Today Microsoft released 5 patches which addressed 23 individual vulnerabilities. Only one patch is identified by Microsoft as “critical” and resolves 19 reported vulnerabilities in Internet Explorer.
Looking over the patches I would like to highlight the following two patches:
MS13-047: This is the bulk of the update consisting of patches for 19 critical vulnerabilities found in versions of Internet Explorer 6 through 10. All versions of Internet Explorer 6 and above, including IE10 on Windows 7 and Windows 8 devices — which include Surface and Surface RT tablets — and Windows Server products, will require patching.
The zero-day flaw in Internet Explorer allows a remote code execution attack, in which a hacker can exploit the flaw to install malicious software on an affected computer.
MS13-051: While our second highlighted patch is only listed as an “important” update by Microsoft, I would argue that for environments with Office 2003 for Windows or Office 2011 for Mac, this should be looked at as a “critical” update. Although user interaction is required in this vulnerability, adversaries have proven time and again that getting a user to open a file is quite easy. According to Microsoft, this vulnerability has already been used in targeted attacks
Customers running Virus Scan Enterprise, Host IPS, and Application Control, or combinations of these endpoint products, were protected proactively from a majority of the identified vulnerabilities. Protections provided by deploying multiple products from our endpoint suites may allow customers to apply patches systematically, rather than immediate.
The other four bulletins are rated “important,” and affect Windows and Office. In all, the 23 individual flaws range from information disclosure, an elevation of user privileges, denial of service attacks, and remote code execution, which can allow malware onto an affected device.
This month’s patches are as follows:
- MS13-047 Cumulative Security Update for Internet Explorer (2838727)
- MS13-048 Vulnerability in Windows Kernel Could Allow Information Disclosure (2839229)
- MS13-049 Vulnerability in Kernel-Mode Driver Could Allow Denial of Service (2845690)
- MS13-050 Vulnerability in Windows Print Spooler Components Could Allow Elevation of Privilege (2839894)
- MS13-051 Vulnerability in Microsoft Office Could Allow Remote Code Execution (2839571)
McAfee’s coverage for this month’s vulnerabilities is as follows:
- McAfee VirusScan’s buffer overflow protection is expected to provide proactive protection against exploits of 20 out of 23 vulnerabilities this month.
- McAfee Host Intrusion Prevention is expected to provide protection against exploits of 20 out of 23 vulnerabilities this month.
- McAfee Application Control is expected to provide protection against exploits of 20 out of 23 vulnerabilities this month.
- McAfee’s Network Security Platform has new signatures confirmed to protect exploits of 12 out of 23 vulnerabilities this month.
- McAfee Vulnerability Manager and Policy Auditor will very shortly have content to assess whether your systems are exposed to any of these new vulnerabilities.
Aggregate coverage (combining host and network-based countermeasure together) is 21 out of 23. As more details become available, you’ll find them on the McAfee Threat Center. You might also be interested in subscribing to McAfee Labs Security Advisories, where you can get real-time updates via email.
Finally, in case you’re interested, these briefings are archived on the McAfee Community site.