Severity: : Critical
  Advisory Date: 13 de ноября de 2013

  DESCRIPTION

Microsoft addresses the following vulnerabilities in its October batch of patches:

  • (MS13-088) Cumulative Security Update for Internet Explorer (2888505)
    Risk Rating: Critical

    This security update resolves ten reported vulnerabilities in Internet Explorer. A successful exploit may permit an attacker to execute a malware once user views a malicious webpage via Internet Explorer. Read more here.

  • (MS13-089) Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution (2876331)
    Risk Rating: Critical

    This security update addresses a vulnerability in Microsoft Windows, which can lead to remote execution of malware once users open a specially crafted Windows Write file in WordPad. Read more here.

  • (MS13-090) Cumulative Security Update of ActiveX Kill Bits (2900986)
    Risk Rating: Critical

    This security update resolves a reported vulnerability which may lead to remote malware execution if user visits a maliciously-crafted website. Read more here.

  • (MS13-091) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2885093)
    Risk Rating: Important

    This security update resolves three reported vulnerabilities in Microsoft Office, which may allow remote execution of malware if a user opens a maliciously-crafted WordPerfect file in an affected version of Microsoft Office. Read more here.

  • (MS13-092) Vulnerability in Hyper-V Could Allow Elevation of Privilege (2893986)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows. It may lead to denial of service if the attacker passes a speciall-crafted function parameter in a hypercall from an existing running virtual machine to the hypervisor. Read more here.

  • (MS13-093) Vulnerability in Windows Ancillary Function Driver Could Allow Information Disclosure (2875783)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows, which may allow information theft if an an attacker logs on to an affected system as a local user and runs a malware crafted to steal information. The attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. Read more here.

  • (MS13-094) Vulnerability in Microsoft Outlook Could Allow Information Disclosure (2894514)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Outlook. It may result in information theft if a user opens or previews a malicious email using an affected version of Outlook. Read more here.

  • (MS13-095) Vulnerability in Digital Signatures Could Allow Denial of Service (2868626)
    Risk Rating: Important

    This security update resolves a vulnerability in Microsoft Windows that could result in denial of service when an affected web service processes a malicious certificate. Read more here.

  INFORMATION EXPOSURE

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.

MS Bulletin ID Vulnerability ID DPI Rule Number DPI Rule Name Release Date IDF Compatibility
MS13-088 CVE-2013-3871 1005705 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3871) 12-Nov-13 YES
MS13-088 CVE-2013-3908 1005784 Internet Explorer Information Disclosure Vulnerability (CVE-2013-3908) 12-Nov-13 YES
MS13-088 CVE-2013-3910 1005778 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3910) 12-Nov-13 YES
MS13-088 CVE-2013-3911 1005781 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3911) 12-Nov-13 YES
MS13-088 CVE-2013-3912 1005782 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3912) 12-Nov-13 YES
MS13-088 CVE-2013-3914 1005774 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3914) 12-Nov-13 YES
MS13-088 CVE-2013-3915 1005775 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3915) 12-Nov-13 YES
MS13-088 CVE-2013-3916 1005777 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3916) 12-Nov-13 YES
MS13-088 CVE-2013-3917 1005773 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3917) 12-Nov-13 YES
MS13-089 CVE-2013-3940 1005783 Microsoft Windows Graphics Device Interface Integer Overflow Vulnerability (CVE-2013-3940) 12-Nov-13 YES
MS13-090 CVE-2013-3918 1005779 Microsoft Internet Explorer ActiveX Control Code Execution Vulnerability (CVE-2013-3918) 12-Nov-13 YES
MS13-090 CVE-2013-3918 1005785 Restrict Information Card Signin Helper ActiveX Control 12-Nov-13 YES
MS13-091 CVE-2013-1324 1005780 Microsoft Word WordPerfect Document Stack Buffer Overwrite Vulnerability 12-Nov-13 YES
MS13-091 CVE-2013-1325 1005780 Microsoft Word WordPerfect Document Stack Buffer Overwrite Vulnerability 12-Nov-13 YES