Today we released eight security bulletins addressing 19 CVE’s. Three bulletins have a maximum severity rating of Critical while the other five have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
| Bulletin | Most likely attack vector | Max Bulletin Severity | Max Exploit-ability | Likely first 30 days impact | Platform mitigations and key notes |
|---|---|---|---|---|---|
| MS13-090(ActiveX killbit) | Victim browses to a malicious webpage. | Critical | 1 | Expect to continue seeing driveby-style attacks leveraging CVE-2013-3918. | Addresses the out-of-bounds memory access vulnerability mentioned on the FireEye blog on Friday: http://www.fireeye.com/blog/technical/2013/11/new-ie-zero-day-found-in-watering-hole-attack.html. More information about this attack can be found on our blog at http://blogs.technet.com/b/srd/archive/2013/11/12/technical-details-of-the-targeted-attack-using-cve-2013-3918.aspx |
| MS13-088(Internet Explorer) | Victim browses to a malicious webpage. | Critical | 1 | Likely to see reliable exploits developed within next 30 days. | |
| MS13-089(Windows GDI) | Victim opens a malicious .WRI file in Wordpad | Critical | 1 | Likely to see reliable exploits developed within next 30 days. | This update addresses a vulnerability in converting a BMP to WMF. While the Wordpad vector would be only “Important” severity, we believe other attack vectors may exists if third party applications are installed. Those attack vectors may not require user interaction. Therefore, out of an abundance of caution, we’ve rated this bulletin “Critical”. |
| MS13-091(Word) | Victim opens malicious Word document. | Important | 1 | Likely to see reliable exploits developed within next 30 days. | |
| MS13-092(Hyper-V) | Attacker running code inside a virtual machine can cause bugcheck of host hypervisor system; or potentially execute code in another VM running on same hypervisor system. | Important | 1 | Likely to see reliable denial-of-service exploit developed within next 30 days. | Guest -> Host is denial-of-service (bugcheck). Guest -> Guest has potential for code execution. |
| MS13-093(AFD.sys) | Attacker running code at low privilege runs malicious EXE to reveal kernel memory addresses and contents. | Important | n/a | No chance for direct code execution. Information disclosure only. | Affects only 64-bit systems. Does not affect Windows 8.1. |
| MS13-094(Outlook) | Attacker sends victim S/MIME email that triggers a number of HTTP requests during S/MIME signature validation. Because requests can be sent to an arbitrary host and port, timing differences can reveal to the attacker which hosts and ports are accessible to the victim’s computer. | Important | n/a | No chance for direct code execution. Information disclosure only. | This vulnerability can be leveraged to “port scan” several thousand ports per S/MIME email opened by victim. Signature verification for multiple S/MIME signers in this way will take some time and will block Outlook during the process. |
| MS13-095(Digital signature parsing denial-of-service) | Attackers sends malformed X.509 certificate to web service causing temporary resource exhaustion denial-of-service condition. | Important | n/a | No chance for direct code execution. Denial of service only. |
- Jonathan Ness, MSRC Engineering