• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

One Critical and Four Important Windows Updates

September 10, 2013 By Corey Nachreiner

Severity: High

Summary:

  • These vulnerabilities affect: All current versions of Windows
  • How an attacker exploits them: Multiple vectors of attack, including luring users to open malicious files or to run specially crafted programs
  • Impact: In the worst case, an attacker can gain complete control of your Windows computer
  • What to do: Install the appropriate Microsoft patches as soon as possible, or let Windows Automatic Update do it for you

Exposure:

Today, Microsoft released five security bulletins describing 11 vulnerabilities in Windows. A remote attacker could exploit the worst of these flaws to potentially gain complete control of your Windows PC. We recommend you download, test, and deploy these critical updates as quickly as possible.

The summary below lists the vulnerabilities, in order from highest to lowest severity.

  • MS13-070: OLE Code Execution Vulnerability

Object Linking and Embedding (OLE)  is a protocol that allows Windows to handle special compound documents, which contain embedded links to content from other document types, in other formats. OLE suffers from an unspecified object handling vulnerability, involving its inability to properly handle specially crafted OLE objects within documents. By tricking one of your users into opening a specially crafted document, an attacker could exploit this flaw to execute code on that user’s computer, with that user’s privileges. If your users have local administrative privileges, the attacker gains complete control of their machines. All Microsoft Office documents, as well as many third-party files, can contain OLE objects, which attackers can use to exploit this flaw. This flaw only affects Windows XP and Server 2003.

Microsoft rating: Critical

  • MS13-071:  Windows Theme Code Execution Vulnerability

Windows Themes are preconfigured sets of customized settings that provide a specific look, feel, and sound to your Windows desktop. Unfortunately, Windows doesn’t properly handle maliciously crafted theme files. By enticing you to load a specially crafted theme or screensaver file, an attacker can exploit this flaw to execute code on your computer with your privileges. If you’re a administrator, the attacker gains complete control of your computer. This flaw does not affect Windows 7 or 8 systems, nor Server 2012.

Microsoft rating: Important

  • MS13-076: Multiple Kernel-Mode Driver Elevation of Privilege Vulnerabilities

The kernel is the core component of any computer operating system. Windows also ships with a kernel-mode device driver (win32k.sys), which handles the OS’s device interactions at a kernel level. The kernel-mode driver suffers from several serious code execution flaws. By running a specially crafted program, a local attacker could leverage these flaws to gain complete control of your Windows computers. However, the attacker would first need to gain local access to your Windows computers using valid credentials. This factor significantly reduces the risk of this flaw.

Microsoft rating: Important

  • MS13-077:  Service Control Manager Elevation of Privilege Vulnerabilities

The Service Control Manager (SCM) is a component Windows uses to start and stop various operating system services. It suffers from a specific memory corruption vulnerability called a double free condition, which local attacker could leverage to elevate their privileges. By running a specially crafted program, a local attacker could leverage this flaw to gain complete control of your Windows computers. However, the attacker would first need to gain local access to your Windows computers using valid credentials, which significantly reduces the severity of this flaw. Also, the flaw only affects Windows 7 and Server 2008.

Microsoft rating: Important

  • MS13-079:  Active Directory DoS Flaw

Active Directory (AD) provides central authentication and authorization services for Windows computers and typically ships with server versions of Windows. AD suffers from a denial of service (DoS) vulnerability having to do with its inability to properly handle specially crafted LDAP queries. By sending a malicious LDAP query to an AD server, an attacker can exploit this flaw to force the server’s LDAP service to stop responding, putting it into a Denial of Service (DoS) state. However, administrators typically limit LDAP access to their local network, so this vulnerability primarily poses an internal threat. Note: this flaw also affects the AD Lightweight Directory Services (AD LDS), so it affects standard versions of Windows, not just the Server ones.

Microsoft rating: Important

Solution Path:

Microsoft has released various updates that correct all of these vulnerabilities. You should download, test, and deploy the appropriate updates throughout your network immediately. If you choose, you can also let Windows Update automatically download and install them for you. As always, you should test your updates before deploying them. Especially, server related updates.

The links below point directly to the “Affected and Non-Affected Software” section of each bulletin, where you can find links to the various updates:

  • MS13-070
  • MS13-071
  • MS13-076
  • MS13-077
  • MS13-079

For All WatchGuard Users:

Though WatchGuard’s XTM appliances offer defenses that can mitigate the risk of some of these flaws (like blocking access to your AD server, or preventing users from downloading theme or screensaver files), attackers can exploit others locally. Since your gateway XTM appliance can’t protect you against local attacks, we recommend you install Microsoft’s updates to completely protect yourself from these flaws.

Status:

Microsoft has released patches correcting these issues.

References:

  • Microsoft Security Bulletin MS13-070
  • Microsoft Security Bulletin MS13-071
  • Microsoft Security Bulletin MS13-076
  • Microsoft Security Bulletin MS13-077
  • Microsoft Security Bulletin MS13-079

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).


What did you think of this alert? Let us know at [email protected].

Share This:

Related

Filed Under: Security Bytes Tagged With: elevation of Privilege, Kernel-mode drivers, Microsoft, OLE, Updates and patches

Comments

  1. John Phillips says

    September 10, 2013 at 6:10 pm

    Sent from my iPhone 5

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • 3CX Supply Chain Attack
  • Here Come The Regulations

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • 3CX Supply Chain Attack
  • The NSA’s Guidance on Securing Authentication
  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use