[SingCERT] Microsoft Security Bulletin Summary for July 2013

Published on Wednesday, 04 September 2013 14:10

[ Summary ]

Microsoft has released 7 security bulletins for the month of July 2013 to address vulnerabilities in Microsoft Windows, .NET Framework, Silverlight, Office, Visual Studio, Lync, Internet Explorer, and Windows Defender. These vulnerabilities could allow remote code execution or elevation of privilege.

MS13-053 addresses multiple vulnerabilities in kernel-mode drivers. Two of these have been publicly disclosed.

MS13-052 also includes multiple vulnerabilities and two are publicly disclosed.

  • MS13-052 Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution (2861561)
  • MS13-053 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851)
  • MS13-054 Vulnerability in GDI+ Could Allow Remote Code Execution (2848295)
  • MS13-055 Cumulative Security Update for Internet Explorer (2846071)
  • MS13-056 Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2845187)
  • MS13-057 Vulnerability in Windows Media Format Runtime Could Allow Remote Code Execution (2847883)
  • MS13-058 Vulnerability in Windows Defender Could Allow Elevation of Privilege (2847927)


[ Affected Systems ]

Windows Operating System and Components 

  • Windows XP Service Pack 3
  • Windows XP Professional x64 Edition Service Pack 2
  • Windows Server 2003 Service Pack 2
  • Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2003 with SP2 for Itanium-based Systems
  • Windows Vista Service Pack 2
  • Windows Vista x64 Edition Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for Itanium-based Systems Service Pack 2
  • Windows 7 for 32-bit Systems Service Pack 1
  • Windows 7 for x64-based Systems Service Pack 1
  • Windows 8 for 32-bit Systems
  • Windows 8 for 64-bit Systems
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2012
  • Windows Server 2012 (Server Core installation)
  • Windows RT

Microsoft Office Suites and Software

  • Microsoft Office 2003 Service Pack 3
  • Microsoft Office 2007 Service Pack 3
  • Microsoft Office 2010 Service Pack 1 (32-bit editions)
  • Microsoft Office 2010 Service Pack 1 (64-bit editions)

Microsoft Developer Tools and Software

  • Microsoft Visual Studio .NET 2003 Service Pack 1
  • Microsoft Silverlight 5

Microsoft Communication Platforms and Software

  • Microsoft Lync 2010 (32-bit)
  • Microsoft Lync 2010 (64-bit)
  • Microsoft Lync 2010 Attendee (user level install)
  • Microsoft Lync 2010 Attendee (admin level install)
  • Microsoft Lync 2013 (32-bit)
  • Microsoft Lync Basic 2013 (32-bit)
  • Microsoft Lync 2013 (64-bit)
  • Microsoft Lync Basic 2013 (64-bit)

Microsoft Security Software

  • Windows Defender for Windows 7 (x86)
  • Windows Defender for Windows 7 (x64)
  • Windows Defender when installed on Windows Server 2008 R2 (x64)


[ Impact Analysis ]

Successful exploitation could allow remote code execution or elevation of privilege.


[ Solution/Workaround ]

Updates are available. Users are advised to update their computers to avoid being exploited.


[ References ]

http://technet.microsoft.com/en-us/security/bulletin/ms13-jul
https://technet.microsoft.com/en-us/security/bulletin/ms13-052
https://technet.microsoft.com/en-us/security/bulletin/ms13-053
https://technet.microsoft.com/en-us/security/bulletin/ms13-054
https://technet.microsoft.com/en-us/security/bulletin/ms13-055
https://technet.microsoft.com/en-us/security/bulletin/ms13-056
https://technet.microsoft.com/en-us/security/bulletin/ms13-057
https://technet.microsoft.com/en-us/security/bulletin/ms13-058