7 Security Bulletins were released – 2 Critical, 5 Important, and 0 Moderate
We have not uncovered any widespread problems with any of these patches and are releasing all of them.[UPDATE – 1-17-2013] — Please review Known issues from Microsoft for Patch MS13-004. We experienced this on several of our servers that met the criteria.
Noteworthy Patch News
MS13-001 and MS13-002 are rated Critical. MS13-002 addresses two vulnerabilities in Microsoft XML Core Services. Likely all of your systems are vulnerable. After your next patch cycle completes you should follow up and make sure this is installed. MS13-002 is a print spool vulnerability in Windows 7 and Server 2008 R2 only. While rated critical the steps and events necessary to exploit this vulnerability are involved so the potential for an attack is not enormous.
No out-of-band updates were released during the last month.
This Month In Brief
- Publically disclosed: None
- Being exploited: None
- Rated CRITICAL: MS13-001, MS13-002, MS13-004
- (The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating )
- Servers: Yes
- Workstations: Yes
New Security Bulletins
|MS13-001 (Vulnerability in Windows Print Spooler Components Could Allow Remote Code Execution)||(Print Spooler) The vulnerability could allow remote code execution if a print server received a specially crafted print job.
|MS13-002 (Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution)||(XML Core Services) The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
|MS13-003 (Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege)||(System Center Operations Manager) The vulnerabilities could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL.
|MS13-004 (Vulnerabilities in .NET Framework Could Allow Elevation of Privilege)||(.Net Framework) The most severe of these vulnerabilities could allow elevation of privilege if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs).
|MS13-005 (Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege)||(Windows kernel mode driver) The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application.
|MS13-006 (Vulnerability in Microsoft Windows Could Allow Security Feature Bypass)||(SSL and TLS) The vulnerability could allow security feature bypass if an attacker intercepts encrypted web traffic handshakes.
|MS13-007 (Vulnerability in Open Data Protocol Could Allow Denial of Service)||(Open Data Protocol) The vulnerability could allow denial of service if an unauthenticated attacker sends specially crafted HTTP requests to an affected site.