April 9, 2013 at 22:27Microsoft released the next set of updates, April 2013
Microsoft announced the release of the next series of patches aimed at fixing vulnerabilities in their products. The security fixes announced earlier in the pre-release (April 4) cover a total of 12 unique vulnerabilities ( 2 fixes with Critical status and 7 with Important status ). Detailed report (including corrections of corrections with CVE ID) can be found here . One of the critical updates (as well as last month) is aimed at eliminating the vulnerability that is present in all versions of Internet Explorer, starting from version 6 and ending with the latest IE 10 ( MS13-028 ). Vulnerability class Remote Code Executionand could potentially be used to successfully implement drive-by download / installation attacks. Also, immediately three fixes with the status Important are aimed at eliminating vulnerabilities in the kernel, are associated with incorrect operation of the code with objects in memory, and are of the type Elevation of Privilege.
The source says that it is about flaws in IE, the successful exploitation of which was demonstrated by VUPEN scouts at the Pwn2Own contest in Vancouver. For a demonstration of the exploit, they received $ 100,000.
The hotfix for Internet Explorer resolves two vulnerabilities CVE-2013-1303 and CVE-2013-1304.The exploitation of these vulnerabilities occurs when a specially crafted web page is viewed by a browser, while the attacker receives the same rights in the system as the current user. This uses the use-after-free technique, in which the browser code continues to use the memory block after it is actually freed.
Recall that flaw type Remote Code Execution has a Critical rating, because its operation can lead to situations of code execution without user intervention . That is, the vulnerability could potentially be exploited by malicious code with the possibility of self-propagation (for example, network worms). In another case, a possible hidden / silent installation of the code when clicking on a malicious link.
A reboot is required to apply the fix to IE.
Another Critical update addresses vulnerabilities in the RDP client ( MS13-029 ). The vulnerability is also of the “Remote Code Execution” type and is contained in the ActiveX component of the Remote Desktop Connection 6.1 and Remote Desktop Connection 7.0 clients (mstscax.dll). At the same time, flaw covers the OS up to Windows 8 and does not include Windows RT (Windows XP - Seven as Critical and server versions as Moderate) . The user is also at risk when viewing a specially formed web page. Both critical vulnerabilities are marked as:
This is underlined by the fact that they were not seen in exploitation in the wild. A fix may require a reboot.
Three fixes with the Important status immediately belong to the kernel and vulnerabilities are of the Elevation of Privilege type. These are MS13-031 , MS13-033 and MS13-036 . MS13-031 deals with two vulnerabilities: CVE-2013-1284 and CVE-2013-1294 (Exploit code would be difficult to build), which, apparently, are in the ntoskrnl kernel code (incorrect work with objects in the kernel) . Applies to all versions from Windows XP to Windows 8 and RT x32, x64. After successful exploitation, the attacker can read kernel mode memory. MS13-033 closes flaw in the csrss (Client / Server Run-time Subsystem) process - part of the Win32 / Windows subsystem that operates in user mode. The vulnerability in the case of csrss is also associated with incorrect operation with objects in memory. MS13-036 has similar symptoms and applies to win32k.sys, part of the Win32 subsystem operating in kernel mode and the NTFS ntfs.sys file system driver. Exploitation of these flaw is possible using a specially prepared application that runs on the local machine.
Recall that MS releases monthly updates for Windows XP starting with SP3 and Windows XP x64 starting with SP2 . MS announced the end of support for Windows XP SP3from April 8, 2014, i.e., in a year.
Support for Windows 7 without SP1 has already been discontinued .
In general, the April update set is aimed at fixing vulnerabilities in the following products: Microsoft Internet Explorer (6-10 on Windows XP-8 x32 and x64), Windows, SharePoint Server, Office Web Apps, Windows Defender for Windows 8 and Windows RT .
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
be secure.
The source says that it is about flaws in IE, the successful exploitation of which was demonstrated by VUPEN scouts at the Pwn2Own contest in Vancouver. For a demonstration of the exploit, they received $ 100,000.
The hotfix for Internet Explorer resolves two vulnerabilities CVE-2013-1303 and CVE-2013-1304.The exploitation of these vulnerabilities occurs when a specially crafted web page is viewed by a browser, while the attacker receives the same rights in the system as the current user. This uses the use-after-free technique, in which the browser code continues to use the memory block after it is actually freed.
Recall that flaw type Remote Code Execution has a Critical rating, because its operation can lead to situations of code execution without user intervention . That is, the vulnerability could potentially be exploited by malicious code with the possibility of self-propagation (for example, network worms). In another case, a possible hidden / silent installation of the code when clicking on a malicious link.
A reboot is required to apply the fix to IE.
Another Critical update addresses vulnerabilities in the RDP client ( MS13-029 ). The vulnerability is also of the “Remote Code Execution” type and is contained in the ActiveX component of the Remote Desktop Connection 6.1 and Remote Desktop Connection 7.0 clients (mstscax.dll). At the same time, flaw covers the OS up to Windows 8 and does not include Windows RT (Windows XP - Seven as Critical and server versions as Moderate) . The user is also at risk when viewing a specially formed web page. Both critical vulnerabilities are marked as:
This issue was privately reported and we have not detected any attacks or customer impact.
This is underlined by the fact that they were not seen in exploitation in the wild. A fix may require a reboot.
Three fixes with the Important status immediately belong to the kernel and vulnerabilities are of the Elevation of Privilege type. These are MS13-031 , MS13-033 and MS13-036 . MS13-031 deals with two vulnerabilities: CVE-2013-1284 and CVE-2013-1294 (Exploit code would be difficult to build), which, apparently, are in the ntoskrnl kernel code (incorrect work with objects in the kernel) . Applies to all versions from Windows XP to Windows 8 and RT x32, x64. After successful exploitation, the attacker can read kernel mode memory. MS13-033 closes flaw in the csrss (Client / Server Run-time Subsystem) process - part of the Win32 / Windows subsystem that operates in user mode. The vulnerability in the case of csrss is also associated with incorrect operation with objects in memory. MS13-036 has similar symptoms and applies to win32k.sys, part of the Win32 subsystem operating in kernel mode and the NTFS ntfs.sys file system driver. Exploitation of these flaw is possible using a specially prepared application that runs on the local machine.
Recall that MS releases monthly updates for Windows XP starting with SP3 and Windows XP x64 starting with SP2 . MS announced the end of support for Windows XP SP3from April 8, 2014, i.e., in a year.
Support for Windows 7 without SP1 has already been discontinued .
In general, the April update set is aimed at fixing vulnerabilities in the following products: Microsoft Internet Explorer (6-10 on Windows XP-8 x32 and x64), Windows, SharePoint Server, Office Web Apps, Windows Defender for Windows 8 and Windows RT .
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
be secure.