May 2013 - Microsoft Releases 7 Security Advisories
DESCRIPTION
Microsoft addresses the following vulnerabilities in its May batch of patches:
- (MS13-037) Cumulative Security Update for Internet Explorer (2829530)
Risk Rating: Critical
This patch addresses eleven vulnerabilities found in Internet Explorer, which may lead to malware execution. Users may encounter this attack when visiting specific webpage using Internet Explorer. Exploiting this vulnerability can also give attacker same access right as current user.Read more here.
- (MS13-038) Security Update for Internet Explorer (2847204)
Risk Rating: Critical
This patch addresses one publicly disclosed vulnerability in Internet Explorer that may lead to remote code execution. Users may encounter this by visiting compromised webpage. Read more here.
- (MS13-039) Vulnerability in HTTP.sys Could Allow Denial of Service (2829254)
Risk Rating: Important
This patch addresses a security flaw found in Microsoft Windows. When exploited, this could lead to denial of service (DoS) attack. Read more here.
- (MS13-040) Vulnerabilities in .NET Framework Could Allow Spoofing (2836440)
Risk Rating: Important
This patch addresses two vulnerabilities in the .NET framework that may lead to spoofing once a .NET application receives a malicious XML file. Once exploit is successful, attacker could modify the content of .XML file and gain endpoint functions. Read more here.
- (MS13-041) Vulnerability in Lync Could Allow Remote Code Execution (2834695)
Risk Rating: Important
This patch addresses a vulnerability in Microsoft Lync that may allow an attacker to execute a malware. For attack to be successful, attacker must make a user accpet a Lync or Communicator invitation then share a malicious file or program disguised as a presentation in Lync of Communicator. Read more here.
- (MS13-042) Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2830397)
Risk Rating: Important
This patch addresses eleven vulnerabilities in Microsoft Office that could lead to users executing a malware. Users may encounter this via malware disguised as Publisher file and opening it using vulnerable Microsoft Publisher. Once done, attacker gains same user rights as the current user. Read more here.
- (MS13-043) Vulnerability in Microsoft Word Could Allow Remote Code Execution (2830399)
Risk Rating: Important
This patch addresses a vulnerability in Microsoft Office that could allow remote code execution once user opens a malware disguised as an email message. Once successful, users can gain the same access rights as current user. Read more here.
- (MS13-044) Vulnerability in Microsoft Word Could Allow Remote Code Execution (2830399)
Risk Rating: Important
This patch addresses a vulnerability in Microsoft Office that may lead to unwanted information disclosure by opening a specifically crafted Visio file. Read more here.
- (MS13-045) Vulnerability in Windows Essentials Could Allow Information Disclosure (2813707)
Risk Rating: Important
This patch addresses a vulnerability . Read more here.
- (MS13-046) Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2840221)
Risk Rating: Important
This patch addresses a vulnerability in Microsoft Windows that may lead to an attacker gaining elevation of privilege. To do this, an attacker must have valid logon credentials before exploiting this vulnerability locally. Read more here.
TREND MICRO PROTECTION INFORMATION
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.
| MS Bulletin ID | Vulnerability ID | DPI Rule Number | DPI Rule Name | Release Date | IDF Compatibility |
| MS13-037 | CVE-2013-1297 | 1005499 | Microsoft Internet Explorer JSON Array Information Disclosure Vulnerability | 14-May-13 | YES |
| MS13-037 | CVE-2013-1307 | 1005501 | Internet Explorer Use After Free Vulnerability | 14-May-13 | YES |
| MS13-037 | CVE-2013-1308 | 1005502 | Internet Explorer Use After Free Vulnerability (CVE-2013-1308) | 14-May-13 | YES |
| MS13-037 | CVE-2013-1309 | 1005503 | Microsoft Internet Explorer Use After Free Vulnerability (CVE-2013-1309) | 14-MaY-13 | YES |
| MS13-037 | CVE-2013-1310 | 1005504 | Internet Explorer Use After Free Vulnerability (CVE-2013-1310) | 14-May-13 | YES |
| MS13-037 | CVE-2013-1311 | 1005505 | Internet Explorer Use After Free Vulnerability (CVE-2013-1311) | 12-Mar-13 | YES |
| MS13-037 | CVE-2013-1312 | 1005506 | Microsoft Internet Explorer Use After Free Vulnerability (CVE-2013-1312) | 14-MaY-13 | YES |
| MS13-037 | CVE-2013-2551 | 1005510 | Microsoft Internet Explorer Use After Free Vulnerability (CVE-2013-2551) | 14-May-13 | YES |
| MS13-038 | CVE-2013-1347 | 1005491 | Microsoft Internet Explorer Use-After-Free Remote Code Execution Vulnerability (CVE-2013-1347) | 14-May-13 | YES |
| MS13-039 | CVE-2013-1305 | 1005507 | HTTP.sys Denial Of Service Vulnerability (CVE-2013-1305) | 14-May-13 | NO |
| MS13-040 | CVE-2013-1336 | 1005508 | XML Digital Signature Spoofing Vulnerability (CVE-2013-1336) | 14-MaY-13 | YES |
| MS13-044 | CVE-2013-1301 | 10005498 | XML External Entities Resolution Vulnerability (CVE-2013-1301) | 14-May-13 | YES |
Featured Stories
Update on Exposed MCP Servers: The Threat Widens to the CloudExposed Model Context Protocol (MCP) servers have become powerful vectors for cloud attacks, enabling threat actors to not only access sensitive data but also take control of the cloud services themselves.Read more
Old Vulnerabilities, New AI Era, Amplified Risk: How Outdated Flaws Continue to Fuel the N-Day Exploit MarketEven as AI adoption accelerates, old exploits remain overlooked weaknesses. Underground trends show a renewed demand for exploits, with cybercriminals relying on aging but still effective vulnerabilities. We examine this blind spot and why long-standing issues need to be addressed.Read more
Beware of MCP Hardcoded Credentials: A Perfect Target for Threat ActorsPoor secret management in MCP servers can lead to serious consequences, including data breaches and supply chain attacks. This article examines the reality of these unsecure configurations and offers practical recommendations that minimize the chances of exposure.Read more
Lessons in Resilience from the Race to Patch SharePoint VulnerabilitiesIn this article, Trend Micro discusses how the fast-moving attacks using CVE-2025-53770 and CVE-2025-53771 have underscored the essential role of virtual patching and reliable intelligence in protecting organizations against evolving threats.Read more