Microsoft Security Bulletin for July 2013

Posted: July 10, 2013 in IT Security News
Tags: ,


Microsoft Security Bulletin

Microsoft Corp. today released the July set of patches for their products by removing six unique vulnerabilities that affect most modern products of the company.

It is interesting to note that three of the vulnerability associated with the way Microsoft software handles fonts. “Working with fonts in the operating system has become really difficult, there is a real-time process that started at the time of printing and this complexity may be the subject of attack,” – says Wolfgang Kandek CTO, Qualys.

The number of critical security vulnerabilities that have been eliminated at this time is higher than average. As a rule, the entire set of vulnerabilities, the company produces 2.1 bulletin describing the critical bugs, but this time there were three of these vulnerabilities – MS13-052, -053 and -054. All related to the rendering system Microsoft TrueType Fonts.

With these vulnerabilities, an attacker can embed malicious values ​​in the font description that overflows the allocated memory for the system font rendering and trigger recording in the storage units designed for other operations. Font-instructions may be provided to or Windows Internet Explorer.

An additional danger lies in the way Windows works with fonts – OS does the system with the privileges of the user who has much more power than regular users.

Among other products, underwent correction, can be distinguished NET Framework, Silverlight, Office, Visual Studio, Lync, IE, and Windows Defender.

Microsoft Security Bulletin Summary for July 2013:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s