Microsoft Security Bulletin: December 10

Platform
OVERVIEW

Enterprise TruRisk Platform

Everything you need to measure, manage, and reduce your cyber risk in one place

CAPABILITIES

All

Asset Management

Vulnerability & Configuration Management

Risk Remediation

Threat Detection & Response

Compliance

Cloud Security

PLATFORM APPS

ASSET MANAGEMENT

CyberSecurity Asset Management (CSAM)
See entire attack surface, continuously maintain your CMDB, and track EOL/EOS software

External Attack Surface Management (EASM) - New
Gain an attacker’s view of your external internet-facing assets and unauthorized software

Vulnerability & Configuration Management

Vulnerability Management, Detection & Response (VMDR) - Most Popular
Discover, assess, prioritize, and patch critical vulnerabilities up to 50% faster

Enterprise TruRisk Management (ETM) - New
Consolidate & translate security & vulnerability findings from 3rd party tools

Web App Scanning (WAS)
Automate scanning in CI/CD environments with shift left DAST testing

Cloud Workload Protection (CWP)
Detect, prioritize, and remediate vulnerabilities in your cloud environment

Risk REMEDIATION

Patch Management (PM)
Efficiently remediate vulnerabilities and patch systems

Custom Assessment and Remediation (CAR)
Quickly create custom scripts and controls for faster, more automated remediation

Threat Detection and Response

Multi-Vector EDR
Advanced endpoint threat protection, improved threat context, and alert prioritization

Context XDR
Extend detection and response beyond the endpoint to the enterprise

Compliance

Policy Compliance
Reduce risk, and comply with internal policies and external regulations with ease

File Integrity Monitoring (FIM)
Reduce alert noise and safeguard files from nefarious actors and cyber threats

Cloud Security

TotalCloud (CNAPP)
Cloud-Native Application Protection Platform (CNAPP) for multi-cloud environment.

Cloud Security Posture Management (CSPM)
Continuously discover, monitor, and analyze your cloud assets for misconfigurations and non-standard deployments.

Infrastructure as Code Security (IaC)
Detect and remediate security issues within IaC templates

SaaS Security Posture Management (SSPM) - New
Manage your security posture and risk across your entire SaaS application stack

Cloud Workload Protection (CWP)
Detect, prioritize, and remediate vulnerabilities in your cloud environment

Cloud Detection and Response (CDR)
Continuous real-time protection of the multi-cloud environment against active exploitation, malware, and unknown threats.

Container Security (CS)
Discover, track, and continuously secure containers – from build to runtime
Solutions
Use Cases

Endpoint Security

Compliance

PCI Compliance

DORA Compliance

Cloud Security

Application Security

DevOps

Threat Protection

NIS2

Zero-Trust Security

Segments

Small Business

Mid-Sized Business

Enterprise

Federal
Resources
RESOURCES

Resources Library

Product Tours

Blog

Webinars

Qualys Stream

Fundamentals

RESEARCH

Threat Research Unit

Security Alerts

Security Advisories
Support
SUPPORT
More
Customers

Overview

Best Practices

Success Stories

Testimonials
Partners

Overview

Partner Program

VAD Partners

VAR Resellers

MSP/MSSP Partners

Integration Partners

Partner FAQs

Find a Partner
Company

About Us

Our Team

Investor Relations

News

Awards

Events

Careers

Community
- Overview
- Discuss
- Blog
- Training
- Docs
- Resources
Login
What’s my platform?
Contact us
Contact us below to request a quote, or for any product-related questions
Create Account. It’s Free!
Try PM for free
Try VMDR for free
Try VMDR TruRisk for free
Try CS for free
Sign up for TotalCloud
Sign up for CDR
Try CSAM for free
Try PCI for free
Try DORA for free
Try Policy Compliance for free
Try VMDR for Mobile Devices
Try SaaSDR for free
Try Multi-Vector EDR for Free
Try CAR for Free
Request a Demo
Try it
Enterprise TruRisk Platform
- Cloud Platform - Free Trial
Free Services

Try it

Overview
Platform Apps
Vulnerability Management, Detection & Response (VMDR) - Most Popular
Discover, assess, prioritize, and patch critical vulnerabilities up to 50% faster
Enterprise TruRisk Management (ETM) - New
Consolidate & translate security & vulnerability findings from 3rd party tools
Container Security (CS)
Discover, track, and continuously secure containers – from build to runtime
Cloud Workload Protection (CWP)
Detect, prioritize, and remediate vulnerabilities in your cloud environment
Web App Scanning (WAS)
Automate scanning in CI/CD environments with shift left DAST testing

Overview
Platform Apps
TotalCloud (CNAPP)
Cloud-Native Application Protection Platform (CNAPP) for multi-cloud environment.
Cloud Security Posture Management (CSPM)
Continuously discover, monitor, and analyze your cloud assets for misconfigurations and non-standard deployments.
Infrastructure as Code Security (IaC)
Detect and remediate security issues within IaC templates
SaaS Security Posture Management (SSPM) - New
Manage your security posture and risk across your entire SaaS application stack
Cloud Workload Protection (CWP)
Detect, prioritize, and remediate vulnerabilities in your cloud environment
Cloud Detection and Response (CDR)
Continuous real-time protection of the multi-cloud environment against active exploitation, malware, and unknown threats.
Container Security (CS)
Discover, track, and continuously secure containers – from build to runtime

Advisory overview

Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 22 vulnerabilities that were fixed in 11 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.

Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.

Vulnerability details

Microsoft has released 11 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:

Microsoft GDI+ Remote Code Execution Vulnerability (MS13-096) (KB2896666)

Severity

Critical 4

Qualys ID

121569

Vendor Reference

MS13-096

CVE Reference

CVE-2013-3906

CVSS Scores

Base 9.3 / Temporal 7.7

Description

GDI+ is a graphics device interface that provides two-dimensional vector graphics, imaging, and typography to applications and programmers.
A remote code execution vulnerability exists in the way that affected Windows components and other affected software handle specially crafted TIFF files. The vulnerability could allow remote code execution if a user views TIFF files in shared content.
Affected Software:
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Microsoft Office 2003 Service Pack 3
Microsoft Office 2007 Service Pack 3
Microsoft Office 2010 Service Pack 1 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 1 (64-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Word Viewer
Microsoft Excel Viewer
Microsoft PowerPoint 2010 Viewer Service Pack 1
Microsoft PowerPoint 2010 Viewer Service Pack 2
Microsoft Lync 2010 (32-bit)
Microsoft Lync 2010 (64-bit)
Microsoft Lync 2010 Attendee (user level install)
Microsoft Lync 2010 Attendee (admin level install)
Microsoft Lync 2013 (32-bit)
Microsoft Lync Basic 2013 (32-bit)
Microsoft Lync 2013 (64-bit)
Microsoft Lync Basic 2013 (64-bit)

Consequence

An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

Solution

Customers are advised to refer MS13-096 for further details.
Workaround:
Disable the TIFF codec Refer to the following link for further details: Microsoft Security Advisory 2896666
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-096 Microsoft Excel Viewer
MS13-096 Microsoft Lync 2010
MS13-096 Microsoft Lync 2010
MS13-096 Microsoft Lync 2010 Attendee
MS13-096 Microsoft Lync 2010 Attendee
MS13-096 Microsoft Lync 2013
MS13-096 Microsoft Lync Basic 2013
MS13-096 Microsoft Office 2003 Service Pack 3
MS13-096 Microsoft Office 2007 Service Pack 3
MS13-096 Microsoft Office 2010 Service Pack 1 (32-bit editions)
MS13-096 Microsoft Office 2010 Service Pack 1 (64-bit editions)
MS13-096 Microsoft Office 2010 Service Pack 2 (32-bit editions)
MS13-096 Microsoft Office 2010 Service Pack 2 (64-bit editions)
MS13-096 Microsoft Office Compatibility Pack Service Pack 3
MS13-096 Microsoft PowerPoint 2010 Viewer Service Pack 1
MS13-096 Microsoft PowerPoint 2010 Viewer Service Pack 2
MS13-096 Microsoft Word Viewer
MS13-096 Windows Server 2008 for 32-bit Systems Service Pack 2
MS13-096 Windows Server 2008 for 32-bit Systems Service Pack 2
MS13-096 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS13-096 Windows Server 2008 for x64-based Systems Service Pack 2
MS13-096 Windows Server 2008 for x64-based Systems Service Pack 2
MS13-096 Windows Vista Service Pack 2
MS13-096 Windows Vista x64 Edition Service Pack 2
Microsoft Internet Explorer Multiple Remote Code Execution Vulnerabilities (MS13-097)

Severity

Urgent 5

Qualys ID

100172

Vendor Reference

MS13-097

CVE Reference

CVE-2013-5045, CVE-2013-5046, CVE-2013-5047, CVE-2013-5048, CVE-2013-5049, CVE-2013-5051, CVE-2013-5052

CVSS Scores

Base 9.3 / Temporal 7.7

Description

Microsoft Internet Explorer is a graphical web browser developed by Microsoft and included as part of the Microsoft Windows operating systems.
Microsoft Internet Explorer is affected by multiple memory corruption vulnerabilities because it improperly handles objects in memory. An attacker could host a specially crafted website designed to exploit these vulnerabilities through Internet Explorer and then convince a user to view the website.
This security update is rated Critical for Internet Explorer 6, 7, 8, 9 10 and 11 on Windows clients and Moderate for Internet Explorer 6, 7, 8, 9 and 10 on Windows servers.

Consequence

An attacker who successfully exploited these vulnerabilities could execute arbitrary code on affected systems with elevated privileges.

Solution

Please refer to MS13-097 for details.

Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-097 Windows 7 for 32-bit Systems Service Pack 1(Internet Explorer 10)
MS13-097 Windows 7 for 32-bit Systems Service Pack 1(Internet Explorer 11)
MS13-097 Windows 7 for 32-bit Systems Service Pack 1(Internet Explorer 8)
MS13-097 Windows 7 for 32-bit Systems Service Pack 1(Internet Explorer 9)
MS13-097 Windows 7 for x64-based Systems Service Pack 1(Internet Explorer 10)
MS13-097 Windows 7 for x64-based Systems Service Pack 1(Internet Explorer 11)
MS13-097 Windows 7 for x64-based Systems Service Pack 1(Internet Explorer 8)
MS13-097 Windows 7 for x64-based Systems Service Pack 1(Internet Explorer 9)
MS13-097 Windows 8 for 32-bit Systems(Internet Explorer 10)
MS13-097 Windows 8 for x64-based Systems(Internet Explorer 10)
MS13-097 Windows 8.1 for 32-bit Systems(Internet Explorer 11)
MS13-097 Windows 8.1 for x64-based Systems(Internet Explorer 11)
MS13-097 Windows Server 2003 Service Pack 2(Internet Explorer 6)
MS13-097 Windows Server 2003 Service Pack 2(Internet Explorer 7)
MS13-097 Windows Server 2003 Service Pack 2(Internet Explorer 8)
MS13-097 Windows Server 2003 with SP2 for Itanium-based Systems(Internet Explorer 6)
MS13-097 Windows Server 2003 with SP2 for Itanium-based Systems(Internet Explorer 7)
MS13-097 Windows Server 2003 x64 Edition Service Pack 2(Internet Explorer 6)
MS13-097 Windows Server 2003 x64 Edition Service Pack 2(Internet Explorer 7)
MS13-097 Windows Server 2003 x64 Edition Service Pack 2(Internet Explorer 8)
MS13-097 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(Internet Explorer 8)
MS13-097 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Internet Explorer 10)
MS13-097 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Internet Explorer 11)
MS13-097 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Internet Explorer 8)
MS13-097 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Internet Explorer 9)
MS13-097 Windows Server 2008 for 32-bit Systems Service Pack 2(Internet Explorer 7)
MS13-097 Windows Server 2008 for 32-bit Systems Service Pack 2(Internet Explorer 8)
MS13-097 Windows Server 2008 for 32-bit Systems Service Pack 2(Internet Explorer 9)
MS13-097 Windows Server 2008 for Itanium-based Systems Service Pack 2(Internet Explorer 7)
MS13-097 Windows Server 2008 for x64-based Systems Service Pack 2(Internet Explorer 7)
MS13-097 Windows Server 2008 for x64-based Systems Service Pack 2(Internet Explorer 8)
MS13-097 Windows Server 2008 for x64-based Systems Service Pack 2(Internet Explorer 9)
MS13-097 Windows Server 2012(Internet Explorer 10)
MS13-097 Windows Server 2012 R2(Internet Explorer 11)
MS13-097 Windows Vista Service Pack 2(Internet Explorer 7)
MS13-097 Windows Vista Service Pack 2(Internet Explorer 8)
MS13-097 Windows Vista Service Pack 2(Internet Explorer 9)
MS13-097 Windows Vista x64 Edition Service Pack 2(Internet Explorer 7)
MS13-097 Windows Vista x64 Edition Service Pack 2(Internet Explorer 8)
MS13-097 Windows Vista x64 Edition Service Pack 2(Internet Explorer 9)
MS13-097 Windows XP Professional x64 Edition Service Pack 2(Internet Explorer 6)
MS13-097 Windows XP Professional x64 Edition Service Pack 2(Internet Explorer 7)
MS13-097 Windows XP Professional x64 Edition Service Pack 2(Internet Explorer 8)
MS13-097 Windows XP Service Pack 3(Internet Explorer 6)
MS13-097 Windows XP Service Pack 3(Internet Explorer 7)
MS13-097 Windows XP Service Pack 3(Internet Explorer 8)
Windows Digital Signatures Remote Code Execution Vulnerability (MS13-098)

Severity

Critical 4

Qualys ID

90931

Vendor Reference

MS13-098

CVE Reference

CVE-2013-3900

CVSS Scores

Base 7.6 / Temporal 6.3

Description

Windows Authenticode signature verification consists of two primary activities: signature checking on specified objects and trust verification.
A remote code execution vulnerability exists when the WinVerifyTrust function improperly validates the file digest of a specially crafted PE file while verifying a Windows Authenticode signature.
This security update is rated Critical for all supported releases of Windows. QID Detection: (Authenticated) - Windows
This QID checks for registry key - "HKLM\SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB2893294\Filelist" or "HKLM\SOFTWARE\Microsoft\Updates\Windows XP Version 2003\SP3\KB2893294\Filelist" or "HKLM\SOFTWARE\Microsoft\Updates\Windows Server 2003\SP3\KB2893294\Filelist" and checking for file "%windir%\System32\imagehlp.dll" for vulnerable version.

Consequence

Successfully exploiting the vulnerability might allow a remote attacker to install programs; view, change, or delete data; or create new accounts with full user rights.

Solution

For additional information, please refer to Microsoft Security Bulletin MS13-098.
For latest information, please refer to Released: Jan 21, 2022 Workaround:
Microsoft has not identified any workarounds for this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-098 Windows 7 for 32-bit Systems Service Pack 1
MS13-098 Windows 7 for x64-based Systems Service Pack 1
MS13-098 Windows 8 for 32-bit Systems
MS13-098 Windows 8 for x64-based Systems
MS13-098 Windows 8.1 for 32-bit Systems
MS13-098 Windows 8.1 for x64-based Systems
MS13-098 Windows Server 2003 Service Pack 2
MS13-098 Windows Server 2003 with SP2 for Itanium-based Systems
MS13-098 Windows Server 2003 x64 Edition Service Pack 2
MS13-098 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS13-098 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS13-098 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS13-098 Windows Server 2008 for 32-bit Systems Service Pack 2
MS13-098 Windows Server 2008 for 32-bit Systems Service Pack 2
MS13-098 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS13-098 Windows Server 2008 for x64-based Systems Service Pack 2
MS13-098 Windows Server 2008 for x64-based Systems Service Pack 2
MS13-098 Windows Server 2012
MS13-098 Windows Server 2012
MS13-098 Windows Server 2012 R2
MS13-098 Windows Server 2012 R2
MS13-098 Windows Vista Service Pack 2
MS13-098 Windows Vista x64 Edition Service Pack 2
MS13-098 Windows XP Professional x64 Edition Service Pack 2
MS13-098 Windows XP Service Pack 3
Microsoft Scripting Runtime Object Library Remote Code Execution Vulnerability (MS13-099)

Severity

Critical 4

Qualys ID

90932

Vendor Reference

MS13-099

CVE Reference

CVE-2013-5056

CVSS Scores

Base 9.3 / Temporal 7.7

Description

The Microsoft Scripting Runtime Object Library contains objects that are useful for either VBA or script.
This security update resolves a privately reported vulnerability in Microsoft Windows by modifying how the Microsoft Scripting Runtime Object Library handles objects in memory. The vulnerability is caused by memory corruption resulting from the Microsoft Scripting Runtime Object Library improperly handling an object in memory.
This security update is rated Critical.
Affected Versions:
Windows Script 5.6, Windows Script 5.7, and Windows Script 5.8.

Consequence

The vulnerability could allow remote code execution if an attacker convinces a user to visit a specially crafted website or a website that hosts specially crafted content. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Solution

Refer to MS13-099 for further information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-099 Windows 7 for 32-bit Systems Service Pack 1(Windows Script 5.8)
MS13-099 Windows 7 for x64-based Systems Service Pack 1(Windows Script 5.8)
MS13-099 Windows 8 for 32-bit Systems(Windows Script 5.8)
MS13-099 Windows 8 for x64-based Systems(Windows Script 5.8)
MS13-099 Windows 8.1 for 32-bit Systems(Windows Script 5.8)
MS13-099 Windows 8.1 for x64-based Systems(Windows Script 5.8)
MS13-099 Windows Server 2003 Service Pack 2(Windows Script 5.6)
MS13-099 Windows Server 2003 Service Pack 2(Windows Script 5.7)
MS13-099 Windows Server 2003 with SP2 for Itanium-based Systems(Windows Script 5.6)
MS13-099 Windows Server 2003 with SP2 for Itanium-based Systems(Windows Script 5.7)
MS13-099 Windows Server 2003 x64 Edition Service Pack 2(Windows Script 5.6)
MS13-099 Windows Server 2003 x64 Edition Service Pack 2(Windows Script 5.7)
MS13-099 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(Windows Script 5.8)
MS13-099 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Windows Script 5.8)
MS13-099 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(Windows Script 5.8)
MS13-099 Windows Server 2008 for 32-bit Systems Service Pack 2(Windows Script 5.7)
MS13-099 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)(Windows Script 5.7)
MS13-099 Windows Server 2008 for Itanium-based Systems Service Pack 2(Windows Script 5.7)
MS13-099 Windows Server 2008 for x64-based Systems Service Pack 2(Windows Script 5.7)
MS13-099 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)(Windows Script 5.7)
MS13-099 Windows Server 2012(Windows Script 5.8)
MS13-099 Windows Server 2012 (Server Core installation)(Windows Script 5.8)
MS13-099 Windows Server 2012 R2(Windows Script 5.8)
MS13-099 Windows Server 2012 R2 (Server Core installation)(Windows Script 5.8)
MS13-099 Windows Vista Service Pack 2(Windows Script 5.7)
MS13-099 Windows Vista x64 Edition Service Pack 2(Windows Script 5.7)
MS13-099 Windows XP Professional x64 Edition Service Pack 2(Windows Script 5.6)
MS13-099 Windows XP Professional x64 Edition Service Pack 2(Windows Script 5.7)
MS13-099 Windows XP Service Pack 3(Windows Script 5.7)
Microsoft SharePoint Server Remote Code Execution Vulnerability (MS13-100)

Severity

Urgent 5

Qualys ID

110230

Vendor Reference

MS13-100

CVE Reference

CVE-2013-5059

CVSS Scores

Base 6.8 / Temporal 5

Description

A remote code execution vulnerability exists in the way that affected Microsoft Office Services and Web Apps parse content in specially crafted pages.
Affected Software:
Microsoft SharePoint Server 2013 (coreserverloc)
Microsoft SharePoint Server 2010 Service Pack 1-Microsoft Business Productivity Servers
Microsoft SharePoint Server 2010 Service Pack 2-Microsoft Business Productivity Servers
Microsoft SharePoint Server 2013-Microsoft Business Productivity Servers
Microsoft SharePoint Server 2013-Excel Services
Microsoft Office Web Apps 2013-Microsoft Office Web Apps Server 2013
This security update is rated Important for supported editions of Microsoft SharePoint Server.

Consequence

An attacker who successfully exploits this vulnerability can cause arbitrary code to run in the security context of the W3WP service account.

Solution

Customers are advised to refer to MS13-100.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-100 Microsoft Office Web Apps 2013(Microsoft Office Web Apps Server 2013)
MS13-100 Microsoft SharePoint Server 2010 Service Pack 1(Microsoft Business Productivity Servers)
MS13-100 Microsoft SharePoint Server 2010 Service Pack 2(Microsoft Business Productivity Servers)
MS13-100 Microsoft SharePoint Server 2013(Excel Services)
MS13-100 Microsoft SharePoint Server 2013(Microsoft Business Productivity Servers)
MS13-100 Microsoft SharePoint Server 2013(Microsoft SharePoint Server 2013 (coreserverloc))
Microsoft Windows Kernel-Mode Drivers Elevation of Privilege Vulnerability (MS13-101)

Severity

Urgent 5

Qualys ID

90933

Vendor Reference

MS13-101

CVE Reference

CVE-2013-3899, CVE-2013-3902, CVE-2013-3903, CVE-2013-3907, CVE-2013-5058

CVSS Scores

Base 7.2 / Temporal 5.6

Description

The Windows kernel is the core of the operating system. It provides system-level services such as device management and memory management, allocates processor time to processes, and manages error handling.
The kernel is prone to the following vulnerabilities:
- An elevation of privilege vulnerability exists in the way that the Win32k.sys kernel-mode driver validates address values in memory. (CVE-2013-3899)
- An elevation of privilege vulnerability exists in the Microsoft Windows kernel. This vulnerability is caused when the Windows kernel improperly handles objects in memory. (CVE-2013-3902)
- A denial of service vulnerability exists in the Microsoft Windows kernel. This vulnerability is caused when the Windows kernel improperly processes a specifically crafted TrueType font file. (CVE-2013-3903)
- An elevation of privilege vulnerability exists in the way that the Windows audio port-class driver (portcls.sys) handles objects in memory. ( CVE-2013-3907)
- A denial of service vulnerability exists in the way that the Win32k.sys kernel-mode driver handles objects in memory. (CVE-2013-5058)
- An elevation of privilege vulnerability exists in the way that the Win32k.sys kernel-mode driver validates address values in memory. (CVE-2013-3899)
- An elevation of privilege vulnerability exists in the Microsoft Windows kernel. This vulnerability is caused when the Windows kernel improperly handles objects in memory. ( CVE-2013-3902)
- A denial of service vulnerability exists in the Microsoft Windows kernel. This vulnerability is caused when the Windows kernel improperly processes a specifically crafted TrueType font file. (CVE-2013-3903)
- An elevation of privilege vulnerability exists in the way that the Windows audio port-class driver (portcls.sys) handles objects in memory. ( CVE-2013-3907)
- A denial of service vulnerability exists in the way that the Win32k.sys kernel-mode driver handles objects in memory. (CVE-2013-5058)
Affected Software:
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012
Windows Server 2012 R2
Windows RT
Windows RT 8.1
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012 (server core installation)
Windows Server 2012 R2 (server core installation)
This security update is rated Important.

Consequence

An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

Solution

Refer to MS13-101 for further information.
Workaround:
Microsoft has not identified any workarounds for this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-101 Windows 7 for 32-bit Systems Service Pack 1
MS13-101 Windows 7 for 32-bit Systems Service Pack 1
MS13-101 Windows 7 for x64-based Systems Service Pack 1
MS13-101 Windows 7 for x64-based Systems Service Pack 1
MS13-101 Windows 8 for 32-bit Systems
MS13-101 Windows 8 for 32-bit Systems
MS13-101 Windows 8 for x64-based Systems
MS13-101 Windows 8 for x64-based Systems
MS13-101 Windows 8.1 for 32-bit Systems
MS13-101 Windows 8.1 for x64-based Systems
MS13-101 Windows Server 2003 Service Pack 2
MS13-101 Windows Server 2003 with SP2 for Itanium-based Systems
MS13-101 Windows Server 2003 x64 Edition Service Pack 2
MS13-101 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS13-101 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS13-101 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS13-101 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS13-101 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS13-101 Windows Server 2008 for 32-bit Systems Service Pack 2
MS13-101 Windows Server 2008 for 32-bit Systems Service Pack 2
MS13-101 Windows Server 2008 for 32-bit Systems Service Pack 2
MS13-101 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS13-101 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS13-101 Windows Server 2008 for x64-based Systems Service Pack 2
MS13-101 Windows Server 2008 for x64-based Systems Service Pack 2
MS13-101 Windows Server 2008 for x64-based Systems Service Pack 2
MS13-101 Windows Server 2012
MS13-101 Windows Server 2012
MS13-101 Windows Server 2012
MS13-101 Windows Server 2012 R2
MS13-101 Windows Server 2012 R2
MS13-101 Windows Vista Service Pack 2
MS13-101 Windows Vista Service Pack 2
MS13-101 Windows Vista x64 Edition Service Pack 2
MS13-101 Windows Vista x64 Edition Service Pack 2
MS13-101 Windows XP Professional x64 Edition Service Pack 2
MS13-101 Windows XP Service Pack 3
Microsoft Windows LRPC Client Privilege Escalation Vulnerability (MS13-102)

Severity

Critical 4

Qualys ID

90930

Vendor Reference

MS13-102

CVE Reference

CVE-2013-3878

CVSS Scores

Base 6.9 / Temporal 5.1

Description

Microsoft Local Remote Procedure Call (LRPC) is a component of Microsoft Remote Procedure Call (RPC).
An elevation of privilege vulnerability exists in Microsoft Local Remote Procedure Call (LRPC) where an attacker spoofs an LRPC Server and uses a crafted LPC port message to cause a stack-based buffer overflow condition on the LRPC client.
This security update is rated Important for Windows XP Service Pack 3, Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition Service Pack 2 and Windows Server 2003 with SP2 for Itanium-based Systems.

Consequence

Successful exploit could allow remote, unauthenticated attackers to execute arbitrary code within the context of another user. If that other user has elevated rights, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Solution

For additional information, please refer to Microsoft Security Bulletin MS13-102.
Workaround:

Microsoft has not identified any workarounds for this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-102 Windows Server 2003 Service Pack 2
MS13-102 Windows Server 2003 with SP2 for Itanium-based Systems
MS13-102 Windows Server 2003 x64 Edition Service Pack 2
MS13-102 Windows XP Professional x64 Edition Service Pack 2
MS13-102 Windows XP Service Pack 3
ASP.NET SignalR Elevation of Privilege Vulnerability (MS13-103)

Severity

Serious 3

Qualys ID

121628

Vendor Reference

MS13-103

CVE Reference

CVE-2013-5042

CVSS Scores

Base 4.3 / Temporal 3.2

Description

ASP.NET SignalR is a library for ASP.NET developers that simplifies the development of real-time web functionality.
This security update resolves a privately reported vulnerability in ASP.NET SignalR. The vulnerability could allow elevation of privilege if an attacker reflects specially crafted JavaScript back to the browser of a targeted user.
This security update is rated Important for ASP.NET SignalR versions 1.1.0, 1.1.1, 1.1.2, 1.1.3 and 2.0.0, and all supported editions of Microsoft Visual Studio Team Foundation Server 2013.

Consequence

Successfully exploiting the vulnerability might allow a remote attacker reflect specially crafted JavaScript back to the user's browser, which could allow the attacker to modify page content, conduct phishing, or perform actions on behalf of the targeted user.

Solution

For additional information, please refer to Microsoft Security Bulletin MS13-103.
Workaround:
For Windows servers that host web applications using ASP.NET SignalR functionality, turning off the ASP.NET SignalR Forever Frame transport protocol provides temporary protection from the vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-103 ASP.NET SignalR 1.1.x
MS13-103 ASP.NET SignalR 2.0.x
MS13-103 Microsoft Visual Studio Team Foundation Server 2013
Microsoft Office Information Disclosure Vulnerability (MS13-104)

Severity

Serious 3

Qualys ID

110228

Vendor Reference

MS13-104

CVE Reference

CVE-2013-5054

CVSS Scores

Base 4.3 / Temporal 3.6

Description

An information disclosure vulnerability exists when affected Microsoft Office software does not properly handle a specially crafted response while attempting to open an Office file hosted on a malicious website.
This security update is rated Important for supported editions of Microsoft Office 2013 and Microsoft Office 2013 RT software.

Consequence

An attacker who successfully exploited this vulnerability could ascertain access tokens used to authenticate the current user on a targeted SharePoint or other Microsoft Office server site.

Solution

Please refer Microsoft's advisory MS13-104 for more details about patches.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-104 Microsoft Office 2013 (32-bit editions)
MS13-104 Microsoft Office 2013 (64-bit editions)
Microsoft Exchange Server Remote Code Execution Vulnerability (MS13-105)

Severity

Critical 4

Qualys ID

74271

Vendor Reference

MS13-105

CVE Reference

CVE-2013-1330, CVE-2013-5072

CVSS Scores

Base 10 / Temporal 7.8

Description

This security update resolves three publicly disclosed vulnerabilities and one privately reported vulnerability in Microsoft Exchange Server. The most severe of these vulnerabilities exist in the WebReady Document Viewing and Data Loss Prevention features of Microsoft Exchange Server. The security update addresses the vulnerabilities by updating the affected Oracle Outside In libraries to a non-vulnerable version, by enabling machine authentication check (MAC) according to best practices, and by ensuring that URLs are properly sanitized.
This security update is rated Critical.
Affected Versions:
Microsoft Exchange Server 2007, Microsoft Exchange Server 2010, and Microsoft Exchange Server 2013.

Consequence

These vulnerabilities could allow remote code execution in the security context of the LocalService account if an attacker sends an email message containing a specially crafted file to a user on an affected Exchange server. The LocalService account has minimum privileges on the local system and presents anonymous credentials on the network.

Solution

Refer to MS13-105 for further information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-105 Microsoft Exchange Server 2007 Service Pack 3
MS13-105 Microsoft Exchange Server 2010 Service Pack 2
MS13-105 Microsoft Exchange Server 2010 Service Pack 3
MS13-105 Microsoft Exchange Server 2013 Cumulative Update 2
MS13-105 Microsoft Exchange Server 2013 Cumulative Update 3
Microsoft Office Shared Component Security Bypass Vulnerability (MS13-106)

Severity

Critical 4

Qualys ID

110229

Vendor Reference

MS13-106

CVE Reference

CVE-2013-5057

CVSS Scores

Base 4.3 / Temporal 3.4

Description

This security update resolves one publicly disclosed vulnerability in a Microsoft Office shared component.
A security feature bypass exists in an Office shared component that does not properly implement Address Space Layout Randomization (ASLR) when a user views a specially crafted webpage in a web browser capable of instantiating COM components, such as Internet Explorer.
This security update is rated Important for supported editions of Microsoft Office 2007 and Microsoft Office 2010 software.

Consequence

Successful exploitation of this issue allows an attacker to use in conjunction with another vulnerability, such as a remote code execution vulnerability that could take advantage of the ASLR bypass to run arbitrary code.

Solution

Refer to Microsoft's advisory MS13-106 for more details about patches.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS13-106 Microsoft Office 2007 Service Pack 3
MS13-106 Microsoft Office 2010 Service Pack 1 (32-bit editions)
MS13-106 Microsoft Office 2010 Service Pack 1 (64-bit editions)
MS13-106 Microsoft Office 2010 Service Pack 2 (32-bit editions)
MS13-106 Microsoft Office 2010 Service Pack 2 (64-bit editions)

These new vulnerability checks are included in Qualys vulnerability signature 2.2.604-4. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.

Selective Scan Instructions Using Qualys

To perform a selective vulnerability scan, configure a scan profile to use the following options:

Ensure access to TCP ports 135 and 139 are available.
Enable Windows Authentication (specify Authentication Records).
Enable the following Qualys IDs:
- 121569
- 100172
- 90931
- 90932
- 110230
- 90933
- 90930
- 121628
- 110228
- 74271
- 110229
If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.

In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.

Access for Qualys Customers

Platforms and Platform Identification

Technical Support

For more information, customers may contact Qualys Technical Support.

About Qualys

The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.

OVERVIEW

CAPABILITIES

PLATFORM APPS

ASSET MANAGEMENT

Vulnerability & Configuration Management

Risk REMEDIATION

Threat Detection and Response

Compliance

Cloud Security

Use Cases

Segments

RESOURCES

RESEARCH

Customers

Partners

Company

Overview

CAPABILITIES

Platform Apps

Use Cases

Segments

Resources

Research

Enterprise TruRisk Platform

Free Services

Platform Apps

Platform Apps

Platform Apps

Platform Apps

Platform Apps

Platform Apps

Microsoft security alert.

December 10, 2013

Advisory overview

Vulnerability details

Microsoft GDI+ Remote Code Execution Vulnerability (MS13-096) (KB2896666)

Microsoft Internet Explorer Multiple Remote Code Execution Vulnerabilities (MS13-097)

Windows Digital Signatures Remote Code Execution Vulnerability (MS13-098)

Microsoft Scripting Runtime Object Library Remote Code Execution Vulnerability (MS13-099)

Microsoft SharePoint Server Remote Code Execution Vulnerability (MS13-100)

Microsoft Windows Kernel-Mode Drivers Elevation of Privilege Vulnerability (MS13-101)

Microsoft Windows LRPC Client Privilege Escalation Vulnerability (MS13-102)

ASP.NET SignalR Elevation of Privilege Vulnerability (MS13-103)

Microsoft Office Information Disclosure Vulnerability (MS13-104)

Microsoft Exchange Server Remote Code Execution Vulnerability (MS13-105)

Microsoft Office Shared Component Security Bypass Vulnerability (MS13-106)

Selective Scan Instructions Using Qualys

Access for Qualys Customers

Technical Support

About Qualys