Skip to content

May 2013 Patch Recommendations

10 Security Bulletins were released – 2 Critical, 8 Important, and 0 Moderate

This Month In Brief

We have not uncovered any widespread problems with any of these patches and are releasing all of them.

MS13-037 and MS13-038 are a top priority as they are rated critical and apply to Internet Explorer. Make sure to follow up on these and make sure they are installed successfully.

No out-of-band updates were released during the last month.

(Note: Regarding Microsoft Security Advisory (2847140) Vulnerability in Internet Explorer Could Allow Remote Code Execution. (http://technet.microsoft.com/en-us/security/advisory/2847140#section1) A bulletin was released on May 3 and a link to a “Fix It” solution was posted May 8. The patch for this “out-of-band” vulnerability was release as MS13-038 on May 14.

Exploitability

Requires Restart

  • Servers: Yes
  • Workstations: Yes

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

MS13-037 Cumulative Security Update for Internet Explorer (2829530) (Internet Explorer) The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
Details
KB in Kaseya: KB2829530
Affected Software: XP, Vista, Server 2003, Server 2008, Server 2008 R2, Windows 7
Known Issues per MS: https://support.microsoft.com/kb/2829530
MS13-038 Security Update for Internet Explorer (2847204) (Internet Explorer) The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
Details
KB in Kaseya: KB2847204
Affected Software: XP, Vista, Server 2003, Server 2008, Server 2008 R2, Windows 7
Known Issues per MS:

IMPORTANT

MS13-039 Vulnerability in HTTP.sys Could Allow Denial of Service (2829254) (HTTP.sys) The vulnerability could allow denial of service if an attacker sends a specially crafted HTTP packet to an affected Windows server or client.
Details
KB in Kaseya: KB2829254
Affected Software: Windows 8,Server 2012,Windows RT
Known Issues per MS: https://support.microsoft.com/kb/2829254
MS13-040 Vulnerabilities in .NET Framework Could Allow Spoofing (2836440) (.Net Framework) The more severe of the vulnerabilities could allow spoofing if a .NET application receives a specially crafted XML file.
Details
KB in Kaseya: KB2804576, KB2804576, KB2804577, KB2804579, KB2804580, KB2804582, KB2804583, KB2804584
Affected Software: XP, Vista, Windows 7/8, Server 2003, Server 2008/2008R2/2012
Known Issues per MS: https://support.microsoft.com/kb/2836440
MS13-041 Vulnerability in Lync Could Allow Remote Code Execution (2834695) (Lync) The vulnerability could allow remote code execution if an attacker shares specially crafted content, such as a file or program, as a presentation in Lync or Communicator and then convinces a user to accept an invitation to view or share the presentable content.
Details
KB in Kaseya: KB2827750, KB2827751, KB2827752, KB2827753
Affected Software: Lync 2010, Communicator 2007 R2
Known Issues per MS: https://support.microsoft.com/kb/2834695
MS13-042 Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2830397) (Publisher) The vulnerabilities could allow remote code execution if a user open a specially crafted Publisher file with an affected version of Microsoft Publisher.
Details
KB in Kaseya: KB2553147, KB2597971, KB2810047
Affected Software: Office 2003,2007,2010
Known Issues per MS: https://support.microsoft.com/kb/2830397
MS13-043 Vulnerability in Microsoft Word Could Allow Remote Code Execution (2830399) (Microsoft Office Word) The vulnerability could allow remote code execution if a user opens a specially crafted file or previews a specially crafted email message in an affected version of Microsoft Office software.
Details
KB in Kaseya: KB2781197
Affected Software: Office 2003, Word Viewer
Known Issues per MS:
MS13-044 Vulnerability in Microsoft Visio Could Allow Information Disclosure (2834692) (Visio) The vulnerability could allow information disclosure if a user opens a specially crafted Visio file.
Details
KB in Kaseya: KB2596595, KB2810062, KB2810068
Affected Software: Visio 2003,2007,2010
Known Issues per MS: https://support.microsoft.com/kb/2834692
MS13-045 Vulnerability in Windows Essentials Could Allow Information Disclosure (2813707) (Windows Writer) The vulnerability could allow information disclosure if a user opens Windows Writer using a specially crafted URL.
Details
KB in Kaseya: KB2813707
Affected Software: Windows Essentials 2011,2012
Known Issues per MS:
MS13-046 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2840221) (Kernel-Mode Drivers) The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.
Details
KB in Kaseya: KB2829361, KB2830290
Affected Software: Windows 8, Windows RT
Known Issues per MS: https://support.microsoft.com/kb/2840221
Scroll To Top