Assessing risk for the July 2013 security updates

Today we released seven security bulletins addressing 34 CVE’s. Six bulletins have a maximum severity rating of Critical, and one has a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.

Bulletin

Most likely attack vector

Max Bulletin Severity

Max Exploit-ability rating

Likely first 30 days impact

Platform mitigations and key notes

MS13-055(Internet Explorer)

Victim browses to a malicious webpage.

Critical

1

Likely to see reliable exploits developed within next 30 days.

17 CVE’s being addressed.

MS13-053(win32k.sys and TTF font parsing)

Most likely to be exploited attack vector requires attacker to already be running code on a machine and then uses this vulnerability to elevate from low-privileged account to SYSTEM.Additional attack vector involves victim browsing to a malicious webpage that serves up TTF font file resulting in code execution as SYSTEM.

Critical

1

Public proof-of-concept exploit code currently exists for CVE-2013-3660.

Public EPATHOBJ issue (CVE-2013-3660) addressed by this update.Kernel-mode portion of TTF font parsing issue (CVE-2013-3129) addressed by this update.

MS13-052(.NET Framework and Silverlight)

Victim browses to a malicious Silverlight application hosted on a website.

Critical

1

Likely to see reliable exploits developed within next 30 days.

.NET Framework and Silverlight exposure to TTF font parsing issue (CVE-2013-3129) addressed by this update.

MS13-054(GDI+)

Victim opens a malicious TTF file using an application that leverages GDI+ for font parsing.

Critical

1

Likely to see reliable exploits developed within next 30 days.

User-mode (gdiplus.dll) exposure to TTF font parsing issue (CVE-2013-3129) addressed by this update.

MS13-056(DirectShow)

Victim opens malicious .GIF file using a 3rd-party application that leverages the DirectShow library.

Critical

1

Likely to see reliable exploits developed within next 30 days.

No Microsoft end-user applications are known to be vulnerable to the single CVE being addressed by this update.

MS13-057(Windows Media)

Victim browses to a malicious webpage or opens a malicious Windows Media file.

Critical

2

Difficult to build a reliable exploit for this issue. Less likely to see an exploit developed within next 30 days.

One CVE being addressed.

MS13-058(Windows Defender)

Attacker having write access to the root of the system drive (C:\) places malicious file that is run as LocalSystem by Windows Defender during its signature update process.

Important

1

Likely to see reliable exploits developed within next 30 days.Unlikely to see wide-spread infection as low privileged users do not have permission to write to root of system drive by default.

To exploit the vulnerability addressed by this update, attacker must have permission to create a new file at the root of the system drive. (C:\malicious.exe)

- Jonathan Ness, MSRC Engineering