In Chicago, it's been a roller coaster of a summer with cold weather to now steaming hot. Fortunately, the weather held out for last weekend Trustwave summer outing which was held at Six Flags Great America in Gurnee, Illinois. For those who have attended this amusement park, there are plenty of thrills with the Raging Bull, X-flight and Giant Drop. However, the thrill factor doesn't come close to the September Microsoft patch Tuesday release [especially if you are an IT administrator]. For this month's patch Tuesday, Microsoft has acknowledged thirteen (13) bulletins with four having a critical severity and eight of the bulletins allowing remote code execution conditions. One of the bulletins was pulled from the advance notification, but the thrill factor is still to the ceiling with a majority of bulletins affecting common Microsoft products (IE, Outlook, Office) and there is a good possibility that exploit code will be available for several of the critical bulletins soon.
For this patch Tuesday, we will explore each of these beasts. Feel free to join us for this extreme ride. Secure your safety bar because this patch Tuesday will have its steep downfalls, its twists-n-turns and it could be a bumpy ride.MS13-067 (KB2834052)
Remote Code Execution in Sharepoint Server
Like most individuals fearing the Top Thrill Dragster for its speed, administrators should fear MS13-073 based on the MAC Disabled vulnerability (CVE-2013-1330) in Sharepoint Server. This vulnerability will be very attractive to attackers based on its ability for remote code execution and also creating denial of service conditions on a server that may store confidential information. Among these ten (10) CVEs included in this bulletin, many of these are related to MS13-072 and MS13-073. More information about these vulnerabilities will be provided down the road. Until then, let the suspense continue [dun dun dun dun...].