Today we released seven security bulletins addressing 34 CVE’s. Six bulletins have a maximum severity rating of Critical, and one has a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
|Bulletin||Most likely attack vector||Max Bulletin Severity||Max Exploit-ability rating||Likely first 30 days impact||Platform mitigations and key notes|
|Victim browses to a malicious webpage.||Critical||1||Likely to see reliable exploits developed within next 30 days.||17 CVE’s being addressed.|
(win32k.sys and TTF font parsing)
|Most likely to be exploited attack vector requires attacker to already be running code on a machine and then uses this vulnerability to elevate from low-privileged account to SYSTEM.
Additional attack vector involves victim browsing to a malicious webpage that serves up TTF font file resulting in code execution as SYSTEM.
|Critical||1||Public proof-of-concept exploit code currently exists for CVE-2013-3660.||Public EPATHOBJ issue (CVE-2013-3660) addressed by this update.
Kernel-mode portion of TTF font parsing issue (CVE-2013-3129) addressed by this update.
(.NET Framework and Silverlight)
|Victim browses to a malicious Silverlight application hosted on a website.||Critical||1||Likely to see reliable exploits developed within next 30 days.||.NET Framework and Silverlight exposure to TTF font parsing issue (CVE-2013-3129) addressed by this update.|
|Victim opens a malicious TTF file using an application that leverages GDI+ for font parsing.||Critical||1||Likely to see reliable exploits developed within next 30 days.||User-mode (gdiplus.dll) exposure to TTF font parsing issue (CVE-2013-3129) addressed by this update.|
|Victim opens malicious .GIF file using a 3rd-party application that leverages the DirectShow library.||Critical||1||Likely to see reliable exploits developed within next 30 days.||No Microsoft end-user applications are known to be vulnerable to the single CVE being addressed by this update.|
|Victim browses to a malicious webpage or opens a malicious Windows Media file.||Critical||2||Difficult to build a reliable exploit for this issue. Less likely to see an exploit developed within next 30 days.||One CVE being addressed.|
|Attacker having write access to the root of the system drive (C:\) places malicious file that is run as LocalSystem by Windows Defender during its signature update process.||Important||1||Likely to see reliable exploits developed within next 30 days.
Unlikely to see wide-spread infection as low privileged users do not have permission to write to root of system drive by default.
|To exploit the vulnerability addressed by this update, attacker must have permission to create a new file at the root of the system drive. (C:\malicious.exe)|
- Jonathan Ness, MSRC Engineering