Skip to content

Virtual Administrator’s January 2013 Patch Recommendations

7 Security Bulletins were released – 2 Critical, 5 Important, and 0 Moderate

We have not uncovered any widespread problems with any of these patches and are releasing all of them.

[UPDATE – 1-17-2013] —   Please review Known issues from Microsoft for Patch MS13-004.   We experienced this on several of our servers that met the criteria.

Noteworthy Patch News

MS13-001 and MS13-002 are rated Critical. MS13-002 addresses two vulnerabilities in Microsoft XML Core Services. Likely all of your systems are vulnerable. After your next patch cycle completes you should follow up and make sure this is installed. MS13-002 is a print spool vulnerability in Windows 7 and Server 2008 R2 only. While rated critical the steps and events necessary to exploit this vulnerability are involved so the potential for an attack is not enormous.

No out-of-band updates were released during the last month.

This Month In Brief

Exploitability

Requires Restart

  • Servers: Yes
  • Workstations: Yes

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

MS13-001 (Vulnerability in Windows Print Spooler Components Could Allow Remote Code Execution) (Print Spooler) The vulnerability could allow remote code execution if a print server received a specially crafted print job.
Details
KB in Kaseya: KB2769369
Affected Software: Windows 7, Server 2008R2
Known Issues per MS: None
MS13-002 (Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution) (XML Core Services) The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
Details
KB in Kaseya: KB2687499, KB2757638, KB2758694, KB2758696, KB2760574
Affected Software: XP, Vista, Office 2003/2007, Office Compatibility Pack, Server 2003/2008/2008R2/2012, Expression Web, XML Core Services, Windows 7/8, SharePoint Server 2007
Known Issues per MS: http://support.microsoft.com/kb/2756145

IMPORTANT

MS13-003 (Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege) (System Center Operations Manager) The vulnerabilities could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL.
Details
KB in Kaseya: KB2783850
Affected Software: Microsoft System Center Operations Manager 2007
Known Issues per MS: None
MS13-004 (Vulnerabilities in .NET Framework Could Allow Elevation of Privilege) (.Net Framework) The most severe of these vulnerabilities could allow elevation of privilege if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs).
Details
KB in Kaseya: KB2742595, KB2742596, KB2742597, KB2742599, KB2742601, KB2742607, KB2742613, KB2742614, KB2742616, KB2756918, KB2756919, KB2756920, KB2756921, KB2756923
Affected Software: XP, Vista, Windows 7/8, Server 2003, Server 2008/2008R2/2012
Known Issues per MS: http://support.microsoft.com/kb/2769324
MS13-005 (Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege) (Windows kernel mode driver) The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application.
Details
KB in Kaseya: KB2778930
Affected Software: Vista, Windows 7/8, Server 2008/2008R2/2012
Known Issues per MS: None
MS13-006 (Vulnerability in Microsoft Windows Could Allow Security Feature Bypass) (SSL and TLS) The vulnerability could allow security feature bypass if an attacker intercepts encrypted web traffic handshakes.
Details
KB in Kaseya: KB2785220
Affected Software: Vista, Windows 7/8, Server 2008/2008R2/2012
Known Issues per MS: None
MS13-007 (Vulnerability in Open Data Protocol Could Allow Denial of Service) (Open Data Protocol) The vulnerability could allow denial of service if an unauthenticated attacker sends specially crafted HTTP requests to an affected site.
Details
KB in Kaseya: KB2736416, KB2736418, KB2736422, KB2736428, KB2736693, KB2753596
Affected Software: XP, Vista, Windows 7/8, Server 2003, Server 2008/2008R2/2012
Known Issues per MS: http://support.microsoft.com/kb/2769327

MODERATE

Scroll To Top