7 Security Bulletins were released – 4 Critical, 3 Important, and 0 Moderate
We have not uncovered any widespread problems with any of these patches and are releasing all of them.
Noteworthy Patch News
MS13-021 addresses flaws found on Internet Explorer versions 6 to 10 for all versions of Windows. This has already been publicly disclosed so after your next patch cycle completes you should follow up and make sure this is installed. The remaining Critical updates should be prioritized based on what you’re using – MS13-022/Silverlight, MS13-023/Visio and MS13-024/SharePoint. MS13-027 is an elevation of privilege issue affecting all operating systems but it is only rated Important. You should follow up on this one but no with the same urgency you afford Critical updates.
Ten Immutable Laws Of Security (Version 2.0)
This Month In Brief
- Publically disclosed: MS13-021
- Being exploited: None
- Rated CRITICAL: MS13-021, MS13-022, MS13-023, MS13-024
- (The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating )
- Servers: Yes
- Workstations: Yes
New Security Bulletins
|MS13-021 (Cumulative Security Update for Internet Explorer (2809289))||(Internet Explorer) The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
|MS13-022 (Vulnerability in Silverlight Could Allow Remote Code Execution (2814124))||(Silverlight) The vulnerability could allow remote code execution if an attacker hosts a website that contains a specially crafted Silverlight application that could exploit this vulnerability and then convinces a user to view the website.
|MS13-023 (Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2801261))||(Visio) The vulnerability could allow remote code execution if a user opens a specially crafted Visio file.
|MS13-024 (Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2780176))||(SharePoint) The most severe vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes the user to a targeted SharePoint site.
|MS13-025 (Vulnerability in Microsoft OneNote Could Allow Information Disclosure (2816264))||(OneNote) The vulnerability could allow information disclosure if an attacker convinces a user to open a specially crafted OneNote file.
|MS13-026 (Vulnerability in Office Outlook for Mac Could Allow Information Disclosure (2813682))||(Outlook) The vulnerability could allow information disclosure if a user opens a specially crafted email message.
|MS13-027 (Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2807986))||(Kernel mode drivers) These vulnerabilities could allow elevation of privilege if an attacker gains access to a system.