Today we released seven security bulletins addressing 34 CVE’s. Six bulletins have a maximum severity rating of Critical, and one has a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
Bulletin | Most likely attack vector | Max Bulletin Severity | Max Exploit-ability rating | Likely first 30 days impact | Platform mitigations and key notes |
---|---|---|---|---|---|
MS13-055(Internet Explorer) | Victim browses to a malicious webpage. | Critical | 1 | Likely to see reliable exploits developed within next 30 days. | 17 CVE’s being addressed. |
MS13-053(win32k.sys and TTF font parsing) | Most likely to be exploited attack vector requires attacker to already be running code on a machine and then uses this vulnerability to elevate from low-privileged account to SYSTEM.Additional attack vector involves victim browsing to a malicious webpage that serves up TTF font file resulting in code execution as SYSTEM. | Critical | 1 | Public proof-of-concept exploit code currently exists for CVE-2013-3660. | Public EPATHOBJ issue (CVE-2013-3660) addressed by this update.Kernel-mode portion of TTF font parsing issue (CVE-2013-3129) addressed by this update. |
MS13-052(.NET Framework and Silverlight) | Victim browses to a malicious Silverlight application hosted on a website. | Critical | 1 | Likely to see reliable exploits developed within next 30 days. | .NET Framework and Silverlight exposure to TTF font parsing issue (CVE-2013-3129) addressed by this update. |
MS13-054(GDI+) | Victim opens a malicious TTF file using an application that leverages GDI+ for font parsing. | Critical | 1 | Likely to see reliable exploits developed within next 30 days. | User-mode (gdiplus.dll) exposure to TTF font parsing issue (CVE-2013-3129) addressed by this update. |
MS13-056(DirectShow) | Victim opens malicious .GIF file using a 3rd-party application that leverages the DirectShow library. | Critical | 1 | Likely to see reliable exploits developed within next 30 days. | No Microsoft end-user applications are known to be vulnerable to the single CVE being addressed by this update. |
MS13-057(Windows Media) | Victim browses to a malicious webpage or opens a malicious Windows Media file. | Critical | 2 | Difficult to build a reliable exploit for this issue. Less likely to see an exploit developed within next 30 days. | One CVE being addressed. |
MS13-058(Windows Defender) | Attacker having write access to the root of the system drive (C:\) places malicious file that is run as LocalSystem by Windows Defender during its signature update process. | Important | 1 | Likely to see reliable exploits developed within next 30 days.Unlikely to see wide-spread infection as low privileged users do not have permission to write to root of system drive by default. | To exploit the vulnerability addressed by this update, attacker must have permission to create a new file at the root of the system drive. (C:\malicious.exe) |
- Jonathan Ness, MSRC Engineering