This month we release eight bulletins – four Critical and four Important - which address 25* unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight. For those who need to prioritize their deployment planning, we recommend focusing on MS13-080, MS13-081, and MS13-083.
Our Bulletin Deployment Priority graph provides an overview of this month’s priority releases (click for larger view).

This month we release eight bulletins – four Critical and four Important - which address 25\* unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight. For those who need to prioritize their deployment planning, we recommend focusing on MS13-080, MS13-081, and MS13-083.

Our Bulletin Deployment Priority graph provides an overview of this month’s priority releases (click for larger view).

**MS13-080 | Cumulative Security Update for Internet Explorer** This security update resolves 9\* issues in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a customer views a specially crafted webpage using Internet Explorer, as described in Microsoft Security Advisory 2887505. An attacker who successfully exploited these vulnerabilities could gain the same rights as the current user running Internet Explorer. All but one of these issues were privately disclosed.

**MS13-081 | Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution** This security update resolves seven issues in Microsoft Windows. The most severe vulnerability could allow remote code execution if a user views a malicious webpage with specially crafted OpenType fonts. This release also addresses vulnerabilities that could allow elevation of privilege if an attacker gains access to a system, in some cases physical access to a USB port is required. These issues were privately reported and we have not detected any attacks or customer impact.

**MS13-083 | Vulnerability in Windows Common Control Library Could Allow Remote Code Execution** This security update resolves one issue in Microsoft Windows. The vulnerability could allow remote code execution if an affected system is accessible via an ASP.NET web application and can receive a specifically crafted request. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. This issue was privately reported and we have not detected any attacks or customer impact.

**Security Advisory 2862973 Update for MD5 Certificates** We would like to remind customers of the Update for MD5 Certificates that was released in August 2013 and will be released through Microsoft Update in February 2014. This update affects applications and services using certificates with the MD5 hashing algorithm. This restriction is limited to certificates issued under roots in the Microsoft root certificate program. This will apply only to certificates utilized for server authentication, code signing and time stamping. These applications and services will no longer trust certificates utilizing MD5.

Our risk and impact graph shows an aggregate view of this month’s Severity and Exploitability Index (click for larger view).

For more information about this month’s security updates, including the detailed view of the Exploit Index broken down by CVE, visit the Microsoft Bulletin Summary Web page.

Jonathan Ness and I will host the monthly bulletin webcast, scheduled for Wednesday, October 9, 2013, at 11 a.m. PDT. I invite you to register here and tune in to learn more about this month’s security bulletins and advisory.

For all the latest information, you can also follow the MSRC team on Twitter at @MSFTSecResponse.

I look forward to hearing your questions in the webcast tomorrow.

Thanks,  
Dustin Childs  
Group Manager, Response Communications  
Microsoft Trustworthy Computing

_\*Updated CVE count to accurately reflect the correct number which is 25. This is a documentation error and there is no known impact to customers._

The October 2013 security updates

Directory traversal vulnerability in download_view_attachment.aspx in AfterLogic MailBee WebMail Pro 4.1 for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the temp_filename parameter.

Privacy Statement Terms & Conditions Cookie Policy Accessibility Statement Do Not Sell My Personal Information (for CA)

© 2021 Accenture. All Rights Reserved.

CVE-2008-0333: Bugtraq

aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method.

HPE MyAccount

**HPE MyAccount**

HPE MyAccount

HPE MyAccount

My Bookmarks

My Bookmarks

Manage Account

Manage Account

Sign Out

**My Cart**

****Your cart is currently empty****

Head to the HPE store to browse, configure and order.

Shop now

**Something went wrong**

Try viewing your cart in the HPE Store or check back later.  

View cart

View cart Checkout

HPE Ecosystem

*   HPE GreenLake
*   
*   Cloud Consoles
    
*   Cloud Services
*   Data Services
*   Compute Ops Management
*   Aruba Central
*   
*   HPE GreenLake Administration
    
*   Manage Account
*   Manage Devices
*   
*   HPE Resources
    
*   Support Center
*   Financial Services
*   Developer
*   Communities

HPE GreenLake

EDGE TO CLOUD

**HPE GreenLake**

Accelerate your data-first modernization with the HPE GreenLake edge-to-cloud platform, which brings the cloud to wherever your apps and data live.

HPE GreenLake

Accelerate your data-first modernization with the HPE GreenLake edge-to-cloud platform, which brings the cloud to wherever your apps and data live.

Learn more about HPE GreenLake platform

TEST DRIVE

**Experience HPE GreenLake cloud services**

This guided, hands-on experience allows you to explore cloud services in a live production environment.

Experience HPE GreenLake cloud services

This guided, hands-on experience allows you to explore cloud services in a live production environment.

Get started

CLOUD SERVICES

*   AI, ML, and analytics
*   Business applications
*   Compute
*   Containers
*   Data protection
*   Database
*   Edge
*   HPC
*   Hybrid and multicloud

*   Hyperconverged
*   Migration
*   Networking
*   Private cloud
*   SAP
*   Security, risk, and compliance
*   Storage
*   VDI
*   Virtualization

INDUSTRY

*   Financial Services
*   Healthcare
*   Manufacturing
*   Public Sector
*   Telco

PARTNERS

*   Marketplace
*   HPE GreenLake for partners

Products

See all products and solutions

EDGE TO CLOUD

**Edge to cloud platform solutions**

HPE GreenLake is the open and secure edge-to-cloud platform that you've been waiting for.

Edge to cloud platform solutions

HPE GreenLake is the open and secure edge-to-cloud platform that you've been waiting for.

*   Platform
*   Edge
*   Data
*   Cloud
*   Security

SOLUTIONS BY CATEGORY

*   Data Storage
*   High Performance Computing (HPC)
*   Compute
*   Networking
*   Software
*   Services

See all products and solutions

More...

LATEST NEWS & MEDIA

**Discover More Network**

Our exclusive network featured original series, podcasts, news, resources, and events.Learn more.

Discover More Network

Our exclusive network featured original series, podcasts, news, resources, and events.Learn more.

Learn more

COMPANY

**About HPE**

Learn about our company, our purpose, and read the latest news to see how we’re driving innovation to make it easier to reimagine tomorrow.

About HPE

Learn about our company, our purpose, and read the latest news to see how we’re driving innovation to make it easier to reimagine tomorrow.

Learn more

EVENT

**Discover 2022**

Join HPE experts, leading companies, and industry luminaries and learn how to accelerate your data-first modernization across edge to cloud.

Discover 2022

Join HPE experts, leading companies, and industry luminaries and learn how to accelerate your data-first modernization across edge to cloud.

Learn more

RESOURCES

*   HPE Customer Centers
*   Communities
*   Customer Stories
*   All Blogs & Forums
*   How to buy

Tag

#asp.net