March 2013 - Microsoft Releases 7 Security Advisories
DESCRIPTION
Microsoft addresses the following vulnerabilities in its March batch of patches:
- (MS13-021) Cumulative Security Update for Internet Explorer (2809289)
Risk Rating: Critical
This patch addresses several vulnerabilities found in Internet Explorer. The said vulnerabilities when exploited could allow remote code execution via a specially crafted webpage thus compromising the security of the affected systems. Read more here.
- (MS13-022) Vulnerability in Silverlight Could Allow Remote Code Execution (2814124)
Risk Rating: Critical
This patch addresses a vulnerability found in Microsoft Silverlight. It can allow remote code execution when exploited via a specially crafted Silverlight application hosted on websites. Read more here.
- (MS13-023) Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2801261)
Risk Rating: Critical
This patch addresses a vulnerability found in Microsoft Office. It can be exploited once a user opens a specially crafted Visio file thus resulting to remote code execution, compromising the security of the systems. Read more here.
- (MS13-024) Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2780176)
Risk Rating: Critical
This patch addresses vulnerabilities found in Microsoft SharePoint and Microsoft SharePoint Foundation. When exploited via a malicious URL pointing to a SharePoint site, it can allow elevation of privilege. Read more here.
- (MS13-025) Vulnerability in Microsoft OneNote Could Allow Information Disclosure (2816264)
Risk Rating: Important
This patch addresses a vulnerability existing in Microsoft OneNote. A remote attacker can abused this vulnerability when they lure users into opening a specially crafted OneNote file thus leading to information disclosure. Read more here.
- (MS13-026) Vulnerability in Office Outlook for Mac Could Allow Information Disclosure (2813682)
Risk Rating: Important
This patch addresses a vulnerability existing Microsoft Office for Mac. When exploited via a specially crafted email message it can allow information disclosure. Read more here.
- (MS13-027) Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2807986)
Risk Rating: Important
This patch addresses the vulnerabilities found in Microsoft Windows. These vulnerabilities when exploited can allow elevation of privilege once attacker gains access to an affected system thus compromising its security. Read more here.
TREND MICRO PROTECTION INFORMATION
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.
| MS Bulletin ID | Vulnerability ID | DPI Rule Number | DPI Rule Name | Release Date | IDF Compatibility |
| MS13-021 | CVE-2013-0087 | 1005411 | Microsoft Internet Explorer OnResize Use After Free Vulnerability (CVE-2013-0087) | 12-Mar-13 | YES |
| CVE-2013-0088 | 1005413 | Microsoft Internet Explorer 'saveHistory' Use After Free Vulnerability | 12-Mar-13 | YES | |
| CVE-2013-0089 | 1005413 | Microsoft Internet Explorer 'saveHistory' Use After Free Vulnerability | 12-Mar-13 | YES | |
| CVE-2013-0090 | 1005415 | Microsoft Internet Explorer CCaret Use After Free Vulnerability (CVE-2013-0090) | 12-Mar-13 | YES | |
| CVE-2013-0091 | 1005416 | Internet Explorer CElement Use After Free Vulnerability (CVE-2013-0091) | 12-Mar-13 | YES | |
| CVE-2013-0092 | 1005414 | Internet Explorer GetMarkupPtr Use After Free Vulnerability (CVE-2013-0092) | 12-Mar-13 | YES | |
| CVE-2013-0093 | 1005412 | Internet Explorer onBeforeCopy Use After Free Vulnerability (CVE-2013-0093) | 12-Mar-13 | YES | |
| CVE-2013-0094 | 1005418 | Microsoft Internet Explorer 'removeChild' Use After Free Vulnerability (CVE-2013-0094) | 12-Mar-13 | YES | |
| CVE-2013-1288 | 1005421 | Internet Explorer CTreeNode Use After Free Vulnerability (CVE-2013-1288) | 12-Mar-13 | YES | |
| MS13-022 | CVE-2013-0074 | 1005013 | Identified Suspicious Upload Of Microsoft .Net Executable | 12-Jun-12 | YES |
| MS13-023 | CVE-2013-0079 | 1005419 | Microsoft Visio Viewer Tree Object Type Confusion Vulnerability (CVE-2013-0079) | 12-Mar-13 | YES |
| MS13-024 | CVE-2013-0080 | 1000552 | Generic Cross Site Scripting(XSS) Prevention | 18-Jul-06 | YES |
| CVE-2013-0083 | 1000552 | Generic Cross Site Scripting(XSS) Prevention | 18-Jul-06 | YES | |
| CVE-2013-0084 | 1005417 | Microsoft SharePoint Directory Traversal Vulnerability (CVE-2013-0084) | 12-Mar-13 | YES | |
| MS13-025 | CVE-2013-0086 | 1005420 | Microsoft OneNote Buffer Size Validation Vulnerability (CVE-2013-0086) | 12-Mar-13 | YES |
Featured Stories
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more
A Closer Exploration of Residential Proxies and CAPTCHA-Breaking ServicesThis article, the final part of a two-part series, focuses on the details of our technical findings and analyses of select residential proxies and CAPTCHA-solving services.Read more
How Residential Proxies and CAPTCHA-Solving Services Become Agents of AbuseThis article, the first of a two-part series, provides insights on how abusers and cybercriminals use residential proxies and CAPTCHA-solving services to enable bots, scrapers, and stuffers, and proposes security countermeasures for organizations.Read more
Abusing Argo CD, Helm, and Artifact Hub: An Analysis of Supply Chain Attacks in Cloud-Native ApplicationsWe provide an overview of cloud-native tools and examine how cybercriminals can exploit their vulnerabilities to launch supply chain attacks.Read more