This month marks the tenth anniversary of Patch Tuesday. It
doesn’t really seem like it’s been that long. It feels like only yesterday I
was a network admin scrambling at the drop of a hat when Microsoft would
release a critical security update without warning. It’s hard to imagine that
chaos now, as we’ve grown accustomed to our monthly barrage of security
bulletins and security updates on the second Tuesday of each month.

October has fewer security bulletins than the massive
September Patch Tuesday, but there are still a fairly hefty eight security
bulletins this month. They are split evenly with four rated as Critical by
Microsoft, and the remaining four considered merely Important.

The one that easily stands out from the rest as the most
urgent of the bunch is MS13-080. It is the cumulative security update for
Internet Explorer, which seems to be a monthly fixture now, but this one is
more crucial than normal because it patches not one, but two separate
vulnerabilities that are currently being exploited in the wild.

This blog post is also available in the PDF
format in a TechRepublic Download.

Security Patches

This month’s thirteen security bulletins address
vulnerabilities in Internet Explorer, Windows, Microsoft Office, and Microsoft
Server software.

MS13-080 / KB2879017 – Cumulative Security Update for Internet

MS13-080 is a critical, must-patch-as-soon-as-possible
update. It applies to all supported versions of Internet Explorer, and resolves
ten separate security flaws in the browser. The real reason that this update is
so urgent, though, is that two of the vulnerabilities are being actively
exploited in the wild by attacks. The most severe vulnerabilities could allow
an attacker to execute code remotely on the vulnerable system just by luring
the user to view a specially-crafted malicious website. Microsoft released a
Fix-It tool to guard against one of the zero-day exploits, and there was
speculation that Microsoft may even release an out-of-band patch before the
Patch Tuesday cycle to address the issue, but the volume of attacks never
reached a point concerning enough to warrant the rushed update.

MS13-081 / KB2870008 – Vulnerabilities in Windows Kernel-Mode
Drivers Could Allow Remote Code Execution

MS13-081 is also rated as Critical. It addresses seven
different vulnerabilities in Microsoft Windows. A couple of the flaws are
related to how the Windows kernel handles font files. This update applies to
all versions of the Windows operating system except for the most current:
Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2. An attacker can
compromise a system and gain complete control of the affected system by getting
a user to view content with embedded OpenType or TrueType font files. Sadly,
it’s not difficult to con users into opening a malicious file attachment, so
it’s important to apply this patch as soon as possible

MS13-082 / KB2878890 – Vulnerabilities in .NET Framework Could
Allow Remote Code Execution

This security bulletin takes care of three flaws in the .NET
framework. Two are denial of service flaws, but the third – and most dangerous
of the three – is an extension of the OpenType font-parsing vulnerability from
MS13-081. Again, an attacker could potentially gain complete control of an
affected system by luring users to visit a malicious XAML browser application
that exploits the font-parsing flaw.

MS13-083 / KB2864058 – Vulnerabilities in Windows Common
Control Library Could Allow Remote Code Execution

MS13-083 deals with a vulnerability in a shared DLL file,
Comctl32.dll. All versions of Microsoft Windows are impacted by this flaw
except Windows XP SP3, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2.
The issue itself is a memory corruption flaw that can be triggered by an
integer overflow in the shared library. There are no Microsoft products that
directly expose this flaw to attack, but a wide variety of third-party
applications use and rely on this DLL, so it may be more urgent for some
organizations to apply this patch. It is rated as Critical by Microsoft because
a successful exploit enables the attacker to remotely execute malicious code on
the compromised system.

MS13-084 / KB2885089 – Vulnerabilities in Microsoft SharePoint
Server Could Allow Remote Code Execution

This patch fixes two vulnerabilities in SharePoint. The
impact of the flaws themselves, though, extends beyond just SharePoint. The
vulnerabilities affect SharePoint Services 3.0, SharePoint Foundation,
SharePoint Server, Excel Services, Word Automation Services, Web Applications
2010, and Excel Web App 2010. One of the two vulnerabilities can lead to code
execution in the context of the SharePoint service, and the other enables
cross-site scripting attacks. If successfully exploited, an attacker could gain
access to the SharePoint server itself, or spoof user actions on the site.

MS13-085 / KB2885080 – Vulnerabilities in Microsoft Excel Could
Allow Remote Code Execution

The MS13-085 update is rated as Important by Microsoft. It
resolves two vulnerabilities in Microsoft Office that impact Excel 2007, 2010,
and 2013, as well as Office for Mac 2011, the Excel Viewer, and the Office
Compatibility Pack. The vulnerabilities could enable an attacker to remotely
execute malicious code on the compromised system using the same rights and
privileges as the currently logged in user. Microsoft stresses that the impact
of this threat can be minimized by ensuring that users operate with limited
privileges and do not log into Windows as Administrator.

MS13-086 / KB2885084 – Vulnerabilities in Microsoft Word Could
Allow Remote Code Execution

MS13-086 is very similar to MS13-085, but it only affects
Microsoft Word 2003 and 2007, along with the Office Compatibility Pack. The
vulnerabilities can be exploited to allow the attacker to execute arbitrary code
in the context of the logged in user. Again, best practices suggest users not
log into Windows as Administrator, which will reduce the potential impact of a
successful exploit.

MS13-087 / KB2890788 – Vulnerability in Silverlight Could Allow
Information Disclosure

Microsoft rated MS13-087 as Important. There is a flaw in
Silverlight 5, and the Silverlight 5 developer runtime, which can be exploited
using a specially-crafted malicious website. There is no risk of remote code
execution, which is part of why Microsoft gave this security bulletin a lower
level of urgency, but an attacker can exploit this flaw to view local data on
the target system.