Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing 12 bulletins covering a total of 57 vulnerabilities. Eighteen of this month's issues are rated ’Critical’.
As always, customers are advised to follow these security best practices:
- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or questionable sources.
- Never visit sites of unknown or questionable integrity.
- Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the February releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Feb
The following is a breakdown of the issues being addressed this month:
-
MS13-009 Cumulative Security Update for Internet Explorer
Shift JIS Character Encoding Vulnerability (CVE-2013-0015) MS Rating: Critical
An information disclosure vulnerability exists in Internet Explorer that could allow an attacker to gain access to information in another domain or Internet Explorer zone. An attacker could exploit the vulnerability by constructing a specially crafted webpage that could allow for an information disclosure if a user viewed the webpage.
Internet Explorer SetCapture Use After Free Vulnerability (CVE-2013-0018) MS Rating: Critical
Remote code execution vulnerabilities exist in the way that Internet Explorer accesses an object in memory that has been deleted. These vulnerabilities may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer COmWindowProxy Use After Free Vulnerability (CVE-2013-0019) MS Rating: Critical
Remote code execution vulnerabilities exist in the way that Internet Explorer accesses an object in memory that has been deleted. These vulnerabilities may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer CMarkup Use After Free Vulnerability (CVE-2013-0020) MS Rating: Critical
Remote code execution vulnerabilities exist in the way that Internet Explorer accesses an object in memory that has been deleted. These vulnerabilities may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer vtable Use After Free Vulnerability (CVE-2013-0021) MS Rating: Critical
Remote code execution vulnerabilities exist in the way that Internet Explorer accesses an object in memory that has been deleted. These vulnerabilities may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer LsGetTrailInfo Use After Free Vulnerability (CVE-2013-0022) MS Rating: Critical
Remote code execution vulnerabilities exist in the way that Internet Explorer accesses an object in memory that has been deleted. These vulnerabilities may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer CDispNode Use After Free Vulnerability (CVE-2013-0023) MS Rating: Critical
Remote code execution vulnerabilities exist in the way that Internet Explorer accesses an object in memory that has been deleted. These vulnerabilities may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer pasteHTML Use After Free Vulnerability (CVE-2013-0024) MS Rating: Critical
Remote code execution vulnerabilities exist in the way that Internet Explorer accesses an object in memory that has been deleted. These vulnerabilities may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer SLayoutRun Use After Free Vulnerability (CVE-2013-0025) MS Rating: Critical
Remote code execution vulnerabilities exist in the way that Internet Explorer accesses an object in memory that has been deleted. These vulnerabilities may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer InsertElement Use After Free Vulnerability (CVE-2013-0026) MS Rating: Critical
Remote code execution vulnerabilities exist in the way that Internet Explorer accesses an object in memory that has been deleted. These vulnerabilities may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer CPasteCommand Use After Free Vulnerability (CVE-2013-0027) MS Rating: Critical
Remote code execution vulnerabilities exist in the way that Internet Explorer accesses an object in memory that has been deleted. These vulnerabilities may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer CObjectElement Use After Free Vulnerability (CVE-2013-0028) MS Rating: Critical
Remote code execution vulnerabilities exist in the way that Internet Explorer accesses an object in memory that has been deleted. These vulnerabilities may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer CHTML Use After Free Vulnerability (CVE-2013-0029) MS Rating: Critical
Remote code execution vulnerabilities exist in the way that Internet Explorer accesses an object in memory that has been deleted. These vulnerabilities may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
-
MS13-010 Vulnerability in Vector Markup Language Could Allow Remote Code Execution
VML Memory Corruption Vulnerability (CVE-2013-0030) MS Rating: Critical
A remote code execution vulnerability exists in the way that Internet Explorer handles objects in memory. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote code execution.
-
MS13-011 Vulnerability in Media Decompression Could Allow Remote Code Execution
Media Decompression Vulnerability (CVE-2013-0077) MS Rating: Critical
A remote code execution vulnerability exists in the way that Microsoft Windows handles media content. The vulnerability could allow remote code execution if a user opens a specially crafted media file (such as .MPG) or receives specially crafted streaming content.
-
MS13-012 Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution
Oracle Outside In Contains Multiple Exploitable Vulnerabilities (CVE-2013-0393) MS Rating: Important
A vulnerability exists in Microsoft Exchange Server through the WebReady Document Viewing feature. The vulnerability could cause the affected Exchange Server to become unresponsive if a user views a specially crafted file through Outlook Web Access in a browser.
Oracle Outside In Contains Multiple Exploitable Vulnerabilities (CVE-2013-0418) MS Rating: Critical
A vulnerability exists in Microsoft Exchange Server through the WebReady Document Viewing feature. The vulnerability could allow remote code execution as the LocalService account if a user views a specially crafted file through Outlook Web Access in a browser.
-
MS13-013 Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution
Oracle Outside In contains multiple exploitable vulnerabilities (CVE-2012-3214) MS Rating: Important
Remote code execution vulnerabilities exist in FAST Search Server 2010 for SharePoint with the Advanced Filter Pack enabled. An attacker who succesfully exploited these vulnerabilities could run arbitrary code in the context of a user account with a restricted token. By default, Advanced Filter Pack in FAST is disabled.
Oracle Outside In contains multiple exploitable vulnerabilities (CVE-2012-3217) MS Rating: Important
Remote code execution vulnerabilities exist in FAST Search Server 2010 for SharePoint with the Advanced Filter Pack enabled. An attacker who succesfully exploited these vulnerabilities could run arbitrary code in the context of a user account with a restricted token. By default, Advanced Filter Pack in FAST is disabled.
-
MS13-014 Vulnerability in NFS Server Could Allow Denial of Service
NULL Dereference Vulnerability (CVE-2013-1281) MS Rating: Important
A denial of service vulnerability exists when the Windows NFS server fails to properly handle a file operation on a read-only share. An attacker who successfully exploited this vulnerability could cause the affected system to stop responding and restart.
-
MS13-015 Vulnerability in .NET Framework Could Allow Elevation of Privilege
WinForms Callback Elevation Vulnerability (CVE-2013-0073) MS Rating: Important
An elevation of privilege vulnerability exists in the way that the .NET Framework elevates the permissions of a callback function when a particular Windows Forms object is created. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
-
MS13-016 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege
Win32k Race Condition Vulnerabilities (CVE-2013-1248) MS Rating: Important
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.
Win32k Race Condition Vulnerabilities (CVE-2013-1249) MS Rating: Important
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.
Win32k Race Condition Vulnerabilities (CVE-2013-1250) MS Rating: Important
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.
Win32k Race Condition Vulnerabilities (CVE-2013-1251) MS Rating: Important
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.
Win32k Race Condition Vulnerabilities (CVE-2013-1252) MS Rating: Important
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.
Win32k Race Condition Vulnerabilities (CVE-2013-1253) MS Rating: Important
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.
Win32k Race Condition Vulnerabilities (CVE-2013-1254) MS Rating: Important
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.
Win32k Race Condition Vulnerabilities (CVE-2013-1255) MS Rating: Important
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.
Win32k Race Condition Vulnerabilities (CVE-2013-1256) MS Rating: Important
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.
Win32k Race Condition Vulnerabilities (CVE-2013-1257) MS Rating: Important
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.
Win32k Race Condition Vulnerabilities (CVE-2013-1258) MS Rating: Important
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.
Win32k Race Condition Vulnerabilities (CVE-2013-1259) MS Rating: Important
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.
Win32k Race Condition Vulnerabilities (CVE-2013-1260) MS Rating: Important
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.
Win32k Race Condition Vulnerabilities (CVE-2013-1261) MS Rating: Important
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.
Win32k Race Condition Vulnerabilities (CVE-2013-1262) MS Rating: Important
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.
Win32k Race Condition Vulnerabilities (CVE-2013-1263) MS Rating: Important
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.
Win32k Race Condition Vulnerabilities (CVE-2013-1264) MS Rating: Important
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.
Win32k Race Condition Vulnerabilities (CVE-2013-1265) MS Rating: Important
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.
Win32k Race Condition Vulnerabilities (CVE-2013-1266) MS Rating: Important
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.
Win32k Race Condition Vulnerabilities (CVE-2013-1267) MS Rating: Important
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.
Win32k Race Condition Vulnerabilities (CVE-2013-1268) MS Rating: Important
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.
Win32k Race Condition Vulnerabilities (CVE-2013-1269) MS Rating: Important
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.
Win32k Race Condition Vulnerabilities (CVE-2013-1270) MS Rating: Important
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.
Win32k Race Condition Vulnerabilities (CVE-2013-1271) MS Rating: Important
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.
Win32k Race Condition Vulnerabilities (CVE-2013-1272) MS Rating: Important
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.
Win32k Race Condition Vulnerabilities (CVE-2013-1273) MS Rating: Important
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.
Win32k Race Condition Vulnerabilities (CVE-2013-1274) MS Rating: Important
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.
Win32k Race Condition Vulnerabilities (CVE-2013-1275) MS Rating: Important
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.
Win32k Race Condition Vulnerabilities (CVE-2013-1276) MS Rating: Critical
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.
Win32k Race Condition Vulnerabilities (CVE-2013-1277) MS Rating: Important
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.
-
MS13-017 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
Windows Kernel Reference Count Vulnerability (CVE-2013-1280) MS Rating: Important
An elevation of privilege vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
Kernel Race Condition Vulnerability (CVE-2013-1278) MS Rating: Important
An elevation of privilege vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
Kernel Race Condition Vulnerability (CVE-2013-1279) MS Rating: Important
An elevation of privilege vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
-
MS13-018 Vulnerability in TCP/IP Could Allow Denial of Service
TCP FIN WAIT Vulnerability (CVE-2013-0075) MS Rating: Important
A denial of service vulnerability exists in the Windows TCP/IP stack that could cause the target system to stop responding and automatically restart. The vulnerability is caused when the TCP/IP stack improperly handles a connection termination sequence.
-
MS13-019 Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege
Reference Count Vulnerability (CVE-2013-0076) MS Rating: Important
An elevation of privilege vulnerability exists when the Windows CSRSS improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the local system.
-
MS13-020 Vulnerability in OLE Automation Could Allow Remote Code Execution
OLE Automation Remote Code Execution Vulnerability (CVE-2013-1313) MS Rating: Critical
A remote code execution vulnerability exists in the way that Object Linking and Embedding (OLE) Automation allocates memory. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.