Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Microsoft Patch Tuesday - SANS Internet Storm Center Microsoft Patch Tuesday


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft Patch Tuesday 2013-04-09

MS13-028
Title The usual monthly MSIE cumulative patch, adding fixes for two more vulnerabilities. Both are "use after free" memory management issues and they both allow random code execution.
Replaces MS13-021
Affected MSIE
KB KB2817183
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2013-1303 2
MS13-029
Title A memory management problem with the Remote Desktop Connection ActiveX control allows random code execution.
Replaces MS90-44, MS11-017
Affected RDP
KB KB2828223
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2013-1296 1
MS13-030
Title A vulnerability in the default access control lists (ACL) that sharepoint applies to lists allows unauthorized access to lists on a sharepoint server.
Replaces
Affected Sharepoint
KB KB2827663
Known Exploits Yes
Microsoft Rating Important
ISC Client Rating N/A
ISC Server Rating N/A
CVE Exploitability
2013-1290 3
MS13-031
Title Two kernel race conditions allow privilege escalation and read access to kernel memory.
Replaces MS13-017
Affected Kernel
KB KB2813170
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2013-1284 2
MS13-032
Title A denial of service vulnerability exists in the LDAP services provided by Active Directory. Also affects services such as ADAM and AD LDS.
Replaces
Affected Active Directory
KB KB2830914
Known Exploits No
Microsoft Rating Important
ISC Client Rating N/A
ISC Server Rating N/A
CVE Exploitability
2013-1282 3
MS13-033
Title A memory corruption vulnerability in CSRSS (Client/Server Runtime SubSystem) allows for privilege escalation to the context of the local system and/or Denial of Service.
Replaces MS12-003
Affected CSRSS
KB KB2820917
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2013-1295 3
MS13-034
Title Improper path names used by the Microsoft Anti-malware Client (MSAC) allow privilege escalation to the LocalSystem account. Affects Windows Defender on Windows 8 and Windows RT. The update also contains functional updates.
Replaces
Affected MSAC
KB KB2823482
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2013-1285 1
MS13-035
Title HTML validation is not done properly in Microsoft Office (InfoPath), Sharepoint Server, Groove Server, Sharepoint Foundation resulting in what looks like an XSS exploit resulting in privilege escalation.
Replaces MS12-066
Affected HTML sanitization
KB KB2821818
Known Exploits Yes
Microsoft Rating Important
ISC Client Rating N/A
ISC Server Rating N/A
CVE Exploitability
2013-0078 3
MS13-036
Title Multiple vulnerabilities in the windows kernel mode drivers allow privilege escalation and read access to kernel memory as well as Denial of Service.
Replaces MS13-016
Affected Kernel Mode Drivers
KB KB2829996
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2013-1283 1
We will update issues on this page for about a week or so as they evolve. We appreciate your updates!
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
  • We use 4 levels:
    • PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
    • Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
    • Important: Things where more testing and other measures can help.
    • Less Urgent: practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
    • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.