Microsoft Hardens IE in August Patch Tuesday Update

 
 
By Sean Michael Kerner  |  Posted 2013-08-13 Email Print this article Print
 
 
 
 
 
 
 


"The third vulnerability, CVE-2013-3781, exists in Exchange Server 2013 through the Data Loss Protection (DLP) feature," Microsoft's bulletin states. "This vulnerability could cause the affected Exchange Server to become unresponsive if a user views a specially crafted file through Outlook Web Access in a browser."

RPC

Although only rated by Microsoft as being "Important," Ross Barrett security researcher at Rapid7, sees the MS13-062 bulletin as perhaps the most genuinely interesting vulnerability this month. That bulletin is an elevation of privilege issue in Microsoft Remote Procedure Call (RPC).

"Microsoft has described this as extremely difficult to exploit, which I can only assume is a challenge to exploit writers everywhere to prove them wrong," Barrett said.

IPv6

Wolfgang Kandek, CTO of security firm Qualys, commented that he sees the MS13-065 bulletin that details an IPv6 denial-of-service issue as being noteworthy. In Kandek's view, the IPv6 flaw gives us a glimpse of this new attack surface. The vast majority of all Internet traffic today is carried over IPv4, which has a 32-bit addressing scheme that is running out of usable space. In contrast, the next-generation IPv6 addressing system has a 128-bit space.

"I don't think researchers have focused on that [IPv6] area yet, so there will be more vulnerabilities to come," Kandek said. "At the same time, IPv6 tends to be just on by default and I believe many organizations are not actively managing it."

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.



 
 
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...

 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel