Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Microsoft Patch Tuesday - SANS Internet Storm Center Microsoft Patch Tuesday


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft Patch Tuesday 2013-02-12

MS13-009
Title Cumulative update for MSIE fixing in addition to prior updates a bunch of use after free vulnerabilities that allow random code execution and a character encoding problem that allows an infoleak.
Replaces MS12-077, MS13-008
Affected IE
KB KB2792100
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2013-0015 1
MS13-010
Title A memory corruption problem in VML allows for random code execution.
Replaces MS11-052
Affected VML
KB KB2797052
Known Exploits Yes
Microsoft Rating Critical
ISC Client Rating Patch now
ISC Server Rating Patch now
CVE Exploitability
2013-0030 1
MS13-011
Title An input validation in DirectShow (DirectX) vulnerability allows random code execution in Direct Show.
Replaces MS10-033
Affected DirectX
KB KB2780091
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2013-0077 1
MS13-012
Title Multiple vulnerabilities in the WebReady Document Viewing service allow random code execution with the rights of the localservice account (a low privileged account) or a DoS when a users uses OWA (Outlook Web Access) to access specific content.
Replaces MS12-080
Affected Exchange
KB KB2809279
Known Exploits No
Microsoft Rating Critical
ISC Client Rating N/A
ISC Server Rating N/A
CVE Exploitability
2013-0393 2
MS13-013
Title Multiple vulnerabilities in the Oracle Outside In libraries allow random code execution with the rights of a user account. Attackers need to be able to get the content onto the system in order to get it indexed by the FAST Search Server.
Replaces MS12-067
Affected SharePoint
KB KB2553234
Known Exploits No
Microsoft Rating Important
ISC Client Rating N/A
ISC Server Rating N/A
CVE Exploitability
2012-3214 1
MS13-014
Title A NULL dereference vulnerability in the Microsoft implementation of NFS (Network File System) allows a DoS condition.
Replaces
Affected NFS
KB KB2790978
Known Exploits No
Microsoft Rating Important
ISC Client Rating N/A
ISC Server Rating N/A
CVE Exploitability
2013-1281 3
MS13-015
Title A privilege escalation in XAML browser apps (XBAP) within IE or .NET applications in bypassing CAS (Code Access Security) restrictions.
Replaces MS12-038
Affected .NET
KB KB2800277
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2013-0073 1
MS13-016
Title Multiple race conditions in win32k.sys kernel-mode driver allow privilege escalation.
Replaces MS12-078, MS13-005
Affected Windows kernel, prior to Windows 8, RT and server 2012
KB KB2778344
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2013-1248 2
MS13-017
Title Multiple vulnerabilities allow privilege escalation and users to run arbitrary code in kernel mode.
Replaces MS12-068
Affected Windows kernel
KB KB2799494
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2013-1278 1
MS13-018
Title A vulnerability in how the Windows TCP/IP stack handles a connection termination sequence "TCP FIN WAIT" allows a DoS condition.
Replaces
Affected Windows TCP/IP
KB KB2790655
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2013-0075 3
MS13-019
Title A privilege escalation vulnerability exists in the Windows CSRSS (Client/Server Runtime Subsystem). It allows arbitrary code execution with the privileges of local system for authenticated users.
Replaces MS11-063
Affected CSRSS
KB KB2790113
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2013-0075 2
MS13-020
Title An input validation vulnerability in OLE being used by WordPad or Microsoft Office in XP SP3 allows random code execution with the rights of the logged-on user.
Replaces MS11-038
Affected OLE
KB KB2802968
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2013-1313 1
We will update issues on this page for about a week or so as they evolve. We appreciate your updates!
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
  • We use 4 levels:
    • PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
    • Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
    • Important: Things where more testing and other measures can help.
    • Less Urgent: practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
    • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.