12 Security Bulletins were released – 5 Critical, 7 Important, and 0 Moderate
Out-of-band updates
MS13-008 released on January 14
Virtual Administrator approved the patch as soon as it became available.
https://virtualadministrator.com/blog/out-of-band-update-released-on-january-14-ms13-008/
Noteworthy Patch News
We have not uncovered any widespread problems with any of these patches and are releasing all of them.
This is a big Patch Tuesday. MS13-009 and MS13-010 are a top priority as they are rated critical and apply to all versions of Internet Explorer. MS13-012 addresses a vulnerability but is also included as a part of Update Rollups for Microsoft Exchange 2007/2010. For Update Rollup 10 for Microsoft Exchange Server 2007 Service Pack 3 (KB2788321), see Microsoft Knowledge Base Article 2788321. For Update Rollup 6 for Microsoft Exchange 2010 Service Pack 2 (KB2746164), see Microsoft Knowledge Base Article 2746164.
Assessing risk for the February 2013 security updates
This Month In Brief
Exploitability
- Publically disclosed: MS13-011, MS13-012, MS13-013, MS13-019
- Being exploited: MS13-010
- Rated CRITICAL: MS13-009, MS13-010, MS13-011, MS13-012, MS13-020
- (The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating )
Requires Restart
- Servers: Yes
- Workstations: Yes
New Security Bulletins
(MS#/Affected Software/Type)
CRITICAL
 |
MS13-009 (Cumulative Security Update for Internet Explorer (2792100) ) | (Internet Explorer) The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. |
|
MS13-010 (Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2797052) ) | (Internet Explorer) The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. |
|
MS13-011 (Vulnerability in Media Decompression Could Allow Remote Code Execution (2780091) ) | (DirectShow) The vulnerability could allow remote code execution if a user opens a specially crafted media file (such as an .mpg file), opens a Microsoft Office document (such as a .ppt file) that contains a specially crafted embedded media file, or receives specially crafted streaming content. |
|
MS13-012 (Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2809279) ) | (Exchange) The most severe vulnerability is in Microsoft Exchange Server WebReady Document Viewing, and could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA). |
|
MS13-020 (Vulnerability in OLE Automation Could Allow Remote Code Execution (2802968) ) | (Object Linking and Embedding (OLE)) The vulnerability could allow remote code execution if a user opens a specially crafted file. |
IMPORTANT
 |
MS13-013 (Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2784242) ) | (Fast Search Server) The vulnerabilities could allow remote code execution in the security context of a user account with a restricted token. |
|
MS13-014 (Vulnerability in NFS Server Could Allow Denial of Service (2790978) ) | (NFS Server) The vulnerability could allow denial of service if an attacker attempts a file operation on a read only share. |
|
MS13-015 (Vulnerability in .NET Framework Could Allow Elevation of Privilege (2800277) ) | (.NET Framework) The vulnerability could allow elevation of privilege if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). |
|
MS13-016 (Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778344)) | (Windows kernel mode drivers) The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. |
|
MS13-017 (Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2799494) ) | (Windows Kernel) The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. |
|
MS13-018 (Vulnerability in TCP/IP Could Allow Denial of Service (2790655) ) | (TCP/IP) The vulnerability could allow denial of service if an unauthenticated attacker sends a specially crafted connection termination packet to the server. |
|
MS13-019 (Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2790113) ) | (Windows Client/Server Run-time Subsystem (CSRSS)) The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. |
