Monthly Security Bulletin Briefing - TechNet Blogs

More documents

Recommendations

Info

MS13-051 Vulnerability in Microsoft Office Could Allow Remote Code Execution (2839571) Affected Software: Office 2003 SP3 Office for Mac 2011 Detection and Deployment Severity | Important Deployment Priority 1 Restart Requirement A restart is not required Update Replacement MS11-073 MS13-026 More Information and / or Known Issues None Uninstall Support Use Add or Remove Programs in Control Panel WU No MU Yes * MBSA Yes * WSUS Yes * ITMU Yes * SCCM Yes * * Microsoft does not offer any detection and deployment tools for applications designed to run on Macintosh, but the applications feature a built in automatic updating component GBS <strong>Security</strong> Worldwide Programs 12
MS13-051 Vulnerability in Microsoft Office Could Allow Remote Code Execution (2839571) Vulnerability Details: • A remote code execution vulnerability exists in the way that Microsoft Office parses specially crafted Office files. • This vulnerability could allow an attacker to take complete control of an affected system if they can convince a user to open a specially crafted office file. CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory CVE-2013-1331 Important Remote Code Execution NA 1 NA No Yes * None Attack Vectors • A maliciously crafted Office file • Common delivery mechanisms: a maliciously crafted Web page, an e-mail attachment, an instant message, a peer-to-peer file share, a network share, and/or a USB thumb drive * Microsoft is aware of limited targeted attacks against this vulnerability Mitigations • Users would have to be persuaded to visit a malicious web site • Exploitation only gains the same user rights as the logged on account Workarounds • Do not open or save Office files that you receive from untrusted sources or that you receive unexpectedly from trusted sources • For Office for Mac 2011, disassociate binary Office file formats from Office for Mac in OS X's LaunchServices database Exploitability Index: DoS Rating: 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected | * - Not Rated T = Temporary (DoS ends when an attack ceases) | P = Permanent (Administrative action required to recover) GBS <strong>Security</strong> Worldwide Programs 13
Page 1 and 2: Monthly Security Bulletin Briefing
Page 3 and 4: June 2013 Security Bulletins Bullet
Page 5 and 6: MS13-047 Cumulative Security Update
Page 7 and 8: MS13-048 Vulnerability in Windows K
Page 9 and 10: MS13-049 Vulnerability in Kernel-Mo
Page 11: MS13-050 Vulnerability in Windows P
Page 15 and 16: Security Advisory Rerelease Securit
Page 17 and 18: Microsoft Support Lifecycle Lifecyc
Page 19 and 20: TechNet Public Webcast TechNet Webc
Page 21 and 22: Malicious Software Removal Tool Upd
Page 23 and 24: June 2013 Non- Security Content (Wi

Monthly Security Bulletin Briefing - TechNet Blogs

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?