Microsoft Patch Tuesday – January 2013

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing seven bulletins covering a total of 12 vulnerabilities. Three of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the January releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Jan

The following is a breakdown of the issues being addressed this month:

  1. MS13-001 Vulnerability in Windows Print Spooler Components Could Allow Remote Code Execution

    Windows Print Spooler Components Vulnerability (CVE-2013-0011) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Microsoft Windows handles a malformed print spooler response to a client request. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code.

  2. MS13-002 Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution

    MSXML Integer Truncation Vulnerability (CVE-2013-0006) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Microsoft Windows parses XML content. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user.

    MSXML XSLT Vulnerability (CVE-2013-0007) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Microsoft Windows parses XML content. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user.

  3. MS13-003 Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege

    System Center Operations Manager Web Console XSS Vulnerability (CVE-2013-0009) MS Rating: Important

    A cross-site scripting (XSS) vulnerability exists in the System Center Operations Manager that could allow specially crafted script code to run under the guise of the server. This is a non-persistent cross-site scripting vulnerability that could allow an attacker to issue commands to the System Center Operations Manager server in the context of the targeted user.

    System Center Operations Manager Web Console XSS Vulnerability (CVE-2013-0010) MS Rating: Important

    A cross-site scripting (XSS) vulnerability exists in the System Center Operations Manager that could allow specially crafted script code to run under the guise of the server. This is a non-persistent cross-site scripting vulnerability that could allow an attacker to issue commands to the System Center Operations Manager server in the context of the targeted user.

  4. MS13-004 Vulnerability in .NET Framework Could Allow Elevation of Privilege

    System Drawing Information Disclosure Vulnerability (CVE-2013-0001) MS Rating: Moderate

    An information disclosure vulnerability exists in the way that the Windows Forms in the .NET Framework handles pointers to unmanaged memory locations.

    WinForms Buffer Overflow Vulnerability (CVE-2013-0002) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that the Windows Forms in the .NET Framework validates the number of objects in memory before copying those objects into an array.

    S.DS.P Buffer Overflow Vulnerability (CVE-2013-0003) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that the System.DirectoryServices.Protocols (S.DS.P) in the .NET Framework validates the size of objects in memory prior to copying those objects into an array.

    Double Construction Vulnerability (CVE-2013-0004) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that the .NET Framework validates the permissions of certain objects in memory. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

  5. MS13-005 Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege

    Win32k Improper Message Handling Vulnerability (CVE-2013-0008) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel improperly handles window broadcast messages.

  6. MS13-006 Vulnerability in Microsoft Windows Could Allow Security Feature Bypass

    Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability (CVE-2013-0013) MS Rating: Important

    A security feature bypass vulnerability exists in the way that the Microsoft Windows SSL/TLS (Secure Socket Layer and Transport Layer Security) handles the SSL version 3 (SSLv3) and TLS protocols. The vulnerability could allow a security feature bypass if an attacker injects specially crafted content into an SSL/TLS session.

  7. MS13-007 Vulnerability in Open Data Protocol Could Allow Denial of Service

    Replace Denial of Service Vulnerability (CVE-2013-0005) MS Rating: Important

    A denial of service vulnerability exists in the OData specification that could allow a denial of service. The vulnerability could cause the server or service to stop responding and restart.

More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.