Today we released eight security bulletins addressing 25 CVE’s. Four bulletins have a maximum severity rating of Critical while the other four have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
|Bulletin||Most likely attack vector||Max Bulletin Severity||Max Exploit-ability||Likely first 30 days impact||Platform mitigations and key notes|
|Victim browses to a malicious webpage.||Critical||1||Likely to see continued attacks against both CVE-2013-3893 and CVE-2013-3897.||Addresses two CVE’s currently under limited attack and seven CVE’s not known to be under attack.|
(win32k.sys and OTF font parsing)
|Most likely to be exploited attack vector requires attacker to already be running code on a machine and then uses this vulnerability to elevate from low-privileged account to SYSTEM.
Additional attack vector involves victim browsing to a malicious webpage that serves up OTF font file resulting in code execution as SYSTEM.
|Critical||1||Likely to see reliable exploits developed within next 30 days.|
|Victim opens a malicious RTF file with an embedded control in either Word or Wordpad, resulting in potential code execution in the context of the logged-on user.||Critical||1||Likely to see reliable exploits developed within next 30 days.||ComCtl32 is used in a number of different scenarios. We expect the most likely attack vector is via MSCOMCTL within an Office document. However, we encourage customers to apply the update on all systems to address other attack vectors as well.|
|Victim browses to malicious XBAP application hosted by an Intranet zone website.||Critical||2||Less likely to see reliable exploit developed for this or other .NET Framework vulnerabilities.|
|Victim opens malicious Excel spreadsheet.||Important||1||Likely to see reliable exploits developed within next 30 days.|
|Victim opens malicious Word document.||Important||1||Likely to see reliable exploits developed within next 30 days.||Office 2010 and Office 2013 not affected.|
|Attacker sends victim a link exploiting a Cross-Site Scripting (XSS) vulnerability on an Intranet SharePoint server for which they have access rights. When the victim clicks the link, an automatic action is taken on their behalf on the SharePoint server that they otherwise might not have wanted to execute.||Important||1||Likely to see reliable exploits developed within next 30 days.||By default, modern browsers block XSS attacks in Internet Zone sites.|
|Possible to use as component in multi-stage attack as this vulnerability allows attacker access to memory addresses and/or contents from the same process.||Important||n/a||No potential for direct code execution.||Information disclosure only.|
- Jonathan Ness, MSRC Engineering