Latest Security Advisories & Notable Vulnerabilities

Microsoft addresses the following vulnerabilities in its February batch of patches:

  • (MS13-009) Cumulative Security Update for Internet Explorer (2792100)
    Risk Rating: Critical

    This patch addresses vulnerabilities in Internet Explorer, which can allow remote code execution when exploited thus compromising the security of the affected system. Any remote attacker can gain user rights as the current user once these vulnerabilities are exploited. This update covers 13 vulnerabilities. Read more here.

  • (MS13-010) Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2797052)
    Risk Rating: Critical

    This patch addresses a vulnerability found in Microsoft implementation of Vector Markup Language (VML). It can allow remote code execution once usersview a webpage via Internet Explorer. Read more here.

  • (MS13-011) Vulnerability in Media Decompression Could Allow Remote Code Execution (2780091)
    Risk Rating: Critical

    This patch addresses a vulnerability found in Microsoft Windows. Once an affected user opens a specially crated media file and a Microsoft Office document with a specially crafted embedded media file, it could lead to remote code execution thus compromising the security of the system. Read more here.

  • (MS13-012) Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2809279)
    Risk Rating: Critical

    This patch addresses vulnerabilities found in Microsoft Exchange Server. One of the vulnerabilities, which exists in Microsoft Exchange Server WebReady Document Viewing can allow remote code execution in relation to transcoding service on the Exchange server once affected users user previews a specially crafted file via Outlook Web App (OWA). Read more here.

  • (MS13-013) Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2784242)
    Risk Rating: Important

    This patch addresses vulnerabilities found in Microsoft FAST Search Server 2010 for SharePoint. The said vulnerabilities could potentially lead to remote execution. Accordingly, FAST Search Server for SharePoint is affected by this once Advanced Filter Pack is enabled.

    Read more here.

  • (MS13-014) Vulnerability in NFS Server Could Allow Denial of Service (2790978)
    Risk Rating: Important

    This patch addresses a vulnerability in Microsoft Windows, which can allow denial of service when exploited sucessfully. In addition, any remote attacker who successfully exploits this vulnerability can cause the infected system to restart or stop responding.

    Read more here.

  • (MS13-015) Vulnerability in .NET Framework Could Allow Elevation of Privilege (2800277)
    Risk Rating: Important

    This patch addresses a vulnerability found in the .NET Framework. Once users view a specially crafted webpage via a web browser running in XAML Browser Applications, it can allow elevation of privilege. Furthermore, this vulnerability can be leveraged by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

    Read more here.

  • (MS13-016) Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778344)
    Risk Rating: Important

    This patch addresses 30 vulnerabilities found in Microsoft Windows, which can result to elevation of privilege once a remote attacker logs on the affected system and execute a specially crafted application.

    Read more here.

  • (MS13-017) Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2799494)
    Risk Rating: Important

    This patch addresses vulnerabilities in Microsoft Windows, which can allow elevation of privilege once an attacker logs and runs a specially crafted application. Note, however that for a remote attacker to exploit this, he must be able to log on locally.

    Read more here.

  • (MS13-018) Vulnerability in TCP/IP Could Allow Denial of Service (2790655)
    Risk Rating: Important

    This patch addresses a vulnerability found in Microsoft Windows, which could allow denial of service if a remote attacker sends a specially crafted connection termination packet to effectively compromise the system.

    Read more here.

  • (MS13-019) Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2790113)
    Risk Rating: Important

    Read more here.

    This patch addresses a vulnerability found in Microsoft Windows, which could allow elevation of privilege once a remote attacker logs and runs a specially crafted application on the system. Note, however that remote attackers need to log on locally to be able to exploit this.

  • (MS13-020) Vulnerability in OLE Automation Could Allow Remote Code Execution (2802968)
    Risk Rating: Critical

    This patch addresses a vulnerability in Microsoft Windows Object Linking and Embedding (OLE) Automation, which can allow remote code execution when users open a specially crafted file.

    Read more here.

(MS13-008) Security Update for Internet Explorer (2799329)
 Severity:    
 Advisory Date:  15 Jan 2013

This patch addresses a vulnerability on Internet Explorer. Once successfully exploited, it could allow remote code execution once users view a specially crafted website thus compromising the security of the infected systems.

Note that this vulnerability does not affect Internet Explorer versions 9 and 10 respectively. The following Windows Server Core Installations are also not affected:

  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 R2 for x64-based Systems (Server Core installation)
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2012 (Server Core installation)
Oracle Java 7 Security Manager Bypass Vulnerability (CVE-2013-0422)
 Severity:    
 Advisory Date:  10 Jan 2013

A remote code execution vulnerability exists in the following versions of Java:

  • Java Development Kit 7 Update 10 and earlier
  • Java Runtime Environment 7 Update 10 and earlier

The vulnerability allows attackers to remotely execute arbitrary code in a vulnerable system. To exploit this vulnerability, an attacker must lure users to access a compromised website or a malicious webpage, where a malicious Java applet targeting the vulnerability is hosted. The execution of the malicious applet within the browser of the unsuspecting user then allows the attacker to execute arbitrary code in the vulnerable system. Users with vulnerable systems may find themselves infected with ransomware, which Trend Micro detects as TROJ_REVETON.RJ and TROJ_REVETON.RG. Exposure to such malware may result in financial loss.

Note that Java Development Kit and Java Runtime Environment versions 6, 5.0 and 1.4.2, and Java Standard Edition Embedded JRE releases are not affected by this vulnerability.

Microsoft addresses the following vulnerabilities in its January batch of patches:

  • (MS13-001) Vulnerability in Windows Print Spooler Components Could Allow Remote Code Execution (2769369)
    Risk Rating: Critical

    This patch addresses a vulnerability found in Microsoft Windows, which could allow remote code execution when successfully exploited. Read more here.


  • (MS13-002) Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (2756145)
    Risk Rating: Critical

    This patch addresses vulnerabilities found in Microsoft XML Core Services, which can result to remote code execution once successfully exploited. Read more here.


  • (MS13-003) Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege (2748552)
    Risk Rating: Important

    This patch addresses vulnerabilities found in Microsoft System Center Operations Manager. Read more here.


  • (MS13-004) Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2769324)
    Risk Rating: Important

    This patch addresses vulnerabilities in the .NET Framework, which when exploited successfully can gain remote attackers the same user rights as the logged on user. Read more here.


  • (MS13-005) Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778930)
    Risk Rating: Important

    This patch addresses vulnerability in Microsoft Windows which can allow elevation of privilege once remote attacker executes a specially crafted application. Read more here.


  • (MS13-006) Vulnerability in Microsoft Windows Could Allow Security Feature Bypass (2785220)
    Risk Rating: Important

    This patch addresses a vulnerability in the implementation of SSL and TLS found in Microsoft Windows. When successfully exploited via a remote attacker intercepting Web traffic handshakes, it can allow security feature bypass. Read more here.


  • (MS13-007) Vulnerability in Open Data Protocol Could Allow Denial of Service (2769327)
    Risk Rating: Important

    This patch addresses a vulnerability in the Open Data (OData) protocol, which when exploited can allow denial of service (DOS). Read more here.


A remote code execution vulnerability exists in the following versions of Internet Explorer:

  • Internet Explorer 6
  • Internet Explorer 7
  • Internet Explorer 8

The vulnerability may corrupt memory when Internet Explorer attempts to load an object that has already been deleted or can no longer be found in memory. When an attacker exploits this vulnerability, the attacker may execute code remotely. To exploit this vulnerability, an attacker must lure users to access a compromised website or a malicious webpage. The said site or webpage contains the code that exploits the vulnerability.

Note that users who are logged on a vulnerable system with privileges lesser than an administrator are less impacted. Also, this vulnerability does not exist on Internet Explorer 9 and 10.

Microsoft addresses the following vulnerabilities in its December batch of patches:


  • (MS12-077) Cumulative Security Update for Internet Explorer (2761465)
    Risk Rating: Critical

    This patch addresses vulnerabilities in Internet Explorer. When successfully exploited via a specially crafted web page, it could result to remote code execution thus compromising the security of the infected system. Read more here.


  • (MS12-078) Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534)
    Risk Rating: Critical

    This patch addresses two vulnerabilities in Microsoft Windows that when exploited could result to remote code execution. It can be exploited via a specially crafted document or through a malicious website with embedded TrueType or OpenType font files. Read more here.


  • (MS12-079) Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642)
    Risk Rating: Critical

    This patch addresses a vulnerability in Microsoft Office that could result in remote code execution when successfully exploited via a specially crafted .RTF file. Read more here.


  • (MS12-080) Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126)
    Risk Rating: Critical

    This patch addresses vulnerabilities in Microsoft Exchange Server, which could allow remote code execution on the transcoding service on the Exchange server via a specially crafted file using Outlook Web App (OWA). Read more here.


  • (MS12-081) Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857)
    Risk Rating: Critical

    This patch addresses a vulnerability in Microsoft Windows, which could be exploited when a users browses a folder/file with a specially crafted filename. Read more here.


  • (MS12-082) Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660)
    Risk Rating: Important

    This patch addresses a vulnerability in Microsoft Windows, which could allow remote code execution thus compromising the security of the infected system. Read more here.


  • (MS12-083) Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (2765809)
    Risk Rating: Important

    This patch addresses a vulnerability in Microsoft Windows, which could bypass the security feature via a revoked certificate to an IP-HTTPS server used in Microsoft DirectAccess deployments. Read more here.


Microsoft addresses the following vulnerabilities in its November batch of patches:


  • (MS12-071) Cumulative Security Update for Internet Explorer (2761451)
    Risk Rating: Critical

    This patch addresses vulnerabilities in Internet Explorer that could allow remote code execution via a specially crafted web page. Read more here.


  • (MS12-072) Vulnerabilities in Windows Shell Could Allow Remote Code Execution (2727528)
    Risk Rating: Critical

    This patch addresses vulnerabilities in Microsoft Windows, which could allow remote code execution via a specially crafted briefcase in Windows Explorer. Read more here.


  • (MS12-073) Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Information Disclosure (2733829)
    Risk Rating: Medium

    This patch addresses two vulnerabilities affecting Microsoft Internet Information Services (IIS). Read more here.


  • (MS12-074) Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2745030)
    Risk Rating: Critical

    This patch addresses vulnerabilities existing in the .NET Framework. Read more here.


  • (MS12-075) Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2761226)
    Risk Rating: Critical
    This patch addresses vulnerabilities affecting Microsoft Windows. Read more here.


  • (MS12-076) Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2720184)
    Risk Rating: Important

    This patch addresses vulnerabilities existing in Microsoft Office, which could allow remote code execution once users opens a specially crafted Excel file. Read more here.


Microsoft addresses the following vulnerabilities in its October batch of patches:


  • (MS12-064) Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2742319)
    Risk Rating: Critical

    This security update addresses vulnerabilities affecting Microsoft Office. When successfully exploited, it could allow remote code execution via a specially crafted .RTF file. Read more here.


  • (MS12-065) Vulnerability in Microsoft Works Could Allow Remote Code Execution (2754670)
    Risk Rating: Important

    This patch addresses a vulnerability affecting Microsoft Works that exists in Microsoft Works 9. Read more here.


  • (MS12-066) Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2741517)
    Risk Rating: Important

    This patch addresses a vulnerability affecting Microsoft Office, Microsoft Communications Platforms, Microsoft Server software, and Microsoft Office Web Apps. Read more here.


  • (MS12-067) Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2742321)
    Risk Rating: Important

    This patch addresses vulnerabilities existing in Microsoft FAST Search Server 2010 for SharePoint. When exploited, it could allow remote code execution in the security context (user accounts) with a token. Read more here.


  • (MS12-068) Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2724197)
    Risk Rating: Important

    This patch addresses a vulnerability existing in all supported releases of Microsoft Windows with the exception of Windows 8 and Windows Server 2012. Read more here.


  • (MS12-069) Vulnerability in Kerberos Could Allow Denial of Service (2743555)
    Risk Rating: Important

    This patch addresses a vulnerability existing in Microsoft Windows. It could allow denial of service attacks when a remote attacker sends a specially crafted request to the Kerberos server. Read more here.


  • (MS12-070) Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849)
    Risk Rating: Important

    This patch addresses a vulnerability existing in Microsoft SQL Server on systems with SQL Server Reporting Services (SSRS). It is a cross-site scripting vulnerability that could allow attackers to execute arbitrary commands on the SSRS site. Read more here.


(MS12-063) Cumulative Security Update for Internet Explorer (2744842)
 Severity:    
 Advisory Date:  21 Sep 2012

This security update addresses one publicly disclosed and four privately reported vulnerabilities in Internet Explorer versions 6, 7, 8, and 9. The most severe of the vulnerabilities was found able to allow arbitrary code execution when exploited. This same vulnerability was earlier reported to have been used in targeted attacks and leading to remote access tools (RATs).

Additional details of the mentioned vulnerability can be found here:

A remote code execution vulnerability in Internet Explorer versions 6, 7, 8, and 9 is being used in some targeted attacks. Visiting a website or webpage where the exploit is hosted may automatically run the exploit. Trend Micro detects the exploit as HTML_EXPDROP.II.

Note that this vulnerability does not affect Internet Explorer 10. The following Windows Server Core Installations are also not affected:

  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 R2 for x64-based Systems
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2012