Akamai Diversity

The Akamai Blog

Microsoft's July Patch Load: Many Critical Fixes

Microsoft has released seven security bulletins addressing 34 CVEs. Since so many Akamai customers run Windows environments, we find it important to let you know whenever these are rolled out.

Jonathan Ness, an engineer for Microsoft's Security Response Center, says six bulletins have a maximum severity rating of critical, and one has a maximum severity rating of Important. Below is a table to help you prioritize patch deployments in your environment.

BulletinMost likely attack vectorMax Bulletin SeverityMax Exploit-ability ratingLikely first 30 days impactPlatform mitigations and key notes
MS13-055

(Internet Explorer)

Victim browses to a malicious webpage.Critical1Likely to see reliable exploits developed within next 30 days.17 CVE's being addressed.
MS13-053

(win32k.sys and TTF font parsing)

Most likely to be exploited attack vector requires attacker to already be running code on a machine and then uses this vulnerability to elevate from low-privileged account to SYSTEM.

Additional attack vector involves victim browsing to a malicious webpage that serves up TTF font file resulting in code execution as SYSTEM.

Critical1Public proof-of-concept exploit code currently exists for CVE-2013-3660.Public EPATHOBJ issue (CVE-2013-3660) addressed by this update.

Kernel-mode portion of TTF font parsing issue (CVE-2013-3129) addressed by this update.

MS13-052

(.NET Framework and Silverlight)

Victim browses to a malicious Silverlight application hosted on a website.Critical1Likely to see reliable exploits developed within next 30 days..NET Framework and Silverlight exposure to TTF font parsing issue (CVE-2013-3129) addressed by this update.
MS13-054

(GDI+)

Victim opens a malicious TTF file using an application that leverages GDI+ for font parsing.Critical1Likely to see reliable exploits developed within next 30 days.User-mode (gdiplus.dll) exposure to TTF font parsing issue (CVE-2013-3129) addressed by this update.
MS13-056

(DirectShow)

Victim opens malicious .GIF file using a 3rd-party application that leverages the DirectShow library.Critical1Likely to see reliable exploits developed within next 30 days.No Microsoft end-user applications are known to be vulnerable to the single CVE being addressed by this update.
MS13-057

(Windows Media)

Victim browses to a malicious webpage or opens a malicious Windows Media file.Critical2Difficult to build a reliable exploit for this issue. Less likely to see an exploit developed within next 30 days.One CVE being addressed.
MS13-058

(Windows Defender)

Attacker having write access to the root of the system drive (C:\) places malicious file that is run as LocalSystem by Windows Defender during its signature update process.Important1Likely to see reliable exploits developed within next 30 days.

Unlikely to see wide-spread infection as low privileged users do not have permission to write to root of system drive by default.

To exploit the vulnerability addressed by this update, attacker must have permission to create a new file at the root of the system drive. (C:\malicious.exe)

Leave a comment