Virtual Administrator’s March 2013 Patch Recommendations

7 Security Bulletins were released – 4 Critical, 3 Important, and 0 Moderate

We have not uncovered any widespread problems with any of these patches and are releasing all of them.

Noteworthy Patch News

MS13-021 addresses flaws found on Internet Explorer versions 6 to 10 for all versions of Windows. This has already been publicly disclosed so after your next patch cycle completes you should follow up and make sure this is installed. The remaining Critical updates should be prioritized based on what you’re using – MS13-022/Silverlight, MS13-023/Visio and MS13-024/SharePoint. MS13-027 is an elevation of privilege issue affecting all operating systems but it is only rated Important. You should follow up on this one but no with the same urgency you afford Critical updates.

Good Read!

Ten Immutable Laws Of Security (Version 2.0)

http://technet.microsoft.com/en-us/library/hh278941.aspx#ECAA

This Month In Brief

Exploitability

• Publically disclosed: MS13-021
• Being exploited: None
• Rated CRITICAL: MS13-021, MS13-022, MS13-023, MS13-024
• (The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating )

Requires Restart

• Servers: Yes
• Workstations: Yes

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

	MS13-021 (Cumulative Security Update for Internet Explorer (2809289))	(Internet Explorer) The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. Details KB in Kaseya: KB2809289 Affected Software: XP, Vista, Windows 7/8, Server 2003, Server 2008/2008R2/2012 Known Issues per MS: https://support.microsoft.com/kb/2809289
	MS13-022 (Vulnerability in Silverlight Could Allow Remote Code Execution (2814124))	(Silverlight) The vulnerability could allow remote code execution if an attacker hosts a website that contains a specially crafted Silverlight application that could exploit this vulnerability and then convinces a user to view the website. Details KB in Kaseya: KB2814124 Affected Software: Silverlight 5 Known Issues per MS: None
	MS13-023 (Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2801261))	(Visio) The vulnerability could allow remote code execution if a user opens a specially crafted Visio file. Details KB in Kaseya: KB2553501, KB2687505, KB2760762 Affected Software: Visio 2010 Viewer Known Issues per MS: None
	MS13-024 (Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2780176))	(SharePoint) The most severe vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes the user to a targeted SharePoint site. Details KB in Kaseya: KB2687418 Affected Software: Microsoft SharePoint Server 2010 Known Issues per MS: https://support.microsoft.com/kb/2780176

IMPORTANT

	MS13-025 (Vulnerability in Microsoft OneNote Could Allow Information Disclosure (2816264))	(OneNote) The vulnerability could allow information disclosure if an attacker convinces a user to open a specially crafted OneNote file. Details KB in Kaseya: KB2760600 Affected Software: OneNote 2010 Known Issues per MS: None
	MS13-026 (Vulnerability in Office Outlook for Mac Could Allow Information Disclosure (2813682))	(Outlook) The vulnerability could allow information disclosure if a user opens a specially crafted email message. Details KB in Kaseya: KB2817449, KB2817452 Affected Software: Microsoft Office 2008 for Mac, Microsoft Office for Mac 2011 Known Issues per MS: None
	MS13-027 (Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2807986))	(Kernel mode drivers) These vulnerabilities could allow elevation of privilege if an attacker gains access to a system. Details KB in Kaseya: KB2807986 Affected Software: XP, Vista, Windows 7/8, Server 2003, Server 2008/2008R2/2012 Known Issues per MS: https://support.microsoft.com/kb/2807986