Handler on Duty: Didier Stevens
Threat Level: green
Microsoft Patch Tuesday 2013-04-09
| Title | The usual monthly MSIE cumulative patch, adding fixes for two more vulnerabilities. Both are "use after free" memory management issues and they both allow random code execution. |
|---|---|
| Replaces | MS13-021 |
| Affected | MSIE |
| KB | KB2817183 |
| Known Exploits | No |
| Microsoft Rating | Critical |
| ISC Client Rating | Critical |
| ISC Server Rating | Critical |
| CVE | Exploitability |
|---|---|
| 2013-1303 | 2 |
| Title | A memory management problem with the Remote Desktop Connection ActiveX control allows random code execution. |
|---|---|
| Replaces | MS90-44, MS11-017 |
| Affected | RDP |
| KB | KB2828223 |
| Known Exploits | No |
| Microsoft Rating | Critical |
| ISC Client Rating | Critical |
| ISC Server Rating | Critical |
| CVE | Exploitability |
|---|---|
| 2013-1296 | 1 |
| Title | A vulnerability in the default access control lists (ACL) that sharepoint applies to lists allows unauthorized access to lists on a sharepoint server. |
|---|---|
| Replaces | |
| Affected | Sharepoint |
| KB | KB2827663 |
| Known Exploits | Yes |
| Microsoft Rating | Important |
| ISC Client Rating | N/A |
| ISC Server Rating | N/A |
| CVE | Exploitability |
|---|---|
| 2013-1290 | 3 |
| Title | Two kernel race conditions allow privilege escalation and read access to kernel memory. |
|---|---|
| Replaces | MS13-017 |
| Affected | Kernel |
| KB | KB2813170 |
| Known Exploits | No |
| Microsoft Rating | Important |
| ISC Client Rating | Important |
| ISC Server Rating | Important |
| CVE | Exploitability |
|---|---|
| 2013-1284 | 2 |
| Title | A denial of service vulnerability exists in the LDAP services provided by Active Directory. Also affects services such as ADAM and AD LDS. |
|---|---|
| Replaces | |
| Affected | Active Directory |
| KB | KB2830914 |
| Known Exploits | No |
| Microsoft Rating | Important |
| ISC Client Rating | N/A |
| ISC Server Rating | N/A |
| CVE | Exploitability |
|---|---|
| 2013-1282 | 3 |
| Title | A memory corruption vulnerability in CSRSS (Client/Server Runtime SubSystem) allows for privilege escalation to the context of the local system and/or Denial of Service. |
|---|---|
| Replaces | MS12-003 |
| Affected | CSRSS |
| KB | KB2820917 |
| Known Exploits | No |
| Microsoft Rating | Important |
| ISC Client Rating | Important |
| ISC Server Rating | Important |
| CVE | Exploitability |
|---|---|
| 2013-1295 | 3 |
| Title | Improper path names used by the Microsoft Anti-malware Client (MSAC) allow privilege escalation to the LocalSystem account. Affects Windows Defender on Windows 8 and Windows RT. The update also contains functional updates. |
|---|---|
| Replaces | |
| Affected | MSAC |
| KB | KB2823482 |
| Known Exploits | No |
| Microsoft Rating | Important |
| ISC Client Rating | Important |
| ISC Server Rating | Important |
| CVE | Exploitability |
|---|---|
| 2013-1285 | 1 |
| Title | HTML validation is not done properly in Microsoft Office (InfoPath), Sharepoint Server, Groove Server, Sharepoint Foundation resulting in what looks like an XSS exploit resulting in privilege escalation. |
|---|---|
| Replaces | MS12-066 |
| Affected | HTML sanitization |
| KB | KB2821818 |
| Known Exploits | Yes |
| Microsoft Rating | Important |
| ISC Client Rating | N/A |
| ISC Server Rating | N/A |
| CVE | Exploitability |
|---|---|
| 2013-0078 | 3 |
| Title | Multiple vulnerabilities in the windows kernel mode drivers allow privilege escalation and read access to kernel memory as well as Denial of Service. |
|---|---|
| Replaces | MS13-016 |
| Affected | Kernel Mode Drivers |
| KB | KB2829996 |
| Known Exploits | No |
| Microsoft Rating | Important |
| ISC Client Rating | Important |
| ISC Server Rating | Important |
| CVE | Exploitability |
|---|---|
| 2013-1283 | 1 |
We will update issues on this page for about a week or so as they evolve. We appreciate your updates!
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
- We use 4 levels:
- PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
- Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
- Important: Things where more testing and other measures can help.
- Less Urgent: practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
- The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.
