Connect with us

Hi, what are you looking for?



Microsoft Plugs IE Zero-day in Patch Tuesday Update

Microsoft released eight security bulletins – including four rated Critical – to address 26 vulnerabilities in Windows, Internet Explorer and other products in this month’s Patch Tuesday.

Microsoft released eight security bulletins – including four rated Critical – to address 26 vulnerabilities in Windows, Internet Explorer and other products in this month’s Patch Tuesday.

Among the vulnerabilities is a critical IE zero-day that Microsoft warned about last month. Already, the bug has been observed being exploited in multiple attack campaigns targeted Internet Explorer users around the world.

“If your job depends on securing systems running Windows, you should be eagerly awaiting the patch for the Internet Explorer (IE) 0-day (CVE-2013-3893: SetMouseCapture Use-After-Free) vulnerability in today’s Patch Tuesday (MS13-080),” said Ross Barrett, senior manager of security engineering at Rapid7. “Exploitation of this vulnerability was detected first in targeted, regionally restricted exploitation, and then later in broader use once the exploit code spread to various public sites. Hopefully users have applied the Microsoft FixIt and/or EMET mitigations, and maybe even tested them with the Metasploit module that came out last week.”

All totaled, the IE bulletin (MS13-080) addresses 10 separate issues. Beyond that, Microsoft recommends customers focus on MS13-081 and MS13-083. MS13-081 is aimed at seven vulnerabilities in Windows, the most severe of which could allow remote code execution if a user views a malicious webpage with specially-crafted OpenType fonts. MS13-083 meanwhile fixes a separate remote code execution issue in Widows affecting vulnerable that are systems accessible via an ASP.NET web application that receives a specially-crafted request.

Advertisement. Scroll to continue reading.

“MS13-083 looks like a really fun one – a remote, server-side vulnerability offering remote code execution that is hittable through web pages,” Barrett said. “This is a genuine article; a real, honest to goodness, potentially “wormable” condition. If the “bad guys” figure out a way to automate the exploitation of this, it could spread rapidly and the defense in depth measures of your organization will be tested. However, this vulnerability was privately reported to Microsoft and is not known to be under active exploitation.”

Craig Young, security researcher at Tripwire, said that administrators should consider deploying MS13-083 even on servers that do not typically open RTF documents.

“The underlying flaw is within common controls that can potentially be attacked through means other than maliciously crafted RTF documents,” he said. “Another aspect of this bug which raises the importance of this update is that RTF exploits tend to provide a vector for the bypass of Address Space Layout Randomization (ASLR).  ASLR is a mitigation technology which makes it more difficult for an attacker to pre-determine memory address information needed to build a functional exploit.

 The fourth critical bulletin is MS13-082, which addresses three vulnerabilities in Microsoft’s .NET Framework. The most serious of these vulnerabilities enables an attacker to remotely execute code if a user visits a website containing a malicious OpenType font file using a browser capable of instantiating XBAP applications.

In addition to the critical bulletins are four that Microsoft has classified as ‘Important.’ This includes vulnerabilities in Microsoft SharePoint Server, Microsoft Excel, Microsoft Word and Microsoft Silverlight.

In addition to the Microsoft fixes, Adobe Systems also issued two security bulletins today as well. The patches from Adobe address critical issues related to Adobe Reader and Acrobat as well as Adobe RoboHelp. The vulnerabilities are unrelated to the announcements last week regarding the theft of Adobe customer data and source code, and none of the vulnerabilities are known to be under attack, according to the company.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.