Skip to content

Virtual Administrator’s February 2013 Patch Recommendations

12 Security Bulletins were released – 5 Critical, 7 Important, and 0 Moderate

Out-of-band updates

MS13-008 released on January 14

Virtual Administrator approved the patch as soon as it became available.

https://virtualadministrator.com/blog/out-of-band-update-released-on-january-14-ms13-008/

Noteworthy Patch News

We have not uncovered any widespread problems with any of these patches and are releasing all of them.

This is a big Patch Tuesday. MS13-009 and MS13-010 are a top priority as they are rated critical and apply to all versions of Internet Explorer. MS13-012 addresses a vulnerability but is also included as a part of Update Rollups for Microsoft Exchange 2007/2010. For Update Rollup 10 for Microsoft Exchange Server 2007 Service Pack 3 (KB2788321), see Microsoft Knowledge Base Article 2788321. For Update Rollup 6 for Microsoft Exchange 2010 Service Pack 2 (KB2746164), see Microsoft Knowledge Base Article 2746164.

Assessing risk for the February 2013 security updates

http://blogs.technet.com/b/srd/archive/2013/02/12/assessing-risk-for-the-february-2013-security-updates.aspx

This Month In Brief

Exploitability

Requires Restart

  • Servers: Yes
  • Workstations: Yes

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

MS13-009 (Cumulative Security Update for Internet Explorer (2792100) ) (Internet Explorer) The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
Details
KB in Kaseya: KB2792100
Affected Software: XP, Vista, Windows 7/8, Server 2003, Server 2008/2008R2/2012
Known Issues per MS: http://support.microsoft.com/kb/2792100
MS13-010 (Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2797052) ) (Internet Explorer) The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
Details
KB in Kaseya: KB2797052
Affected Software: XP, Vista, Windows 7/8, Server 2003, Server 2008/2008R2/2012
Known Issues per MS: http://support.microsoft.com/kb/2797052
MS13-011 (Vulnerability in Media Decompression Could Allow Remote Code Execution (2780091) ) (DirectShow) The vulnerability could allow remote code execution if a user opens a specially crafted media file (such as an .mpg file), opens a Microsoft Office document (such as a .ppt file) that contains a specially crafted embedded media file, or receives specially crafted streaming content.
Details
KB in Kaseya: KB2780091
Affected Software: XP, Vista, Server 2003, Server 2008
Known Issues per MS:
MS13-012 (Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2809279) ) (Exchange) The most severe vulnerability is in Microsoft Exchange Server WebReady Document Viewing, and could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA).
Details
KB in Kaseya: KB2788321, KB2746164
Affected Software: Exchange 2007/2010
Known Issues per MS:
MS13-020 (Vulnerability in OLE Automation Could Allow Remote Code Execution (2802968) ) (Object Linking and Embedding (OLE)) The vulnerability could allow remote code execution if a user opens a specially crafted file.
Details
KB in Kaseya: KB2802968
Affected Software: XP
Known Issues per MS:

IMPORTANT

MS13-013 (Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2784242) ) (Fast Search Server) The vulnerabilities could allow remote code execution in the security context of a user account with a restricted token.
Details
KB in Kaseya: KB2553234
Affected Software: Fast Search Server 2010
Known Issues per MS:
MS13-014 (Vulnerability in NFS Server Could Allow Denial of Service (2790978) ) (NFS Server) The vulnerability could allow denial of service if an attacker attempts a file operation on a read only share.
Details
KB in Kaseya: KB2790978
Affected Software: Server 2008R2/2012
Known Issues per MS:
MS13-015 (Vulnerability in .NET Framework Could Allow Elevation of Privilege (2800277) ) (.NET Framework) The vulnerability could allow elevation of privilege if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs).
Details
KB in Kaseya: KB2789642, KB2789643, KB2789644, KB2789645, KB2789646, KB2789648, KB2789649, KB2789650
Affected Software: XP, Vista, Windows 7/8, Server 2003, Server 2008/2008R2/2012
Known Issues per MS:
MS13-016 (Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778344)) (Windows kernel mode drivers) The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.
Details
KB in Kaseya: KB2778344
Affected Software: XP, Vista, Windows 7/8, Server 2003, Server 2008/2008R2/2012
Known Issues per MS: http://support.microsoft.com/kb/2778344
MS13-017 (Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2799494) ) (Windows Kernel) The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.
Details
KB in Kaseya: KB2799494
Affected Software: XP, Vista, Windows 7/8, Server 2003, Server 2008/2008R2/2012
Known Issues per MS: http://support.microsoft.com/kb/2799494
MS13-018 (Vulnerability in TCP/IP Could Allow Denial of Service (2790655) ) (TCP/IP) The vulnerability could allow denial of service if an unauthenticated attacker sends a specially crafted connection termination packet to the server.
Details
KB in Kaseya: KB2790655
Affected Software: Vista, Windows 7/8, Server 2008/2008R2/2012
Known Issues per MS: http://support.microsoft.com/kb/2790655
MS13-019 (Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2790113) ) (Windows Client/Server Run-time Subsystem (CSRSS)) The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.
Details
KB in Kaseya: KB2790113
Affected Software: Windows 7, Server 2008R2
Known Issues per MS:
Scroll To Top