Severity: High
Summary:
- These vulnerabilities affect: Most current versions of Windows (including 8 and RT), the .NET Framework, and Silverlight 5 (for PC and Mac). Some of these flaws also affect Office and Lync.
- How an attacker exploits them: Multiple vectors of attack, including luring users to malicious web content or running specially crafted programs
- Impact: In the worst case, an attacker can gain complete control of your Windows computer.
- What to do: Install the appropriate Microsoft patches as soon as possible, or let Windows Automatic Update do it for you.
Exposure:
Today, Microsoft released five security bulletins that describe 18 vulnerabilities in Windows, the .NET Framework, Silverlight, and to some extent, Office and Lync. A remote attacker could exploit the worst of these flaws to potentially gain complete control of your Windows PC. We recommend you download, test, and deploy these critical updates as quickly as possible.
The summary below lists the vulnerabilities, in order from highest to lowest severity.
- MS13-053 : Various Kernel-Mode Driver Code Execution Flaws
Microsoft rating: Critical
- MS13-052: .NET Framework and Silverlight Code Execution Flaws
Microsoft rating: Critical
- MS13-054 : GDI+ TrueType Font Handling Vulnerability
The Graphics Device Interface (GDI+) is one of the Windows components that handles images, specifically 2D vector graphics. GDI+ suffers from an unspecified remote code execution vulnerability involving its inability to properly handle specially malformed TrueType (TTF) fonts. By luring one of your users into viewing a malicious font, perhaps hosted on a web site, an attacker could leverage this flaw to execute code on that user’s computer, with that user’s privileges. If your users have local administrative privileges, the attacker gains full control of their computer. GDI+ ships with Windows; but also with Office, Visual Studio, and Lync. You need to patch all the affected products.
Microsoft rating: Critical
- MS13-056: DirectShow Memory Overwrite Vulnerability
- DirectShow (code-named Quartz) is a multimedia component that helps Windows handle various media streams, images, and files. It suffers from a memory overwrite vulnerability having to do with how it handles specially crafted graphics interchange format (GIF) images. By getting your users to view such a malicious image, perhaps via a web site or email, an attacker could leverage this flaw to execute code on that user’s computer, with the user’s privileges. If your users have local administrative privileges, the attacker gains full control of the users' machines.
Microsoft rating: Critical
- MS13-057 : Windows WMV Remote Code Execution Vulnerability
Windows ships with various components, such as the Media Format Runtime, to help it process and play media files. The Windows Media Format Runtime suffers from an unspecified code execution vulnerability involving the way it handles Windows Media Video (WMV) media files. By enticing one of your users to download and play a specially crafted WMV file, or by luring them to a website containing such media, an attacker can exploit this flaw to execute code on that user’s computer, with that user’s privileges. If your user has administrative privileges, the attacker gains complete control of that user’s PC.
Microsoft rating: Critical
Solution Path:
Microsoft has released various updates that correct all of these vulnerabilities. You should download, test, and deploy the appropriate updates throughout your network immediately. If you choose, you can also let Windows Update automatically download and install them for you.
The links below point directly to the “Affected and Non-Affected Software” section of each bulletin, where you can find links to the various updates:
For All WatchGuard Users:
Though WatchGuard's XTM appliances offer defenses that can mitigate the risk of some of these flaws, attackers can exploit others locally. Since your gateway XTM appliance can't protect you against local attacks, we recommend you install Microsoft’s updates to completely protect yourself from these flaws.
Status:
Microsoft has released patches correcting these issues.