• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Sharepoint, Excel, and Word Security Updates

October 8, 2013 By Corey Nachreiner

Severity: High

Summary:

  • These vulnerabilities affect: Microsoft Office related products, including SharePoint, Word, and Excel
  • How an attacker exploits them: Varies. Typically by enticing users to open or interact with maliciously crafted Office documents
  • Impact: Many. In the worst case, an attacker can gain complete control of your Windows computer
  • What to do: Install the appropriate Microsoft patches as soon as possible, or let Windows Automatic Update do it for you

Exposure:

Today, Microsoft released three security bulletins that fix five vulnerabilities in SharePoint, Word, and Excel, which are all part of Microsoft’s Office suite of products. We summarize these security bulletins below, in order from highest to lowest severity.

  • MS13-084: Two SharePoint Vulnerabilities

SharePoint Server is Microsoft’s web and document collaboration and management platform. SharePoint, and some of its related components, suffer from both a remote code execution and cross-site scripting (XSS) flaw. The remote code execution is the more severe issue, and involves a flaw in the way Sharepoint handles specially crafted Excel files (this flaw directly relates to an Excel flaw we describe below). If an attacker can entice you to open a specially crafted Excel file from a SharePoint server (or from the Office Services or Web Apps), he could leverage this flaw to execute code on your computer, with your privileges. If you’re an administrator, the attacker has total control of your machine.

These flaws also affect Excel Services, Word Automation Services, and various Office Web Apps.

Microsoft rating: Critical

  • MS13-085: Two Excel Memory Corruption Vulnerabilities

Excel is the popular spreadsheet program that ships with Office. It suffers from two memory corruption vulnerabilities having to do with how it handles specially crafted spreadsheets. By enticing one of your users to download and open a specially crafted document, an attacker could leverage this flaw to execute code on that user’s computer, with that user’s privileges. If you grant users local administrator privileges, the attacker would gain complete control of their machines. One of these two Excel flaws is identical the the Excel-related flaw in Sharepoint. This flaw does not affect Excel 2003, but it does affect Excel for Mac

Microsoft rating: Important

  • MS13-086:  Two Word Memory Corruption Vulnerabilities

Word is the popular word processor that ships with Office. It, like Excel, suffers from two memory corruption vulnerabilities having to do with how it handles specially crafted Office documents. By enticing one of your users to download and open a specially crafted document, an attacker could leverage this flaw to execute code on that user’s computer, with that user’s privileges. If you grant users local administrator privileges, the attacker would gain complete control of their machines. The flaw only affects Word 2003 and 2007, not Word for Mac.

Microsoft rating: Important

Solution Path:

Microsoft has released Office-related patches that correct all of these vulnerabilities. You should download, test, and deploy the appropriate updates throughout your network as soon as possible. If you choose, you can also let Windows Update automatically download and install these updates for you.

Keep in mind, however, that we highly recommend you test updates before running them in your production environment; especially updates for critical production servers.

The links below point directly to the “Affected and Non-Affected Software” section of each bulletin, where you can find all of Microsoft’s update links:

  • MS13-084
  • MS13-085
  • MS13-086

For All WatchGuard Users:

WatchGuard’s eXtensible Threat Management (XTM) security appliances can help mitigate the risk of some of these vulnerabilities. Gateway Antivirus and Intrusion Prevention services can often prevent some of these types of attacks, or the malware these types of attacks try to distribute. For instance, our IPS signature team has developed signatures that can detect and block some of these attacks:

  • WEB Microsoft Parameter Injection Vulnerability (CVE-2013-3895)
  • EXPLOIT Microsoft Word Memory Corruption Vulnerability (CVE-2013-3891)

Your XTM appliance should get this new IPS update shortly.

Nonetheless, we still recommend you install Microsoft’s updates to completely protect yourself from these flaws.

Status:

Microsoft has released patches correcting these issues.

References:

  • Microsoft Security Bulletin MS13-084
  • Microsoft Security Bulletin MS13-085
  • Microsoft Security Bulletin MS13-086

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).


What did you think of this alert? Let us know at [email protected].

Share This:

Related

Filed Under: Security Bytes Tagged With: DoS, excel, FrontPage, memory corruption, Microsoft, outlook, RCE, Remote code execution (RSE), sharepoint, Updates and patches, word

Comments

  1. SutoCom says

    October 9, 2013 at 3:21 am

    Reblogged this on Sutoprise Avenue, A SutoCom Source.

    Reply
  2. Tahlia says

    November 15, 2013 at 5:45 pm

    There’s definately a great deal to know about this issue.
    I really like all the points you have made.

    Reply
  3. 公式 カジュアルシューズ 正規品 says

    November 26, 2013 at 6:45 pm

    I was wondering if you ever thought of changing the layout of your blog?
    Its very well written; I love what youve got to say.

    But maybe you could a little more in the way of
    content so people could connect with it better. Youve got an awful lot of text for only having 1 or
    2 images. Maybe you could space it out better?

    Reply
  4. Callum says

    December 6, 2013 at 5:08 pm

    I like it whenever people get together and share ideas.
    Great blog, continue the good work!

    Reply
  5. 新着 ポインテッドトゥ 公式 says

    December 13, 2013 at 7:51 pm

    continuously i used to read smaller posts which also clear their motive, and that
    is also happening with this article which I am reading at
    this time.

    Reply
  6. Esteban says

    December 21, 2013 at 4:56 pm

    Hi there, I log on to your blog regularly. Your
    story-telling style is witty, keep up the good work!

    Reply
  7. Maryanne says

    December 25, 2013 at 9:31 pm

    I visited many web sites except the audio feature for audio
    songs current at this website is actually fabulous.

    Reply
  8. 上品 スタンドカラージャケット 特価 says

    January 4, 2014 at 11:19 pm

    Greetings from Los angeles! I’m bored to death at work so I decided to browse your blog
    on my iphone during lunch break. I enjoy the info you present here and
    can’t wait to take a look when I get home. I’m amazed at how fast your blog loaded
    on my cell phone .. I’m not even using WIFI, just 3G .. Anyhow, excellent blog!

    Reply
  9. travelス salsa air says

    June 25, 2014 at 12:01 am

    Thank you for the good writeup. It in fact
    was a amusement account it. Look advanced to more added agreeable from you!
    However, how could we communicate?

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • The NSA’s Guidance on Securing Authentication
  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use