Microsoft security alert.
December 10, 2013
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 22 vulnerabilities that were fixed in 11 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 11 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft GDI+ Remote Code Execution Vulnerability (MS13-096) (KB2896666)
- Severity
- Critical 4
- Qualys ID
- 121569
- Vendor Reference
- MS13-096
- CVE Reference
- CVE-2013-3906
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
GDI+ is a graphics device interface that provides two-dimensional vector graphics, imaging, and typography to applications and programmers.
A remote code execution vulnerability exists in the way that affected Windows components and other affected software handle specially crafted TIFF files. The vulnerability could allow remote code execution if a user views TIFF files in shared content.
Affected Software:
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Microsoft Office 2003 Service Pack 3
Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 1 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 1 (64-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Word Viewer
Microsoft Excel Viewer
Microsoft PowerPoint 2010 Viewer Service Pack 1
Microsoft PowerPoint 2010 Viewer Service Pack 2
Microsoft Lync 2010 (32-bit)
Microsoft Lync 2010 (64-bit)
Microsoft Lync 2010 Attendee (user level install)
Microsoft Lync 2010 Attendee (admin level install)
Microsoft Lync 2013 (32-bit)
Microsoft Lync Basic 2013 (32-bit)
Microsoft Lync 2013 (64-bit)
Microsoft Lync Basic 2013 (64-bit)
- Consequence
-
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
- Solution
-
Customers are advised to refer MS13-096 for further details.
Workaround:
Disable the TIFF codec Refer to the following link for further details: Microsoft Security Advisory 2896666Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-096 Microsoft Excel Viewer
MS13-096 Microsoft Lync 2010
MS13-096 Microsoft Lync 2010
MS13-096 Microsoft Lync 2010 Attendee
MS13-096 Microsoft Lync 2010 Attendee
MS13-096 Microsoft Lync 2013
MS13-096 Microsoft Lync Basic 2013
MS13-096 Microsoft Office 2003 Service Pack 3
MS13-096 Microsoft Office 2007 Service Pack 3
MS13-096 Microsoft Office 2010 Service Pack 1 (32-bit editions)
MS13-096 Microsoft Office 2010 Service Pack 1 (64-bit editions)
MS13-096 Microsoft Office 2010 Service Pack 2 (32-bit editions)
MS13-096 Microsoft Office 2010 Service Pack 2 (64-bit editions)
MS13-096 Microsoft Office Compatibility Pack Service Pack 3
MS13-096 Microsoft PowerPoint 2010 Viewer Service Pack 1
MS13-096 Microsoft PowerPoint 2010 Viewer Service Pack 2
MS13-096 Microsoft Word Viewer
MS13-096 Windows Server 2008 for 32-bit Systems Service Pack 2
MS13-096 Windows Server 2008 for 32-bit Systems Service Pack 2
MS13-096 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS13-096 Windows Server 2008 for x64-based Systems Service Pack 2
MS13-096 Windows Server 2008 for x64-based Systems Service Pack 2
MS13-096 Windows Vista Service Pack 2
MS13-096 Windows Vista x64 Edition Service Pack 2
-
Microsoft Internet Explorer Multiple Remote Code Execution Vulnerabilities (MS13-097)
- Severity
- Urgent 5
- Qualys ID
- 100172
- Vendor Reference
- MS13-097
- CVE Reference
- CVE-2013-5045, CVE-2013-5046, CVE-2013-5047, CVE-2013-5048, CVE-2013-5049, CVE-2013-5051, CVE-2013-5052
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
Microsoft Internet Explorer is a graphical web browser developed by Microsoft and included as part of the Microsoft Windows operating systems.
Microsoft Internet Explorer is affected by multiple memory corruption vulnerabilities because it improperly handles objects in memory. An attacker could host a specially crafted website designed to exploit these vulnerabilities through Internet Explorer and then convince a user to view the website.
This security update is rated Critical for Internet Explorer 6, 7, 8, 9 10 and 11 on Windows clients and Moderate for Internet Explorer 6, 7, 8, 9 and 10 on Windows servers.
- Consequence
- An attacker who successfully exploited these vulnerabilities could execute arbitrary code on affected systems with elevated privileges.
- Solution
-
Please refer to MS13-097 for details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-097 Windows 7 for 32-bit Systems Service Pack 1(Internet Explorer 10)
MS13-097 Windows 7 for 32-bit Systems Service Pack 1(Internet Explorer 11)
MS13-097 Windows 7 for 32-bit Systems Service Pack 1(Internet Explorer 8)
MS13-097 Windows 7 for 32-bit Systems Service Pack 1(Internet Explorer 9)
MS13-097 Windows 7 for x64-based Systems Service Pack 1(Internet Explorer 10)
MS13-097 Windows 7 for x64-based Systems Service Pack 1(Internet Explorer 11)
MS13-097 Windows 7 for x64-based Systems Service Pack 1(Internet Explorer 8)
MS13-097 Windows 7 for x64-based Systems Service Pack 1(Internet Explorer 9)
MS13-097 Windows 8 for 32-bit Systems(Internet Explorer 10)
MS13-097 Windows 8 for x64-based Systems(Internet Explorer 10)
MS13-097 Windows 8.1 for 32-bit Systems(Internet Explorer 11)
MS13-097 Windows 8.1 for x64-based Systems(Internet Explorer 11)
MS13-097 Windows Server 2003 Service Pack 2(Internet Explorer 6)
MS13-097 Windows Server 2003 Service Pack 2(Internet Explorer 7)
MS13-097 Windows Server 2003 Service Pack 2(Internet Explorer 8)
MS13-097 Windows Server 2003 with SP2 for Itanium-based Systems(Internet Explorer 6)
MS13-097 Windows Server 2003 with SP2 for Itanium-based Systems(Internet Explorer 7)
MS13-097 Windows Server 2003 x64 Edition Service Pack 2(Internet Explorer 6)
MS13-097 Windows Server 2003 x64 Edition Service Pack 2(Internet Explorer 7)
MS13-097 Windows Server 2003 x64 Edition Service Pack 2(Internet Explorer 8)
MS13-097 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(Internet Explorer 8)
MS13-097 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Internet Explorer 10)
MS13-097 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Internet Explorer 11)
MS13-097 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Internet Explorer 8)
MS13-097 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Internet Explorer 9)
MS13-097 Windows Server 2008 for 32-bit Systems Service Pack 2(Internet Explorer 7)
MS13-097 Windows Server 2008 for 32-bit Systems Service Pack 2(Internet Explorer 8)
MS13-097 Windows Server 2008 for 32-bit Systems Service Pack 2(Internet Explorer 9)
MS13-097 Windows Server 2008 for Itanium-based Systems Service Pack 2(Internet Explorer 7)
MS13-097 Windows Server 2008 for x64-based Systems Service Pack 2(Internet Explorer 7)
MS13-097 Windows Server 2008 for x64-based Systems Service Pack 2(Internet Explorer 8)
MS13-097 Windows Server 2008 for x64-based Systems Service Pack 2(Internet Explorer 9)
MS13-097 Windows Server 2012(Internet Explorer 10)
MS13-097 Windows Server 2012 R2(Internet Explorer 11)
MS13-097 Windows Vista Service Pack 2(Internet Explorer 7)
MS13-097 Windows Vista Service Pack 2(Internet Explorer 8)
MS13-097 Windows Vista Service Pack 2(Internet Explorer 9)
MS13-097 Windows Vista x64 Edition Service Pack 2(Internet Explorer 7)
MS13-097 Windows Vista x64 Edition Service Pack 2(Internet Explorer 8)
MS13-097 Windows Vista x64 Edition Service Pack 2(Internet Explorer 9)
MS13-097 Windows XP Professional x64 Edition Service Pack 2(Internet Explorer 6)
MS13-097 Windows XP Professional x64 Edition Service Pack 2(Internet Explorer 7)
MS13-097 Windows XP Professional x64 Edition Service Pack 2(Internet Explorer 8)
MS13-097 Windows XP Service Pack 3(Internet Explorer 6)
MS13-097 Windows XP Service Pack 3(Internet Explorer 7)
MS13-097 Windows XP Service Pack 3(Internet Explorer 8)
-
Windows Digital Signatures Remote Code Execution Vulnerability (MS13-098)
- Severity
- Critical 4
- Qualys ID
- 90931
- Vendor Reference
- MS13-098
- CVE Reference
- CVE-2013-3900
- CVSS Scores
- Base 7.6 / Temporal 6.3
- Description
-
Windows Authenticode signature verification consists of two primary activities: signature checking on specified objects and trust verification.
A remote code execution vulnerability exists when the WinVerifyTrust function improperly validates the file digest of a specially crafted PE file while verifying a Windows Authenticode signature.
This security update is rated Critical for all supported releases of Windows. QID Detection: (Authenticated) - Windows
This QID checks for registry key - "HKLM\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB2893294\Filelist" or "HKLM\SOFTWARE\Microsoft\Updates\Windows XP Version 2003\SP3\KB2893294\Filelist" or "HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB2893294\Filelist" and checking for file "%windir%\System32\imagehlp.dll" for vulnerable version. - Consequence
- Successfully exploiting the vulnerability might allow a remote attacker to install programs; view, change, or delete data; or create new accounts with full user rights.
- Solution
-
For additional information, please refer to Microsoft Security Bulletin MS13-098.
For latest information, please refer to Released: Jan 21, 2022 Workaround:
Microsoft has not identified any workarounds for this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-098 Windows 7 for 32-bit Systems Service Pack 1
MS13-098 Windows 7 for x64-based Systems Service Pack 1
MS13-098 Windows 8 for 32-bit Systems
MS13-098 Windows 8 for x64-based Systems
MS13-098 Windows 8.1 for 32-bit Systems
MS13-098 Windows 8.1 for x64-based Systems
MS13-098 Windows Server 2003 Service Pack 2
MS13-098 Windows Server 2003 with SP2 for Itanium-based Systems
MS13-098 Windows Server 2003 x64 Edition Service Pack 2
MS13-098 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS13-098 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS13-098 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS13-098 Windows Server 2008 for 32-bit Systems Service Pack 2
MS13-098 Windows Server 2008 for 32-bit Systems Service Pack 2
MS13-098 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS13-098 Windows Server 2008 for x64-based Systems Service Pack 2
MS13-098 Windows Server 2008 for x64-based Systems Service Pack 2
MS13-098 Windows Server 2012
MS13-098 Windows Server 2012
MS13-098 Windows Server 2012 R2
MS13-098 Windows Server 2012 R2
MS13-098 Windows Vista Service Pack 2
MS13-098 Windows Vista x64 Edition Service Pack 2
MS13-098 Windows XP Professional x64 Edition Service Pack 2
MS13-098 Windows XP Service Pack 3
-
Microsoft Scripting Runtime Object Library Remote Code Execution Vulnerability (MS13-099)
- Severity
- Critical 4
- Qualys ID
- 90932
- Vendor Reference
- MS13-099
- CVE Reference
- CVE-2013-5056
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
The Microsoft Scripting Runtime Object Library contains objects that are useful for either VBA or script.
This security update resolves a privately reported vulnerability in Microsoft Windows by modifying how the Microsoft Scripting Runtime Object Library handles objects in memory. The vulnerability is caused by memory corruption resulting from the Microsoft Scripting Runtime Object Library improperly handling an object in memory.
This security update is rated Critical.
Affected Versions:
Windows Script 5.6, Windows Script 5.7, and Windows Script 5.8. - Consequence
- The vulnerability could allow remote code execution if an attacker convinces a user to visit a specially crafted website or a website that hosts specially crafted content. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
- Solution
-
Refer to MS13-099 for further information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-099 Windows 7 for 32-bit Systems Service Pack 1(Windows Script 5.8)
MS13-099 Windows 7 for x64-based Systems Service Pack 1(Windows Script 5.8)
MS13-099 Windows 8 for 32-bit Systems(Windows Script 5.8)
MS13-099 Windows 8 for x64-based Systems(Windows Script 5.8)
MS13-099 Windows 8.1 for 32-bit Systems(Windows Script 5.8)
MS13-099 Windows 8.1 for x64-based Systems(Windows Script 5.8)
MS13-099 Windows Server 2003 Service Pack 2(Windows Script 5.6)
MS13-099 Windows Server 2003 Service Pack 2(Windows Script 5.7)
MS13-099 Windows Server 2003 with SP2 for Itanium-based Systems(Windows Script 5.6)
MS13-099 Windows Server 2003 with SP2 for Itanium-based Systems(Windows Script 5.7)
MS13-099 Windows Server 2003 x64 Edition Service Pack 2(Windows Script 5.6)
MS13-099 Windows Server 2003 x64 Edition Service Pack 2(Windows Script 5.7)
MS13-099 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(Windows Script 5.8)
MS13-099 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Windows Script 5.8)
MS13-099 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(Windows Script 5.8)
MS13-099 Windows Server 2008 for 32-bit Systems Service Pack 2(Windows Script 5.7)
MS13-099 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)(Windows Script 5.7)
MS13-099 Windows Server 2008 for Itanium-based Systems Service Pack 2(Windows Script 5.7)
MS13-099 Windows Server 2008 for x64-based Systems Service Pack 2(Windows Script 5.7)
MS13-099 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)(Windows Script 5.7)
MS13-099 Windows Server 2012(Windows Script 5.8)
MS13-099 Windows Server 2012 (Server Core installation)(Windows Script 5.8)
MS13-099 Windows Server 2012 R2(Windows Script 5.8)
MS13-099 Windows Server 2012 R2 (Server Core installation)(Windows Script 5.8)
MS13-099 Windows Vista Service Pack 2(Windows Script 5.7)
MS13-099 Windows Vista x64 Edition Service Pack 2(Windows Script 5.7)
MS13-099 Windows XP Professional x64 Edition Service Pack 2(Windows Script 5.6)
MS13-099 Windows XP Professional x64 Edition Service Pack 2(Windows Script 5.7)
MS13-099 Windows XP Service Pack 3(Windows Script 5.7)
-
Microsoft SharePoint Server Remote Code Execution Vulnerability (MS13-100)
- Severity
- Urgent 5
- Qualys ID
- 110230
- Vendor Reference
- MS13-100
- CVE Reference
- CVE-2013-5059
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
A remote code execution vulnerability exists in the way that affected Microsoft Office Services and Web Apps parse content in specially crafted pages.
Affected Software:
Microsoft SharePoint Server 2013 (coreserverloc)
Microsoft SharePoint Server 2010 Service Pack 1-Microsoft Business Productivity Servers
Microsoft SharePoint Server 2010 Service Pack 2-Microsoft Business Productivity Servers
Microsoft SharePoint Server 2013-Microsoft Business Productivity Servers
Microsoft SharePoint Server 2013-Excel Services
Microsoft Office Web Apps 2013-Microsoft Office Web Apps Server 2013This security update is rated Important for supported editions of Microsoft SharePoint Server.
- Consequence
- An attacker who successfully exploits this vulnerability can cause arbitrary code to run in the security context of the W3WP service account.
- Solution
-
Customers are advised to refer to MS13-100.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-100 Microsoft Office Web Apps 2013(Microsoft Office Web Apps Server 2013)
MS13-100 Microsoft SharePoint Server 2010 Service Pack 1(Microsoft Business Productivity Servers)
MS13-100 Microsoft SharePoint Server 2010 Service Pack 2(Microsoft Business Productivity Servers)
MS13-100 Microsoft SharePoint Server 2013(Excel Services)
MS13-100 Microsoft SharePoint Server 2013(Microsoft Business Productivity Servers)
MS13-100 Microsoft SharePoint Server 2013(Microsoft SharePoint Server 2013 (coreserverloc))
-
Microsoft Windows Kernel-Mode Drivers Elevation of Privilege Vulnerability (MS13-101)
- Severity
- Urgent 5
- Qualys ID
- 90933
- Vendor Reference
- MS13-101
- CVE Reference
- CVE-2013-3899, CVE-2013-3902, CVE-2013-3903, CVE-2013-3907, CVE-2013-5058
- CVSS Scores
- Base 7.2 / Temporal 5.6
- Description
-
The Windows kernel is the core of the operating system. It provides system-level services such as device management and memory management, allocates processor time to processes, and manages error handling.
The kernel is prone to the following vulnerabilities:
- An elevation of privilege vulnerability exists in the way that the Win32k.sys kernel-mode driver validates address values in memory. (CVE-2013-3899)
- An elevation of privilege vulnerability exists in the Microsoft Windows kernel. This vulnerability is caused when the Windows kernel improperly handles objects in memory. (CVE-2013-3902)
- A denial of service vulnerability exists in the Microsoft Windows kernel. This vulnerability is caused when the Windows kernel improperly processes a specifically crafted TrueType font file. (CVE-2013-3903)
- An elevation of privilege vulnerability exists in the way that the Windows audio port-class driver (portcls.sys) handles objects in memory. ( CVE-2013-3907)
- A denial of service vulnerability exists in the way that the Win32k.sys kernel-mode driver handles objects in memory. (CVE-2013-5058)
- An elevation of privilege vulnerability exists in the way that the Win32k.sys kernel-mode driver validates address values in memory. (CVE-2013-3899)
- An elevation of privilege vulnerability exists in the Microsoft Windows kernel. This vulnerability is caused when the Windows kernel improperly handles objects in memory. ( CVE-2013-3902)
- A denial of service vulnerability exists in the Microsoft Windows kernel. This vulnerability is caused when the Windows kernel improperly processes a specifically crafted TrueType font file. (CVE-2013-3903)
- An elevation of privilege vulnerability exists in the way that the Windows audio port-class driver (portcls.sys) handles objects in memory. ( CVE-2013-3907)
- A denial of service vulnerability exists in the way that the Win32k.sys kernel-mode driver handles objects in memory. (CVE-2013-5058)
Affected Software:
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012
Windows Server 2012 R2
Windows RT
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012 (server core installation)
Windows Server 2012 R2 (server core installation)This security update is rated Important.
- Consequence
- An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
- Solution
-
Refer to MS13-101 for further information.
Workaround:
Microsoft has not identified any workarounds for this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-101 Windows 7 for 32-bit Systems Service Pack 1
MS13-101 Windows 7 for 32-bit Systems Service Pack 1
MS13-101 Windows 7 for x64-based Systems Service Pack 1
MS13-101 Windows 7 for x64-based Systems Service Pack 1
MS13-101 Windows 8 for 32-bit Systems
MS13-101 Windows 8 for 32-bit Systems
MS13-101 Windows 8 for x64-based Systems
MS13-101 Windows 8 for x64-based Systems
MS13-101 Windows 8.1 for 32-bit Systems
MS13-101 Windows 8.1 for x64-based Systems
MS13-101 Windows Server 2003 Service Pack 2
MS13-101 Windows Server 2003 with SP2 for Itanium-based Systems
MS13-101 Windows Server 2003 x64 Edition Service Pack 2
MS13-101 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS13-101 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS13-101 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS13-101 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS13-101 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS13-101 Windows Server 2008 for 32-bit Systems Service Pack 2
MS13-101 Windows Server 2008 for 32-bit Systems Service Pack 2
MS13-101 Windows Server 2008 for 32-bit Systems Service Pack 2
MS13-101 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS13-101 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS13-101 Windows Server 2008 for x64-based Systems Service Pack 2
MS13-101 Windows Server 2008 for x64-based Systems Service Pack 2
MS13-101 Windows Server 2008 for x64-based Systems Service Pack 2
MS13-101 Windows Server 2012
MS13-101 Windows Server 2012
MS13-101 Windows Server 2012
MS13-101 Windows Server 2012 R2
MS13-101 Windows Server 2012 R2
MS13-101 Windows Vista Service Pack 2
MS13-101 Windows Vista Service Pack 2
MS13-101 Windows Vista x64 Edition Service Pack 2
MS13-101 Windows Vista x64 Edition Service Pack 2
MS13-101 Windows XP Professional x64 Edition Service Pack 2
MS13-101 Windows XP Service Pack 3
-
Microsoft Windows LRPC Client Privilege Escalation Vulnerability (MS13-102)
- Severity
- Critical 4
- Qualys ID
- 90930
- Vendor Reference
- MS13-102
- CVE Reference
- CVE-2013-3878
- CVSS Scores
- Base 6.9 / Temporal 5.1
- Description
-
Microsoft Local Remote Procedure Call (LRPC) is a component of Microsoft Remote Procedure Call (RPC).
An elevation of privilege vulnerability exists in Microsoft Local Remote Procedure Call (LRPC) where an attacker spoofs an LRPC Server and uses a crafted LPC port message to cause a stack-based buffer overflow condition on the LRPC client.
This security update is rated Important for Windows XP Service Pack 3, Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition Service Pack 2 and Windows Server 2003 with SP2 for Itanium-based Systems.
- Consequence
-
Successful exploit could allow remote, unauthenticated attackers to execute arbitrary code within the context of another user. If that other user has elevated rights, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Solution
-
For additional information, please refer to Microsoft Security Bulletin MS13-102.
Workaround:
Microsoft has not identified any workarounds for this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-102 Windows Server 2003 Service Pack 2
MS13-102 Windows Server 2003 with SP2 for Itanium-based Systems
MS13-102 Windows Server 2003 x64 Edition Service Pack 2
MS13-102 Windows XP Professional x64 Edition Service Pack 2
MS13-102 Windows XP Service Pack 3
-
ASP.NET SignalR Elevation of Privilege Vulnerability (MS13-103)
- Severity
- Serious 3
- Qualys ID
- 121628
- Vendor Reference
- MS13-103
- CVE Reference
- CVE-2013-5042
- CVSS Scores
- Base 4.3 / Temporal 3.2
- Description
-
ASP.NET SignalR is a library for ASP.NET developers that simplifies the development of real-time web functionality.
This security update resolves a privately reported vulnerability in ASP.NET SignalR. The vulnerability could allow elevation of privilege if an attacker reflects specially crafted JavaScript back to the browser of a targeted user.
This security update is rated Important for ASP.NET SignalR versions 1.1.0, 1.1.1, 1.1.2, 1.1.3 and 2.0.0, and all supported editions of Microsoft Visual Studio Team Foundation Server 2013.
- Consequence
- Successfully exploiting the vulnerability might allow a remote attacker reflect specially crafted JavaScript back to the user's browser, which could allow the attacker to modify page content, conduct phishing, or perform actions on behalf of the targeted user.
- Solution
-
For additional information, please refer to Microsoft Security Bulletin MS13-103.
Workaround:
For Windows servers that host web applications using ASP.NET SignalR functionality, turning off the ASP.NET SignalR Forever Frame transport protocol provides temporary protection from the vulnerability.Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-103 ASP.NET SignalR 1.1.x
MS13-103 ASP.NET SignalR 2.0.x
MS13-103 Microsoft Visual Studio Team Foundation Server 2013
-
Microsoft Office Information Disclosure Vulnerability (MS13-104)
- Severity
- Serious 3
- Qualys ID
- 110228
- Vendor Reference
- MS13-104
- CVE Reference
- CVE-2013-5054
- CVSS Scores
- Base 4.3 / Temporal 3.6
- Description
-
An information disclosure vulnerability exists when affected Microsoft Office software does not properly handle a specially crafted response while attempting to open an Office file hosted on a malicious website.
This security update is rated Important for supported editions of Microsoft Office 2013 and Microsoft Office 2013 RT software.
- Consequence
-
An attacker who successfully exploited this vulnerability could ascertain access tokens used to authenticate the current user on a targeted SharePoint or other Microsoft Office server site.
- Solution
-
Please refer Microsoft's advisory MS13-104 for more details about patches.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-104 Microsoft Office 2013 (32-bit editions)
MS13-104 Microsoft Office 2013 (64-bit editions)
-
Microsoft Exchange Server Remote Code Execution Vulnerability (MS13-105)
- Severity
- Critical 4
- Qualys ID
- 74271
- Vendor Reference
- MS13-105
- CVE Reference
- CVE-2013-1330, CVE-2013-5072
- CVSS Scores
- Base 10 / Temporal 7.8
- Description
-
This security update resolves three publicly disclosed vulnerabilities and one privately reported vulnerability in Microsoft Exchange Server. The most severe of these vulnerabilities exist in the WebReady Document Viewing and Data Loss Prevention features of Microsoft Exchange Server. The security update addresses the vulnerabilities by updating the affected Oracle Outside In libraries to a non-vulnerable version, by enabling machine authentication check (MAC) according to best practices, and by ensuring that URLs are properly sanitized.
This security update is rated Critical.
Affected Versions:
Microsoft Exchange Server 2007, Microsoft Exchange Server 2010, and Microsoft Exchange Server 2013. - Consequence
- These vulnerabilities could allow remote code execution in the security context of the LocalService account if an attacker sends an email message containing a specially crafted file to a user on an affected Exchange server. The LocalService account has minimum privileges on the local system and presents anonymous credentials on the network.
- Solution
-
Refer to MS13-105 for further information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-105 Microsoft Exchange Server 2007 Service Pack 3
MS13-105 Microsoft Exchange Server 2010 Service Pack 2
MS13-105 Microsoft Exchange Server 2010 Service Pack 3
MS13-105 Microsoft Exchange Server 2013 Cumulative Update 2
MS13-105 Microsoft Exchange Server 2013 Cumulative Update 3
-
Microsoft Office Shared Component Security Bypass Vulnerability (MS13-106)
- Severity
- Critical 4
- Qualys ID
- 110229
- Vendor Reference
- MS13-106
- CVE Reference
- CVE-2013-5057
- CVSS Scores
- Base 4.3 / Temporal 3.4
- Description
-
This security update resolves one publicly disclosed vulnerability in a Microsoft Office shared component.
A security feature bypass exists in an Office shared component that does not properly implement Address Space Layout Randomization (ASLR) when a user views a specially crafted webpage in a web browser capable of instantiating COM components, such as Internet Explorer.
This security update is rated Important for supported editions of Microsoft Office 2007 and Microsoft Office 2010 software.
- Consequence
-
Successful exploitation of this issue allows an attacker to use in conjunction with another vulnerability, such as a remote code execution vulnerability that could take advantage of the ASLR bypass to run arbitrary code.
- Solution
-
Refer to Microsoft's advisory MS13-106 for more details about patches.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-106 Microsoft Office 2007 Service Pack 3
MS13-106 Microsoft Office 2010 Service Pack 1 (32-bit editions)
MS13-106 Microsoft Office 2010 Service Pack 1 (64-bit editions)
MS13-106 Microsoft Office 2010 Service Pack 2 (32-bit editions)
MS13-106 Microsoft Office 2010 Service Pack 2 (64-bit editions)
These new vulnerability checks are included in Qualys vulnerability signature 2.2.604-4. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 121569
- 100172
- 90931
- 90932
- 110230
- 90933
- 90930
- 121628
- 110228
- 74271
- 110229
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.