Russian Email Data Breach: Top Ways the Data Could Be Used - http://t.co/2mkg80txgN #infosec
RT @ibmxforce: Understanding @IE's New Exploit Mitigations: The Memory Protector and the Isolated Heap - http://t.co/nZ6GUiYXhT #ibmxforce
Understanding @IE's New Exploit Mitigations: The Memory Protector and the Isolated Heap - http://t.co/kRDrHnz7cN http://t.co/e4rKEyqKBZ
RT @virusbtn: "The gift that keeps on giving": IBM finds around 7k attacks a week attempting to expoit Heartbleed http://t.co/LCtID3rZQ7
RT @JGarciaBolao: #InfoSec "What happens when the Internet of Things #IoT becomes reality?" http://t.co/7ZXyriBFD5
201305Microsoft-Patch-Tuesday_2.jpg

Microsoft Patch Tuesday – September 2013


Yes, it is that time of the month again. MS has released 13 bulletins (4 critical) covering 47 CVE’s (1 of them is publicly disclosed).  We encourage customers to refer to the notification for additional information.

To share the highlights with our readers I would first like to draw attention to regular Internet Explorer (IE) cumulative update bulletin MS13-069, IE vulnerabilities are rapidly included in widely spread exploit kits and the patch should be a top priority.

Another one is MS13-068 patches one vulnerability in MS Outlook. This can be triggered when the user view or even previews an email with a large number of embedded S/MIME certificates. Although it is not likely to have reliable exploit but new and surprising exploit code is seen every now and then, so this is something that should be patched ASAP as well.

Now for the server side, we have MS13-067 that addresses four vulnerabilities (1 RCE, 2 privilege escalation and 1 DOS). One of these CVE-2013-3180 which is a cross site scripting vulnerability that can be used for privilege escalation and has been publicly disclosed as well.

Other then these we have kernel and MS Office patches as well, and both of these attack vectors have been exploited in the past in targeted and non targeted attacks.

That’s it for the highlights, let’s get patching…

Topics: ,

Related News

0 comments