10 Security Bulletins were released – 2 Critical, 8 Important, and 0 Moderate
This Month In Brief
We have not uncovered any widespread problems with any of these patches and are releasing all of them.
MS13-037 and MS13-038 are a top priority as they are rated critical and apply to Internet Explorer. Make sure to follow up on these and make sure they are installed successfully.
No out-of-band updates were released during the last month.
(Note: Regarding Microsoft Security Advisory (2847140) Vulnerability in Internet Explorer Could Allow Remote Code Execution. (http://technet.microsoft.com/en-us/security/advisory/2847140#section1) A bulletin was released on May 3 and a link to a “Fix It” solution was posted May 8. The patch for this “out-of-band” vulnerability was release as MS13-038 on May 14.
Exploitability
- Publically disclosed: MS13-038, MS13-040
- Being exploited: MS13-038
- Rated CRITICAL: MS13-037, MS13-038
- (The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating)
Requires Restart
- Servers: Yes
- Workstations: Yes
New Security Bulletins
(MS#/Affected Software/Type)
CRITICAL
 |
MS13-037 Cumulative Security Update for Internet Explorer (2829530) | (Internet Explorer) The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. |
|
MS13-038 Security Update for Internet Explorer (2847204) | (Internet Explorer) The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. |
IMPORTANT
 |
MS13-039 Vulnerability in HTTP.sys Could Allow Denial of Service (2829254) | (HTTP.sys) The vulnerability could allow denial of service if an attacker sends a specially crafted HTTP packet to an affected Windows server or client. |
|
MS13-040 Vulnerabilities in .NET Framework Could Allow Spoofing (2836440) | (.Net Framework) The more severe of the vulnerabilities could allow spoofing if a .NET application receives a specially crafted XML file. |
|
MS13-041 Vulnerability in Lync Could Allow Remote Code Execution (2834695) | (Lync) The vulnerability could allow remote code execution if an attacker shares specially crafted content, such as a file or program, as a presentation in Lync or Communicator and then convinces a user to accept an invitation to view or share the presentable content. |
|
MS13-042 Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2830397) | (Publisher) The vulnerabilities could allow remote code execution if a user open a specially crafted Publisher file with an affected version of Microsoft Publisher. |
|
MS13-043 Vulnerability in Microsoft Word Could Allow Remote Code Execution (2830399) | (Microsoft Office Word) The vulnerability could allow remote code execution if a user opens a specially crafted file or previews a specially crafted email message in an affected version of Microsoft Office software. |
|
MS13-044 Vulnerability in Microsoft Visio Could Allow Information Disclosure (2834692) | (Visio) The vulnerability could allow information disclosure if a user opens a specially crafted Visio file. |
|
MS13-045 Vulnerability in Windows Essentials Could Allow Information Disclosure (2813707) | (Windows Writer) The vulnerability could allow information disclosure if a user opens Windows Writer using a specially crafted URL. |
|
MS13-046 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2840221) | (Kernel-Mode Drivers) The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. |
