Microsoft releases critical fixes for IE and Exchange Server
Posted on 13 August 2013.
There's a remotely exploitable, publicly disclosed, critical remote code execution vulnerability in Microsoft Exchange (MS13-061)! But wait, is it really remotely exploitable? Well, not in the sense that user interaction is not required, it's a parser issue that is only triggered by a user opening a malicious message in Outlook Web Access (OWA).

Okay, but it's still publicly disclosed right? I mean this is out there? The bad guys have it, right? Well, not exactly. It's public in the sense that this vulnerability is in a third party component (Oracle's to be precise) which has already been patched by the "upstream" vendor. There have been no reports of active exploitation in the wild.

Well fine then. It's still MS Exchange right? Yes, sure, it is still an Exchange issue and odds are you have that in your organization. You might even have some people who routinely use OWA. You should patch this in your next maintenance window.

Also important, critical even, in this month's collection is the mandatory IE patch rollup (MS13-059), featuring a fix for one of the 2013 pwn2own winners. That's only a 5 month turnaround for a fix, fast by MS standards. The other critical this month is MS13-060 which is a flaw in Unicode text parsing. A user would have to be induced to open a malicious file and this only affects Windows XP and 2003. Both of these issues should be patched ASAP.

Perhaps the most genuinely interesting vulnerability this month is MS13-062 which is reported as an Elevation of Privilege because it's a post authentication issue in RPC. Microsoft has described this as extremely difficult to exploit, which I can only assume is a challenge to exploit writers everywhere to prove them wrong.

There's also a mixed bag of privilege elevation and denial of service issues, and one information disclosure. You shouldn't ignore these, but don't lose additional sleep over them. MS13-064 only affects Server 2012 performing NAT, and is limited to exploitation from the local network, but is a persistent DoS (server restart required to clear). If you're in the business of securing networks and those are your biggest concerns, then you are doing far better than most... Assuming you have confidence that Microsoft has the best exploit writers in the world and no one out there can figure out how to turn that DoS into code execution.


Author: Ross Barrett, Senior Manager, Security Engineering, Rapid7.





Spotlight

The security threat of unsanctioned file sharing

Posted on 31 October 2014.  |  Organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and employees routinely breach IT policies.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //