It's Microsoft Patch Tuesday: October 2013

Tony Bradley gathers the information you need to make the right deploy decision when applying Microsoft's October 2013 patches in your organization.

This month marks the tenth anniversary of Patch Tuesday. It doesn't really seem like it's been that long. It feels like only yesterday I was a network admin scrambling at the drop of a hat when Microsoft would release a critical security update without warning. It's hard to imagine that chaos now, as we've grown accustomed to our monthly barrage of security bulletins and security updates on the second Tuesday of each month.

October has fewer security bulletins than the massive September Patch Tuesday, but there are still a fairly hefty eight security bulletins this month. They are split evenly with four rated as Critical by Microsoft, and the remaining four considered merely Important.

The one that easily stands out from the rest as the most urgent of the bunch is MS13-080. It is the cumulative security update for Internet Explorer, which seems to be a monthly fixture now, but this one is more crucial than normal because it patches not one, but two separate vulnerabilities that are currently being exploited in the wild.

This blog post is also available in the PDF format in a TechRepublic Download.

Security Patches

This month's thirteen security bulletins address vulnerabilities in Internet Explorer, Windows, Microsoft Office, and Microsoft Server software.


MS13-080 / KB2879017 - Cumulative Security Update for Internet Explorer

MS13-080 is a critical, must-patch-as-soon-as-possible update. It applies to all supported versions of Internet Explorer, and resolves ten separate security flaws in the browser. The real reason that this update is so urgent, though, is that two of the vulnerabilities are being actively exploited in the wild by attacks. The most severe vulnerabilities could allow an attacker to execute code remotely on the vulnerable system just by luring the user to view a specially-crafted malicious website. Microsoft released a Fix-It tool to guard against one of the zero-day exploits, and there was speculation that Microsoft may even release an out-of-band patch before the Patch Tuesday cycle to address the issue, but the volume of attacks never reached a point concerning enough to warrant the rushed update.


MS13-081 / KB2870008 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution

MS13-081 is also rated as Critical. It addresses seven different vulnerabilities in Microsoft Windows. A couple of the flaws are related to how the Windows kernel handles font files. This update applies to all versions of the Windows operating system except for the most current: Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2. An attacker can compromise a system and gain complete control of the affected system by getting a user to view content with embedded OpenType or TrueType font files. Sadly, it's not difficult to con users into opening a malicious file attachment, so it's important to apply this patch as soon as possible


MS13-082 / KB2878890 - Vulnerabilities in .NET Framework Could Allow Remote Code Execution

This security bulletin takes care of three flaws in the .NET framework. Two are denial of service flaws, but the third - and most dangerous of the three - is an extension of the OpenType font-parsing vulnerability from MS13-081. Again, an attacker could potentially gain complete control of an affected system by luring users to visit a malicious XAML browser application that exploits the font-parsing flaw.


MS13-083 / KB2864058 - Vulnerabilities in Windows Common Control Library Could Allow Remote Code Execution

MS13-083 deals with a vulnerability in a shared DLL file, Comctl32.dll. All versions of Microsoft Windows are impacted by this flaw except Windows XP SP3, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2. The issue itself is a memory corruption flaw that can be triggered by an integer overflow in the shared library. There are no Microsoft products that directly expose this flaw to attack, but a wide variety of third-party applications use and rely on this DLL, so it may be more urgent for some organizations to apply this patch. It is rated as Critical by Microsoft because a successful exploit enables the attacker to remotely execute malicious code on the compromised system.


MS13-084 / KB2885089 - Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution

This patch fixes two vulnerabilities in SharePoint. The impact of the flaws themselves, though, extends beyond just SharePoint. The vulnerabilities affect SharePoint Services 3.0, SharePoint Foundation, SharePoint Server, Excel Services, Word Automation Services, Web Applications 2010, and Excel Web App 2010. One of the two vulnerabilities can lead to code execution in the context of the SharePoint service, and the other enables cross-site scripting attacks. If successfully exploited, an attacker could gain access to the SharePoint server itself, or spoof user actions on the site.


MS13-085 / KB2885080 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution

The MS13-085 update is rated as Important by Microsoft. It resolves two vulnerabilities in Microsoft Office that impact Excel 2007, 2010, and 2013, as well as Office for Mac 2011, the Excel Viewer, and the Office Compatibility Pack. The vulnerabilities could enable an attacker to remotely execute malicious code on the compromised system using the same rights and privileges as the currently logged in user. Microsoft stresses that the impact of this threat can be minimized by ensuring that users operate with limited privileges and do not log into Windows as Administrator.


MS13-086 / KB2885084 - Vulnerabilities in Microsoft Word Could Allow Remote Code Execution

MS13-086 is very similar to MS13-085, but it only affects Microsoft Word 2003 and 2007, along with the Office Compatibility Pack. The vulnerabilities can be exploited to allow the attacker to execute arbitrary code in the context of the logged in user. Again, best practices suggest users not log into Windows as Administrator, which will reduce the potential impact of a successful exploit.


MS13-087 / KB2890788 - Vulnerability in Silverlight Could Allow Information Disclosure

Microsoft rated MS13-087 as Important. There is a flaw in Silverlight 5, and the Silverlight 5 developer runtime, which can be exploited using a specially-crafted malicious website. There is no risk of remote code execution, which is part of why Microsoft gave this security bulletin a lower level of urgency, but an attacker can exploit this flaw to view local data on the target system.