Blog: How-Tos

Patch Tuesday 08/10/2013- notable items

Nick Shapley 09 Oct 2013

Yesterday saw the release of yet another stack of patches for Microsoft’s Patch Tuesday.

The most serious being an Internet Explorer (IE) vulnerability, identified as CVE-2013-3893. This vulnerability is known to affect all versions of Internet Explorer and can allow remote code execution via crafted JavaScript string.

The flaw, that was initially discovered in Japan, and has been publically known about for over 3 weeks now from Microsoft first advisory on 17th September (http://technet.microsoft.com/en-us/security/advisory/2887505). As expected, numerous attack campaigns are seeing this vulnerability being taken advantage of to drop Trojans such as “PoisonIvy” onto targeted remote systems, as well as with other more broad drive-by style attacks. This is likely to increase even more with the release of the associated exploit with a Metasploit module last week.

For any clients that are using IE as their browser, we are advising them to patch as soon as possible. If this isn’t possible with your current patch cycle, then there are some other ways that can help mitigate until you can roll out those updates.

First off Microsoft have released a “Fix it” tool that can be downloaded here:
http://support.microsoft.com/kb/2887505

If you are already using Microsoft’s EMET, then this should help to provide protection against this rather nasty exploit. Additional details of the EMET configuration as well as some low details of the actual vulnerability can be found here:
http://blogs.technet.com/b/srd/archive/2013/09/17/cve-2013-3893-fix-it-workaround-available.aspx

Also, most AV vendors have added exploit detection that should detect and stop this exploit in its tracks (though please consult your vendor).

Of course, don’t forget about patching or putting alternative mitigation measures in place for the other patches that are known to affect Windows, .NET Framework, Office, Server and Silverlight.

More information on this set of patches can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-oct

Good luck!