June 2013 Patch Recommendations

5 Security Bulletins were released – 1 Critical, 4 Important, and 0 Moderate

This Month In Brief

We have not uncovered any widespread problems with any of these patches and are releasing all of them.

MS13-047 is rated Critical and patches a vulnerability in all versions of Internet Explorer. After your next patch cycle completes you should follow up and make sure this is installed. MS13-051 is also a concern. It’s rated “Important” because user interaction is required however that “interaction” is simply opening a PNG file.

Exploitability

• Publically disclosed: None
• Being exploited: MS13-051
• Rated CRITICAL: MS13-047
• (The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating)

Requires Restart

• Servers: Yes
• Workstations: Yes

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

MS13-047 Cumulative Security Update for Internet Explorer (2838727)

(Internet Explorer) The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. Details KB in Kaseya: KB2838727 Affected Software: XP, Vista, Windows 7/8/RT, Server 2003, Server 2008/2008R2/2012 Known Issues per MS: https://support.microsoft.com/kb/2838727

IMPORTANT

	MS13-048 Vulnerability in Windows Kernel Could Allow Information Disclosure (2839229)	(Windows kernel) The vulnerability could allow information disclosure if an attacker logs on to a system and runs a specially crafted application or convinces a local, logged-in user to run a specially crafted application. Details KB in Kaseya: KB2839229 Affected Software: XP, Vista, Server 2003, Server 2008, Windows 7/8 Known Issues per MS: https://support.microsoft.com/kb/2839229
	MS13-049 Vulnerability in Kernel-Mode Driver Could Allow Denial of Service (2845690)	(Windows kernel mode driver) The vulnerability could allow denial of service if an attacker sends specially crafted packets to the server. Details KB in Kaseya: KB2845690 Affected Software: Vista, Windows 7/8/RT, Server 2008/2008R2/2012 Known Issues per MS: https://support.microsoft.com/kb/2845690
	MS13-050 Vulnerability in Windows Print Spooler Components Could Allow Elevation of Privilege (2839894)	(Print Spooler) The vulnerability could allow elevation of privilege when an authenticated attacker deletes a printer connection. Details KB in Kaseya: KB2839894 Affected Software: Vista, Windows 7/8/RT, Server 2008/2008R2/2012 Known Issues per MS: https://support.microsoft.com/kb/2839894
	MS13-051 Vulnerability in Microsoft Office Could Allow Remote Code Execution (2839571)	(Microsoft Office) The vulnerability could allow remote code execution if a user opens a specially crafted Office document using an affected version of Microsoft Office software, or previews or opens a specially crafted email message in Outlook while using Microsoft Word as the email reader. Details KB in Kaseya: KB2817421, KB2848689 Affected Software: Office 2003, Office 2011 for MAC Known Issues per MS: https://support.microsoft.com/kb/2839571