February 2013 - Microsoft Releases 12 Security Advisories
DESCRIPTION
Microsoft addresses the following vulnerabilities in its February batch of patches:
- (MS13-009) Cumulative Security Update for Internet Explorer (2792100)
Risk Rating: Critical
This patch addresses vulnerabilities in Internet Explorer, which can allow remote code execution when exploited thus compromising the security of the affected system. Any remote attacker can gain user rights as the current user once these vulnerabilities are exploited. This update covers 13 vulnerabilities. Read more here.
- (MS13-010) Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2797052)
Risk Rating: Critical
This patch addresses a vulnerability found in Microsoft implementation of Vector Markup Language (VML). It can allow remote code execution once usersview a webpage via Internet Explorer. Read more here.
- (MS13-011) Vulnerability in Media Decompression Could Allow Remote Code Execution (2780091)
Risk Rating: Critical
This patch addresses a vulnerability found in Microsoft Windows. Once an affected user opens a specially crated media file and a Microsoft Office document with a specially crafted embedded media file, it could lead to remote code execution thus compromising the security of the system. Read more here.
- (MS13-012) Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2809279)
Risk Rating: Critical
This patch addresses vulnerabilities found in Microsoft Exchange Server. One of the vulnerabilities, which exists in Microsoft Exchange Server WebReady Document Viewing can allow remote code execution in relation to transcoding service on the Exchange server once affected users user previews a specially crafted file via Outlook Web App (OWA). Read more here.
- (MS13-013) Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2784242)
Risk Rating: Important
This patch addresses vulnerabilities found in Microsoft FAST Search Server 2010 for SharePoint. The said vulnerabilities could potentially lead to remote execution. Accordingly, FAST Search Server for SharePoint is affected by this once Advanced Filter Pack is enabled.
Read more here. - (MS13-014) Vulnerability in NFS Server Could Allow Denial of Service (2790978)
Risk Rating: Important
This patch addresses a vulnerability in Microsoft Windows, which can allow denial of service when exploited sucessfully. In addition, any remote attacker who successfully exploits this vulnerability can cause the infected system to restart or stop responding.
Read more here. - (MS13-015) Vulnerability in .NET Framework Could Allow Elevation of Privilege (2800277)
Risk Rating: Important
This patch addresses a vulnerability found in the .NET Framework. Once users view a specially crafted webpage via a web browser running in XAML Browser Applications, it can allow elevation of privilege. Furthermore, this vulnerability can be leveraged by Windows .NET applications to bypass Code Access Security (CAS) restrictions.
Read more here. - (MS13-016) Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778344)
Risk Rating: Important
This patch addresses 30 vulnerabilities found in Microsoft Windows, which can result to elevation of privilege once a remote attacker logs on the affected system and execute a specially crafted application.
Read more here. - (MS13-017) Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2799494)
Risk Rating: Important
This patch addresses vulnerabilities in Microsoft Windows, which can allow elevation of privilege once an attacker logs and runs a specially crafted application. Note, however that for a remote attacker to exploit this, he must be able to log on locally.
Read more here. - (MS13-018) Vulnerability in TCP/IP Could Allow Denial of Service (2790655)
Risk Rating: Important
This patch addresses a vulnerability found in Microsoft Windows, which could allow denial of service if a remote attacker sends a specially crafted connection termination packet to effectively compromise the system.
Read more here. - (MS13-019) Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2790113)
Risk Rating: Important
Read more here.This patch addresses a vulnerability found in Microsoft Windows, which could allow elevation of privilege once a remote attacker logs and runs a specially crafted application on the system. Note, however that remote attackers need to log on locally to be able to exploit this.
- (MS13-020) Vulnerability in OLE Automation Could Allow Remote Code Execution (2802968)
Risk Rating: Critical
This patch addresses a vulnerability in Microsoft Windows Object Linking and Embedding (OLE) Automation, which can allow remote code execution when users open a specially crafted file.
Read more here.
TREND MICRO PROTECTION INFORMATION
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.
| MS Bulletin ID | Vulnerability ID | DPI Rule Number | DPI Rule Name | Release Date | IDF Compatibility |
| MS13-009 | CVE-2013-0015 | 1005364 | Internet Explorer Shift JIS Character Encoding Vulnerability (CVE-2013-0015) | 12-Feb-13 | YES |
| CVE-2013-0018 | 1005365 | Microsoft Internet Explorer SetCapture Use After Free Vulnerability (CVE-2013-0018) | 12-Feb-13 | YES | |
| CVE-2013-0019 | 1005366 | Microsoft Internet Explorer COMWindowProxy Use After Free Vulnerability (CVE-2013-0019 | 12-Feb-13 | YES | |
| CVE-2013-0020 | 1005367 | Microsoft Internet Explorer CMarkup Use After Free Vulnerability (CVE-2013-0020) | 12-Feb-13 | YES | |
| CVE-2013-0021 | 1005368 | Microsoft Internet Explorer vtable Use After Free Vulnerability (CVE-2013-0021) | 12-Feb-13 | YES | |
| CVE-2013-0022 | 1005369 | Microsoft Internet Explorer LsGetTrailInfo Use After Free Vulnerability (CVE-2013-0022) | 12-Feb-13 | YES | |
| CVE-2013-0023 | 1005370 | Internet Explorer CDispNode Use After Free Vulnerability (CVE-2013-0023) | 12-Feb-13 | YES | |
| CVE-2013-0024 | 1005371 | Internet Explorer pasteHTML Use After Free Vulnerability (CVE-2013-0024) | 12-Feb-13 | YES | |
| CVE-2013-0025 | 1005372 | Internet Explorer SLayoutRun Use After Free Vulnerability (CVE-2013-0025) | 12-Feb-13 | YES | |
| CVE-2013-0026 | 1005373 | Internet Explorer InsertElement Use After Free Vulnerability (CVE-2013-0026) | 12-Feb-13 | YES | |
| CVE-2013-0027 | 1005374 | Internet Explorer CPasteCommand Use After Free Vulnerability (CVE-2013-0027) | 12-Feb-13 | YES | |
| CVE-2013-0028 | 1005375 | Internet Explorer CObjectElement Use After Free Vulnerability (CVE-2013-0028) | 12-Feb-13 | YES | |
| CVE-2013-0029 | 1005376 | Internet Explorer CHTML Use After Free Vulnerability (CVE-2013-0029) | 12-Feb-13 | YES | |
| MS13-010 | CVE-2013-0030 | 1005377 | VML Memory Corruption Vulnerability (CVE-2013-0030) | 12-Feb-13 | YES |
| MS13-015 | CVE-2013-0073 | 1005384 | Identified Download Of XBAP File Over HTTP | 12-Feb-13 | YES |
| MS13-020 | CVE-2013-1313 | 1005382 | Microsoft Office Common Controls Remote Code Execution Vulnerability (CVE-2013-1313) | 12-Feb-13 | YES |
| CVE-2013-1313 | 1005381 | Common Controls Remote Code Execution Vulnerability (CVE-2013-1313) | 12-Feb-13 | YES | |
| CVE-2013-1313 | 1005152 | Restrict Microsoft Windows TabStrip ActiveX Control | 14-Aug-12 | YES |