[SingCERT] Microsoft Security Bulletin Summary for August 2013

Published on Wednesday, 04 September 2013 15:29

[ Summary ]

Microsoft has released 8 security bulletins for the month of August 2013 to address vulnerabilities in Microsoft Windows, Internet Explorer and Microsoft Exchange Server. These vulnerabilities could allow remote code execution, elevation of privilege, denial of service or information disclosure. MS13-061 is rated as Critical as the vulnerabilities allow an attacker to send the organisation an email and get arbitrary code to run on the Exchange server itself. This exploit is also publicly disclosed. MS13-063 is rated as Important as it affects the Kernel and is publicly disclosed.

  • MS13-059 Cumulative Security Update for Internet Explorer (2862772)
  • MS13-060 Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2850869)
  • MS13-061 Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2876063)
  • MS13-062 Vulnerability in Remote Procedure Call Could Allow Elevation of Privilege (2849470)
  • MS13-063 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2859537)
  • MS13-064 Vulnerability in Windows NAT Driver Could Allow Denial of Service (2849568)
  • MS13-065 Vulnerability in ICMPv6 could allow Denial of Service (2868623)
  • MS13-066 Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (2873872)

 

[ Affected Systems ]

Windows Operating System and Components

  • Windows XP Service Pack 3
  • Windows XP Professional x64 Edition Service Pack 2
  • Windows Server 2003 Service Pack 2
  • Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2003 with SP2 for Itanium-based Systems
  • Windows Vista Service Pack 2
  • Windows Vista x64 Edition Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for Itanium-based Systems Service Pack 2
  • Windows 7 for 32-bit Systems Service Pack 1
  • Windows 7 for x64-based Systems Service Pack 1
  • Windows 8 for 32-bit Systems
  • Windows 8 for 64-bit Systems
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2012
  • Windows Server 2012 (Server Core installation)
  • Windows RT

Microsoft Server Software

  • Microsoft Exchange Server 2007 Service Pack 3
  • Microsoft Exchange Server 2010 Service Pack 2
  • Microsoft Exchange Server 2010 Service Pack 3
  • Microsoft Exchange Server 2013


[ Impact Analysis ]

Successful exploitation could allow remote code execution, or elevation of privilege.


[ Solution/Workaround ]

Updates are available. Users and administrators are advised to install the updates to prevent the systems from being exploited.


[ References ]

http://technet.microsoft.com/en-us/security/bulletin/ms13-aug
https://technet.microsoft.com/library/security/ms13-059
https://technet.microsoft.com/en-us/security/bulletin/ms13-060
https://technet.microsoft.com/en-us/security/bulletin/ms13-061
https://technet.microsoft.com/library/security/ms13-062
https://technet.microsoft.com/library/security/ms13-063
https://technet.microsoft.com/library/security/ms13-064
https://technet.microsoft.com/en-us/security/bulletin/ms13-065
https://technet.microsoft.com/en-us/security/bulletin/ms13-066