer 6)
MS13-080 Windows XP Professional x64 Edition Service Pack 2(Internet Explorer 7)
MS13-080 Windows XP Professional x64 Edition Service Pack 2(Internet Explorer 8)
MS13-080 Windows XP Service Pack 3(Internet Explorer 6)
MS13-080 Windows XP Service Pack 3(Internet Explorer 7)
MS13-080 Windows XP Service Pack 3(Internet Explorer 8)
Microsoft Word does not properly handle objects in memory while parsing specially crafted Office files, allowing remote attackers to execute arbitrary code on the targeted system.
Affected Software:
Microsoft Office 2003 Service Pack 3
Microsoft Office 2007 Service Pack 3
Microsoft Office Compatibility Pack Service Pack 3
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-086 Microsoft Office 2003 Service Pack 3(Microsoft Word 2003 Service Pack 3)
MS13-086 Microsoft Office 2007 Service Pack 3(Microsoft Word 2007 Service Pack 3)
MS13-086 Microsoft Office Compatibility Pack Service Pack 3
The kernel is prone to the following vulnerabilities:
- A remote code execution vulnerability exists in the way that Windows parses specially crafted OpenType fonts (OTF). (CVE-2013-3128)
- An elevation of privilege vulnerability exists when Windows USB drivers improperly handle objects in memory. (CVE-2013-3200)
- An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory.(CVE-2013-3879)
- An elevation of privilege vulnerability exists in the Windows App Container. (CVE-2013-3880)
- An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory. (CVE-2013-3881)
- An elevation of privilege vulnerability exists when the Microsoft DirectX graphics kernel subsystem (dxgkrnl.sys) improperly handles objects in memory.(CVE-2013-3888)
- A remote code execution vulnerability exists in the way that Windows parses specially crafted TrueType fonts (TTF).(CVE-2013-3894)
Microsoft has released a security update that addresses the vulnerabilities by correcting the way the Windows kernel-mode drivers handle objects in memory.
This security update is rated Critical for all supported releases of Microsoft Windows except Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1.
Successful exploitation of these vulnerabilities could allow a local attacker to execute arbitrary code with elevated privileges.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-081 Windows 7 for 32-bit Systems Service Pack 1
MS13-081 Windows 7 for 32-bit Systems Service Pack 1
MS13-081 Windows 7 for 32-bit Systems Service Pack 1
MS13-081 Windows 7 for 32-bit Systems Service Pack 1
MS13-081 Windows 7 for 32-bit Systems Service Pack 1
MS13-081 Windows 7 for 32-bit Systems Service Pack 1
MS13-081 Windows 7 for 32-bit Systems Service Pack 1
MS13-081 Windows 7 for 32-bit Systems Service Pack 1
MS13-081 Windows 7 for 32-bit Systems Service Pack 1
MS13-081 Windows 7 for x64-based Systems Service Pack 1
MS13-081 Windows 7 for x64-based Systems Service Pack 1
MS13-081 Windows 7 for x64-based Systems Service Pack 1
MS13-081 Windows 7 for x64-based Systems Service Pack 1
MS13-081 Windows 7 for x64-based Systems Service Pack 1
MS13-081 Windows 7 for x64-based Systems Service Pack 1
MS13-081 Windows 7 for x64-based Systems Service Pack 1
MS13-081 Windows 7 for x64-based Systems Service Pack 1
MS13-081 Windows 7 for x64-based Systems Service Pack 1
MS13-081 Windows 8 for 32-bit Systems
MS13-081 Windows 8 for 32-bit Systems
MS13-081 Windows 8 for 32-bit Systems
MS13-081 Windows 8 for 32-bit Systems
MS13-081 Windows 8 for 32-bit Systems
MS13-081 Windows 8 for 32-bit Systems
MS13-081 Windows 8 for 32-bit Systems
MS13-081 Windows 8 for 32-bit Systems
MS13-081 Windows 8 for 64-bit Systems
MS13-081 Windows 8 for 64-bit Systems
MS13-081 Windows 8 for 64-bit Systems
MS13-081 Windows 8 for 64-bit Systems
MS13-081 Windows 8 for 64-bit Systems
MS13-081 Windows 8 for 64-bit Systems
MS13-081 Windows 8 for 64-bit Systems
MS13-081 Windows 8 for 64-bit Systems
MS13-081 Windows Server 2003 Service Pack 2
MS13-081 Windows Server 2003 Service Pack 2
MS13-081 Windows Server 2003 Service Pack 2
MS13-081 Windows Server 2003 Service Pack 2
MS13-081 Windows Server 2003 Service Pack 2
MS13-081 Windows Server 2003 Service Pack 2
MS13-081 Windows Server 2003 with SP2 for Itanium-based Systems
MS13-081 Windows Server 2003 with SP2 for Itanium-based Systems
MS13-081 Windows Server 2003 with SP2 for Itanium-based Systems
MS13-081 Windows Server 2003 with SP2 for Itanium-based Systems
MS13-081 Windows Server 2003 with SP2 for Itanium-based Systems
MS13-081 Windows Server 2003 with SP2 for Itanium-based Systems
MS13-081 Windows Server 2003 x64 Edition Service Pack 2
MS13-081 Windows Server 2003 x64 Edition Service Pack 2
MS13-081 Windows Server 2003 x64 Edition Service Pack 2
MS13-081 Windows Server 2003 x64 Edition Service Pack 2
MS13-081 Windows Server 2003 x64 Edition Service Pack 2
MS13-081 Windows Server 2003 x64 Edition Service Pack 2
MS13-081 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS13-081 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS13-081 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS13-081 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS13-081 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS13-081 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS13-081 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS13-081 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS13-081 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS13-081 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS13-081 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS13-081 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS13-081 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS13-081 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS13-081 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS13-081 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS13-081 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS13-081 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS13-081 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS13-081 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS13-081 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS13-081 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS13-081 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS13-081 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS13-081 Windows Server 2008 for 32-bit Systems Service Pack 2
MS13-081 Windows Server 2008 for 32-bit Systems Service Pack 2
MS13-081 Windows Server 2008 for 32-bit Systems Service Pack 2
MS13-081 Windows Server 2008 for 32-bit Systems Service Pack 2
MS13-081 Windows Server 2008 for 32-bit Systems Service Pack 2
MS13-081 Windows Server 2008 for 32-bit Systems Service Pack 2
MS13-081 Windows Server 2008 for 32-bit Systems Service Pack 2
MS13-081 Windows Server 2008 for 32-bit Systems Service Pack 2
MS13-081 Windows Server 2008 for 32-bit Systems Service Pack 2
MS13-081 Windows Server 2008 for 32-bit Systems Service Pack 2
MS13-081 Windows Server 2008 for 32-bit Systems Service Pack 2
MS13-081 Windows Server 2008 for 32-bit Systems Service Pack 2
MS13-081 Windows Server 2008 for 32-bit Systems Service Pack 2
MS13-081 Windows Server 2008 for 32-bit Systems Service Pack 2
MS13-081 Windows Server 2008 for 32-bit Systems Service Pack 2
MS13-081 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS13-081 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS13-081 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS13-081 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS13-081 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS13-081 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS13-081 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS13-081 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS13-081 Windows Server 2008 for x64-based Systems Service Pack 2
MS13-081 Windows Server 2008 for x64-based Systems Service Pack 2
MS13-081 Windows Server 2008 for x64-based Systems Service Pack 2
MS13-081 Windows Server 2008 for x64-based Systems Service Pack 2
MS13-081 Windows Server 2008 for x64-based Systems Service Pack 2
MS13-081 Windows Server 2008 for x64-based Systems Service Pack 2
MS13-081 Windows Server 2008 for x64-based Systems Service Pack 2
MS13-081 Windows Server 2008 for x64-based Systems Service Pack 2
MS13-081 Windows Server 2008 for x64-based Systems Service Pack 2
MS13-081 Windows Server 2008 for x64-based Systems Service Pack 2
MS13-081 Windows Server 2008 for x64-based Systems Service Pack 2
MS13-081 Windows Server 2008 for x64-based Systems Service Pack 2
MS13-081 Windows Server 2008 for x64-based Systems Service Pack 2
MS13-081 Windows Server 2008 for x64-based Systems Service Pack 2
MS13-081 Windows Server 2008 for x64-based Systems Service Pack 2
MS13-081 Windows Server 2012
MS13-081 Windows Server 2012
MS13-081 Windows Server 2012
MS13-081 Windows Server 2012
MS13-081 Windows Server 2012
MS13-081 Windows Server 2012
MS13-081 Windows Server 2012
MS13-081 Windows Server 2012
MS13-081 Windows Server 2012
MS13-081 Windows Server 2012
MS13-081 Windows Server 2012
MS13-081 Windows Server 2012
MS13-081 Windows Server 2012
MS13-081 Windows Server 2012
MS13-081 Windows Vista Service Pack 2
MS13-081 Windows Vista Service Pack 2
MS13-081 Windows Vista Service Pack 2
MS13-081 Windows Vista Service Pack 2
MS13-081 Windows Vista Service Pack 2
MS13-081 Windows Vista Service Pack 2
MS13-081 Windows Vista Service Pack 2
MS13-081 Windows Vista Service Pack 2
MS13-081 Windows Vista Service Pack 2
MS13-081 Windows Vista x64 Edition Service Pack 2
MS13-081 Windows Vista x64 Edition Service Pack 2
MS13-081 Windows Vista x64 Edition Service Pack 2
MS13-081 Windows Vista x64 Edition Service Pack 2
MS13-081 Windows Vista x64 Edition Service Pack 2
MS13-081 Windows Vista x64 Edition Service Pack 2
MS13-081 Windows Vista x64 Edition Service Pack 2
MS13-081 Windows Vista x64 Edition Service Pack 2
MS13-081 Windows Vista x64 Edition Service Pack 2
MS13-081 Windows XP Professional x64 Edition Service Pack 2
MS13-081 Windows XP Professional x64 Edition Service Pack 2
MS13-081 Windows XP Professional x64 Edition Service Pack 2
MS13-081 Windows XP Professional x64 Edition Service Pack 2
MS13-081 Windows XP Professional x64 Edition Service Pack 2
MS13-081 Windows XP Professional x64 Edition Service Pack 2
MS13-081 Windows XP Service Pack 3
MS13-081 Windows XP Service Pack 3
MS13-081 Windows XP Service Pack 3
MS13-081 Windows XP Service Pack 3
MS13-081 Windows XP Service Pack 3
MS13-081 Windows XP Service Pack 3
Microsoft .NET Framework is exposed to the following vulnerabilities:
- A remote code execution vulnerability exists in the way that affected components handle specially crafted OpenType fonts (OTF). The vulnerability could allow remote code execution if a user visits a website hosting an XAML Browser Application (XBAP) containing a specially crafted OTF file (CVE-2013-3128).
- A denial of service vulnerability exists in the .NET Framework that could allow an attacker to cause a server or application to crash or become unresponsive (CVE-2013-3860).
- A denial of service vulnerability exists in the .NET Framework that could allow an attacker to cause a server or application to crash or become unresponsive (CVE-2013-3861).
This security update is rated Critical for Microsoft .NET Framework 3.0 Service Pack 2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4, and Microsoft .NET Framework 4.5 on affected editions of Microsoft Windows; it is rated Important for Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1 on affected editions of Microsoft Windows.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-082 Windows 7 for 32-bit Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS13-082 Windows 7 for 32-bit Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS13-082 Windows 7 for 32-bit Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS13-082 Windows 7 for 32-bit Systems Service Pack 1(Microsoft .NET Framework 4)
MS13-082 Windows 7 for 32-bit Systems Service Pack 1(Microsoft .NET Framework 4.5)
MS13-082 Windows 7 for 32-bit Systems Service Pack 1
MS13-082 Windows 7 for 32-bit Systems Service Pack 1
MS13-082 Windows 7 for 32-bit Systems Service Pack 1
MS13-082 Windows 7 for x64-based Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS13-082 Windows 7 for x64-based Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS13-082 Windows 7 for x64-based Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS13-082 Windows 7 for x64-based Systems Service Pack 1(Microsoft .NET Framework 4)
MS13-082 Windows 7 for x64-based Systems Service Pack 1(Microsoft .NET Framework 4.5)
MS13-082 Windows 7 for x64-based Systems Service Pack 1
MS13-082 Windows 7 for x64-based Systems Service Pack 1
MS13-082 Windows 7 for x64-based Systems Service Pack 1
MS13-082 Windows 8 for 32-bit Systems(Microsoft .NET Framework 3.5)
MS13-082 Windows 8 for 32-bit Systems(Microsoft .NET Framework 3.5)
MS13-082 Windows 8 for 32-bit Systems(Microsoft .NET Framework 3.5)
MS13-082 Windows 8 for 32-bit Systems(Microsoft .NET Framework 4.5)
MS13-082 Windows 8 for 64-bit Systems(Microsoft .NET Framework 3.5)
MS13-082 Windows 8 for 64-bit Systems(Microsoft .NET Framework 3.5)
MS13-082 Windows 8 for 64-bit Systems(Microsoft .NET Framework 3.5)
MS13-082 Windows 8 for 64-bit Systems(Microsoft .NET Framework 4.5)
MS13-082 Windows Server 2003 Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS13-082 Windows Server 2003 Service Pack 2(Microsoft .NET Framework 3.0 Service Pack 2)
MS13-082 Windows Server 2003 Service Pack 2(Microsoft .NET Framework 3.5 Service Pack 1)
MS13-082 Windows Server 2003 Service Pack 2(Microsoft .NET Framework 4)
MS13-082 Windows Server 2003 Service Pack 2(Microsoft .NET Framework 4)
MS13-082 Windows Server 2003 with SP2 for Itanium-based Systems(Microsoft .NET Framework 2.0 Service Pack 2)
MS13-082 Windows Server 2003 with SP2 for Itanium-based Systems(Microsoft .NET Framework 3.5 Service Pack 1)
MS13-082 Windows Server 2003 with SP2 for Itanium-based Systems(Microsoft .NET Framework 4)
MS13-082 Windows Server 2003 x64 Edition Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS13-082 Windows Server 2003 x64 Edition Service Pack 2(Microsoft .NET Framework 3.0 Service Pack 2)
MS13-082 Windows Server 2003 x64 Edition Service Pack 2(Microsoft .NET Framework 3.5 Service Pack 1)
MS13-082 Windows Server 2003 x64 Edition Service Pack 2(Microsoft .NET Framework 4)
MS13-082 Windows Server 2003 x64 Edition Service Pack 2(Microsoft .NET Framework 4)
MS13-082 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS13-082 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS13-082 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(Microsoft .NET Framework 4)
MS13-082 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS13-082 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS13-082 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS13-082 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS13-082 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS13-082 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Microsoft .NET Framework 4)
MS13-082 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Microsoft .NET Framework 4.5)
MS13-082 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS13-082 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS13-082 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS13-082 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(Microsoft .NET Framework 3.5.1)
MS13-082 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(Microsoft .NET Framework 3.5.1)
MS13-082 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(Microsoft .NET Framework 4)
MS13-082 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(Microsoft .NET Framework 4.5)
MS13-082 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
MS13-082 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
MS13-082 Windows Server 2008 for 32-bit Systems Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS13-082 Windows Server 2008 for 32-bit Systems Service Pack 2(Microsoft .NET Framework 3.0 Service Pack 2)
MS13-082 Windows Server 2008 for 32-bit Systems Service Pack 2(Microsoft .NET Framework 3.5 Service Pack 1)
MS13-082 Windows Server 2008 for 32-bit Systems Service Pack 2(Microsoft .NET Framework 4)
MS13-082 Windows Server 2008 for 32-bit Systems Service Pack 2(Microsoft .NET Framework 4)
MS13-082 Windows Server 2008 for 32-bit Systems Service Pack 2(Microsoft .NET Framework 4.5)
MS13-082 Windows Server 2008 for 32-bit Systems Service Pack 2(Microsoft .NET Framework 4.5)
MS13-082 Windows Server 2008 for Itanium-based Systems Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS13-082 Windows Server 2008 for Itanium-based Systems Service Pack 2(Microsoft .NET Framework 3.5 Service Pack 1)
MS13-082 Windows Server 2008 for Itanium-based Systems Service Pack 2(Microsoft .NET Framework 4)
MS13-082 Windows Server 2008 for x64-based Systems Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS13-082 Windows Server 2008 for x64-based Systems Service Pack 2(Microsoft .NET Framework 3.0 Service Pack 2)
MS13-082 Windows Server 2008 for x64-based Systems Service Pack 2(Microsoft .NET Framework 3.5 Service Pack 1)
MS13-082 Windows Server 2008 for x64-based Systems Service Pack 2(Microsoft .NET Framework 4)
MS13-082 Windows Server 2008 for x64-based Systems Service Pack 2(Microsoft .NET Framework 4)
MS13-082 Windows Server 2008 for x64-based Systems Service Pack 2(Microsoft .NET Framework 4.5)
MS13-082 Windows Server 2008 for x64-based Systems Service Pack 2(Microsoft .NET Framework 4.5)
MS13-082 Windows Server 2012(Microsoft .NET Framework 3.5)
MS13-082 Windows Server 2012(Microsoft .NET Framework 3.5)
MS13-082 Windows Server 2012(Microsoft .NET Framework 3.5)
MS13-082 Windows Server 2012(Microsoft .NET Framework 4.5)
MS13-082 Windows Server 2012 (Server Core installation)(Microsoft .NET Framework 3.5)
MS13-082 Windows Server 2012 (Server Core installation)(Microsoft .NET Framework 3.5)
MS13-082 Windows Server 2012 (Server Core installation)(Microsoft .NET Framework 4.5)
MS13-082 Windows Vista Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS13-082 Windows Vista Service Pack 2(Microsoft .NET Framework 3.0 Service Pack 2)
MS13-082 Windows Vista Service Pack 2(Microsoft .NET Framework 3.5 Service Pack 1)
MS13-082 Windows Vista Service Pack 2(Microsoft .NET Framework 4)
MS13-082 Windows Vista Service Pack 2(Microsoft .NET Framework 4)
MS13-082 Windows Vista Service Pack 2(Microsoft .NET Framework 4.5)
MS13-082 Windows Vista Service Pack 2(Microsoft .NET Framework 4.5)
MS13-082 Windows Vista x64 Edition Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS13-082 Windows Vista x64 Edition Service Pack 2(Microsoft .NET Framework 3.0 Service Pack 2)
MS13-082 Windows Vista x64 Edition Service Pack 2(Microsoft .NET Framework 3.5 Service Pack 1)
MS13-082 Windows Vista x64 Edition Service Pack 2(Microsoft .NET Framework 4)
MS13-082 Windows Vista x64 Edition Service Pack 2(Microsoft .NET Framework 4)
MS13-082 Windows Vista x64 Edition Service Pack 2(Microsoft .NET Framework 4.5)
MS13-082 Windows Vista x64 Edition Service Pack 2(Microsoft .NET Framework 4.5)
MS13-082 Windows XP Professional x64 Edition Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS13-082 Windows XP Professional x64 Edition Service Pack 2(Microsoft .NET Framework 3.0 Service Pack 2)
MS13-082 Windows XP Professional x64 Edition Service Pack 2(Microsoft .NET Framework 3.5 Service Pack 1)
MS13-082 Windows XP Professional x64 Edition Service Pack 2(Microsoft .NET Framework 4)
MS13-082 Windows XP Professional x64 Edition Service Pack 2(Microsoft .NET Framework 4)
MS13-082 Windows XP Service Pack 3(Microsoft .NET Framework 2.0 Service Pack 2)
MS13-082 Windows XP Service Pack 3(Microsoft .NET Framework 3.0 Service Pack 2)
MS13-082 Windows XP Service Pack 3(Microsoft .NET Framework 3.5 Service Pack 1)
MS13-082 Windows XP Service Pack 3(Microsoft .NET Framework 4)
MS13-082 Windows XP Service Pack 3(Microsoft .NET Framework 4)
The vulnerability occurs when the DSA_InsertItem function in the Windows common control library improperly allocates memory for data structures. An unauthenticated remote attacker could exploit the vulnerability by sending a specially crafted request to an affected system. This vulnerability can be exposed only through a vulnerable web application using the DSA_InsertItem function, which accepts an arbitrary user value as an argument.
This security update is rated Critical for all supported 64-bit editions of Microsoft Windows. This security update has no severity rating for Windows RT and for all supported 32-bit editions of Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows 8.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-083 Windows 7 for 32-bit Systems Service Pack 1
MS13-083 Windows 7 for x64-based Systems Service Pack 1
MS13-083 Windows 8 for 32-bit Systems
MS13-083 Windows 8 for 64-bit Systems
MS13-083 Windows Server 2003 Service Pack 2
MS13-083 Windows Server 2003 with SP2 for Itanium-based Systems
MS13-083 Windows Server 2003 x64 Edition Service Pack 2
MS13-083 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS13-083 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS13-083 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS13-083 Windows Server 2008 for 32-bit Systems Service Pack 2
MS13-083 Windows Server 2008 for 32-bit Systems Service Pack 2
MS13-083 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS13-083 Windows Server 2008 for x64-based Systems Service Pack 2
MS13-083 Windows Server 2008 for x64-based Systems Service Pack 2
MS13-083 Windows Server 2012
MS13-083 Windows Server 2012
MS13-083 Windows Vista Service Pack 2
MS13-083 Windows Vista x64 Edition Service Pack 2
MS13-083 Windows XP Professional x64 Edition Service Pack 2
An elevation of privilege vulnerability exists in Microsoft SharePoint Server. The vulnerability is caused when SharePoint Server does not properly protect against a practice known as clickjacking in a SharePoint page. (CVE-2013-3895)
Affected Software:
Microsoft SharePoint Server 2007 Service Pack 3 (32-bit editions)
Microsoft Windows SharePoint Services 3.0 Service Pack 3 (wssloc) (32-bit versions)
Microsoft SharePoint Server 2007 Service Pack 3 (64-bit editions)
Microsoft Windows SharePoint Services 3.0 Service Pack 3 (wssloc) (64-bit versions)
Microsoft SharePoint Server 2010 Service Pack 1
Microsoft SharePoint Server 2010 Service Pack 1
Microsoft SharePoint Foundation 2010 Service Pack 1 (wssloc)
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft SharePoint Foundation 2010 Service Pack 2 (wssloc)
Microsoft SharePoint Server 2013 (wacserver)
Microsoft SharePoint Server 2013 (pptserver)
This security update is rated Important for supported editions of Microsoft SharePoint Server.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-084 Microsoft Office Web Apps 2010 Service Pack 1(Microsoft Excel Web App 2010 Service Pack 1)
MS13-084 Microsoft Office Web Apps 2010 Service Pack 1(Microsoft Web Applications 2010 Service Pack 1)
MS13-084 Microsoft Office Web Apps 2010 Service Pack 2(Microsoft Excel Web App 2010 Service Pack 2)
MS13-084 Microsoft Office Web Apps 2010 Service Pack 2(Microsoft Web Applications 2010 Service Pack 2)
MS13-084 Microsoft SharePoint Server 2007 Service Pack 3 (32-bit editions)(Excel Services)
MS13-084 Microsoft SharePoint Server 2007 Service Pack 3 (32-bit editions)(Microsoft Windows SharePoint Services 3.0 Service Pack 3 (wssloc) (32-bit versions))
MS13-084 Microsoft SharePoint Server 2007 Service Pack 3 (64-bit editions)(Excel Services)
MS13-084 Microsoft SharePoint Server 2007 Service Pack 3 (64-bit editions)(Microsoft Windows SharePoint Services 3.0 Service Pack 3 (wssloc) (64-bit versions))
MS13-084 Microsoft SharePoint Server 2010 Service Pack 1(Excel Services)
MS13-084 Microsoft SharePoint Server 2010 Service Pack 1(Microsoft SharePoint Foundation 2010 Service Pack 1 (wssloc))
MS13-084 Microsoft SharePoint Server 2010 Service Pack 1(Word Automation Services)
MS13-084 Microsoft SharePoint Server 2010 Service Pack 2(Excel Services)
MS13-084 Microsoft SharePoint Server 2010 Service Pack 2(Microsoft SharePoint Foundation 2010 Service Pack 2 (wssloc))
MS13-084 Microsoft SharePoint Server 2010 Service Pack 2(Word Automation Services)
MS13-084 Microsoft SharePoint Server 2013(Microsoft SharePoint Server 2013 (pptserver))
MS13-084 Microsoft SharePoint Server 2013(Microsoft SharePoint Server 2013 (wacserver))
MS13-084 Microsoft SharePoint Server 2013(Excel Services)
MS13-084 Microsoft SharePoint Server 2013(Word Automation Services)
Excel is prone to multiple remote code execution vulnerabilities caused by the way that Microsoft Excel handles specially crafted Excel files.
Microsoft has released a security update that addresses the vulnerabilities by correcting the way Microsoft Excel parses and validates data when opening specially crafted Excel files.
This security update is rated Important for all supported editions of Microsoft Excel 2007, Microsoft Excel 2010, Microsoft Excel 2013, Microsoft Excel 2013 RT, and Microsoft Office for Mac 2011. It is also rated Important for supported versions of Microsoft Excel Viewer and Microsoft Office Compatibility Pack.
These vulnerabilities could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploits these vulnerabilities could gain the same user rights as the logged-on user.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-085 Microsoft Excel Viewer
MS13-085 Microsoft Office 2007 Service Pack 3(Microsoft Excel 2007 Service Pack 3)
MS13-085 Microsoft Office 2007 Service Pack 3
MS13-085 Microsoft Office 2007 Service Pack 3
MS13-085 Microsoft Office 2010 Service Pack 1 (32-bit editions)(Microsoft Excel 2010 Service Pack 1 (32-bit editions))
MS13-085 Microsoft Office 2010 Service Pack 1 (32-bit editions)
MS13-085 Microsoft Office 2010 Service Pack 1 (32-bit editions)
MS13-085 Microsoft Office 2010 Service Pack 1 (64-bit editions)(Microsoft Excel 2010 Service Pack 1 (64-bit editions))
MS13-085 Microsoft Office 2010 Service Pack 1 (64-bit editions)
MS13-085 Microsoft Office 2010 Service Pack 1 (64-bit editions)
MS13-085 Microsoft Office 2010 Service Pack 2 (32-bit editions)(Microsoft Excel 2010 Service Pack 2 (32-bit editions))
MS13-085 Microsoft Office 2010 Service Pack 2 (32-bit editions)
MS13-085 Microsoft Office 2010 Service Pack 2 (32-bit editions)
MS13-085 Microsoft Office 2010 Service Pack 2 (64-bit editions)(Microsoft Excel 2010 Service Pack 2 (64-bit editions))
MS13-085 Microsoft Office 2010 Service Pack 2 (64-bit editions)
MS13-085 Microsoft Office 2010 Service Pack 2 (64-bit editions)
MS13-085 Microsoft Office 2013 (32-bit editions)(Microsoft Excel 2013 (32-bit editions))
MS13-085 Microsoft Office 2013 (32-bit editions)
MS13-085 Microsoft Office 2013 (64-bit editions)(Microsoft Excel 2013 (64-bit editions))
MS13-085 Microsoft Office 2013 (64-bit editions)
MS13-085 Microsoft Office Compatibility Pack Service Pack 3
MS13-085 Microsoft Office for Mac 2011
MS13-085
MS13-085
Affected Versions:
Microsoft Silverlight 5 and Microsoft Silverlight 5 Developer Runtime when installed on Mac and all supported releases of Microsoft Windows.
This security update is rated Important.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-087 Microsoft Silverlight 5
MS13-087 Microsoft Silverlight 5
MS13-087 Microsoft Silverlight 5
MS13-087 Microsoft Silverlight 5 Developer Runtime
MS13-087 Microsoft Silverlight 5 Developer Runtime
MS13-087 Microsoft Silverlight 5 Developer Runtime
These new vulnerability checks are included in Qualys vulnerability signature 2.2.548-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.