To exploit this vulnerability, an attacker requires authenticated and local access to the targeted system, which may require the attacker to access trusted, internal networks. These access requirements could limit the likelihood of a successful exploit. In addition, an attacker may attempt to convince an authenticated user to run a crafted application by using social engineering techniques.
Microsoft has resolved the vulnerability by correcting how the affected software handles objects in memory when presented with corrupted service descriptions.
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address vulnerabilities that Microsoft disclosed in the September 2013 security bulletin release. This Cisco bulletin, which assists administrators in identifying or mitigating these vulnerabilities using Cisco devices, is available at the following link: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for September 2013