November 2013 - Microsoft Releases 8 Security Advisories
DESCRIPTION
Microsoft addresses the following vulnerabilities in its October batch of patches:
- (MS13-088) Cumulative Security Update for Internet Explorer (2888505)
Risk Rating: Critical
This security update resolves ten reported vulnerabilities in Internet Explorer. A successful exploit may permit an attacker to execute a malware once user views a malicious webpage via Internet Explorer. Read more here.
- (MS13-089) Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution (2876331)
Risk Rating: Critical
This security update addresses a vulnerability in Microsoft Windows, which can lead to remote execution of malware once users open a specially crafted Windows Write file in WordPad. Read more here.
- (MS13-090) Cumulative Security Update of ActiveX Kill Bits (2900986)
Risk Rating: Critical
This security update resolves a reported vulnerability which may lead to remote malware execution if user visits a maliciously-crafted website. Read more here.
- (MS13-091) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2885093)
Risk Rating: Important
This security update resolves three reported vulnerabilities in Microsoft Office, which may allow remote execution of malware if a user opens a maliciously-crafted WordPerfect file in an affected version of Microsoft Office. Read more here.
- (MS13-092) Vulnerability in Hyper-V Could Allow Elevation of Privilege (2893986)
Risk Rating: Important
This security update resolves a vulnerability in Microsoft Windows. It may lead to denial of service if the attacker passes a speciall-crafted function parameter in a hypercall from an existing running virtual machine to the hypervisor. Read more here.
- (MS13-093) Vulnerability in Windows Ancillary Function Driver Could Allow Information Disclosure (2875783)
Risk Rating: Important
This security update resolves a vulnerability in Microsoft Windows, which may allow information theft if an an attacker logs on to an affected system as a local user and runs a malware crafted to steal information. The attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. Read more here.
- (MS13-094) Vulnerability in Microsoft Outlook Could Allow Information Disclosure (2894514)
Risk Rating: Important
This security update resolves a vulnerability in Microsoft Outlook. It may result in information theft if a user opens or previews a malicious email using an affected version of Outlook. Read more here.
- (MS13-095) Vulnerability in Digital Signatures Could Allow Denial of Service (2868626)
Risk Rating: Important
This security update resolves a vulnerability in Microsoft Windows that could result in denial of service when an affected web service processes a malicious certificate. Read more here.
TREND MICRO PROTECTION INFORMATION
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.
| MS Bulletin ID | Vulnerability ID | DPI Rule Number | DPI Rule Name | Release Date | IDF Compatibility |
| MS13-088 | CVE-2013-3871 | 1005705 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3871) | 12-Nov-13 | YES |
| MS13-088 | CVE-2013-3908 | 1005784 | Internet Explorer Information Disclosure Vulnerability (CVE-2013-3908) | 12-Nov-13 | YES |
| MS13-088 | CVE-2013-3910 | 1005778 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3910) | 12-Nov-13 | YES |
| MS13-088 | CVE-2013-3911 | 1005781 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3911) | 12-Nov-13 | YES |
| MS13-088 | CVE-2013-3912 | 1005782 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3912) | 12-Nov-13 | YES |
| MS13-088 | CVE-2013-3914 | 1005774 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3914) | 12-Nov-13 | YES |
| MS13-088 | CVE-2013-3915 | 1005775 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3915) | 12-Nov-13 | YES |
| MS13-088 | CVE-2013-3916 | 1005777 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3916) | 12-Nov-13 | YES |
| MS13-088 | CVE-2013-3917 | 1005773 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3917) | 12-Nov-13 | YES |
| MS13-089 | CVE-2013-3940 | 1005783 | Microsoft Windows Graphics Device Interface Integer Overflow Vulnerability (CVE-2013-3940) | 12-Nov-13 | YES |
| MS13-090 | CVE-2013-3918 | 1005779 | Microsoft Internet Explorer ActiveX Control Code Execution Vulnerability (CVE-2013-3918) | 12-Nov-13 | YES |
| MS13-090 | CVE-2013-3918 | 1005785 | Restrict Information Card Signin Helper ActiveX Control | 12-Nov-13 | YES |
| MS13-091 | CVE-2013-1324 | 1005780 | Microsoft Word WordPerfect Document Stack Buffer Overwrite Vulnerability | 12-Nov-13 | YES |
| MS13-091 | CVE-2013-1325 | 1005780 | Microsoft Word WordPerfect Document Stack Buffer Overwrite Vulnerability | 12-Nov-13 | YES |