Skip to content

Virtual Administrator’s March 2013 Patch Recommendations

7 Security Bulletins were released – 4 Critical, 3 Important, and 0 Moderate

We have not uncovered any widespread problems with any of these patches and are releasing all of them.

Noteworthy Patch News

MS13-021 addresses flaws found on Internet Explorer versions 6 to 10 for all versions of Windows. This has already been publicly disclosed so after your next patch cycle completes you should follow up and make sure this is installed. The remaining Critical updates should be prioritized based on what you’re using – MS13-022/Silverlight, MS13-023/Visio and MS13-024/SharePoint. MS13-027 is an elevation of privilege issue affecting all operating systems but it is only rated Important. You should follow up on this one but no with the same urgency you afford Critical updates.

Good Read!

Ten Immutable Laws Of Security (Version 2.0)

http://technet.microsoft.com/en-us/library/hh278941.aspx#ECAA

This Month In Brief

Exploitability

Requires Restart

  • Servers: Yes
  • Workstations: Yes

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

MS13-021 (Cumulative Security Update for Internet Explorer (2809289)) (Internet Explorer) The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
Details
KB in Kaseya: KB2809289
Affected Software: XP, Vista, Windows 7/8, Server 2003, Server 2008/2008R2/2012
Known Issues per MS: https://support.microsoft.com/kb/2809289
MS13-022 (Vulnerability in Silverlight Could Allow Remote Code Execution (2814124)) (Silverlight) The vulnerability could allow remote code execution if an attacker hosts a website that contains a specially crafted Silverlight application that could exploit this vulnerability and then convinces a user to view the website.
Details
KB in Kaseya: KB2814124
Affected Software: Silverlight 5
Known Issues per MS: None
MS13-023 (Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2801261)) (Visio) The vulnerability could allow remote code execution if a user opens a specially crafted Visio file.
Details
KB in Kaseya: KB2553501, KB2687505, KB2760762
Affected Software: Visio 2010 Viewer
Known Issues per MS: None
MS13-024 (Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2780176)) (SharePoint) The most severe vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes the user to a targeted SharePoint site.
Details
KB in Kaseya: KB2687418
Affected Software: Microsoft SharePoint Server 2010
Known Issues per MS: https://support.microsoft.com/kb/2780176

IMPORTANT

MS13-025 (Vulnerability in Microsoft OneNote Could Allow Information Disclosure (2816264)) (OneNote) The vulnerability could allow information disclosure if an attacker convinces a user to open a specially crafted OneNote file.
Details
KB in Kaseya: KB2760600
Affected Software: OneNote 2010
Known Issues per MS: None
MS13-026 (Vulnerability in Office Outlook for Mac Could Allow Information Disclosure (2813682)) (Outlook) The vulnerability could allow information disclosure if a user opens a specially crafted email message.
Details
KB in Kaseya: KB2817449, KB2817452
Affected Software: Microsoft Office 2008 for Mac, Microsoft Office for Mac 2011
Known Issues per MS: None
MS13-027 (Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2807986)) (Kernel mode drivers) These vulnerabilities could allow elevation of privilege if an attacker gains access to a system.
Details
KB in Kaseya: KB2807986
Affected Software: XP, Vista, Windows 7/8, Server 2003, Server 2008/2008R2/2012
Known Issues per MS: https://support.microsoft.com/kb/2807986
Scroll To Top