Tag Archives: APSB13-11

APSB13-11 – Adobe Flash April 2013 Security Bulletin Review

Adobe has release, the 9 April 2013, during his April Patch Tuesday, one Adobe Flash security bulletin dealing with four vulnerabilities. This security bulletin has a Critical severity rating.

APSB13-11 – Security updates available for Adobe Flash Player

APSB13-11 is concerning :

  • Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh
  • Adobe Flash Player 11.2.202.275  and earlier versions for Linux
  • Adobe Flash Player 11.1.115.48 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x
  • Adobe AIR 3.6.0.6090 and earlier versions for Windows, Macintosh and Android
  • Adobe AIR 3.6.0.6090 SDK & Compiler and earlier version

CVE-2013-1378 (7.5 CVSS base score), CVE-2013-1379 (7.5 CVSS base score) and CVE-2013-1380 (7.5 CVSS base score) have been discovered and privately reported by Mateusz Jurczyk, Gynvael Coldwind, and Fermin Serna of the Google Security TeamCVE-2013-2555 (10.0 CVSS base score) has been discovered and privately reported by a VUPEN Security reported through TippingPoint’s Zero Day Initiative.

Microsoft April 2013 Patch Tuesday Review

Microsoft has release, the 9 April 2013, during his April Patch Tuesday, one updated security advisory and nine security bulletins. On the nine security bulletins two of them have a Critical security rating.

Microsoft Security Advisory 2755801

MSA-2755801,released during September 2012, has been updated. The security advisory is regarding updates for vulnerabilities in Adobe Flash Player in Internet Explorer 10. KB2833510 has been released for supported editions of Windows 8, Windows Server 2012, and Windows RT. The update addresses the vulnerabilities described in Adobe Security bulletin APSB13-11.

MS13-028 – Cumulative Security Update for Internet Explorer

MS13-028 security update, classified as Critical, allowing remote code execution, is the fix for 2 privately reported vulnerabilities in Internet Explorer. CVE-2013-1303 (6.8 CVSS base score) and CVE-2013-1304 (6.8 CVSS base score) were discovered and privately reported by Ivan Fratric and Ben Hawkes of Google Security Team.

MS13-029 – Vulnerability in Remote Desktop Client Could Allow Remote Code Execution

MS13-029 security update, classified as Critical, allowing remote code execution, is the fix for 1 privately reported vulnerability in Windows Remote Desktop Client. CVE-2013-1296 (9.3 CVSS base score) was discovered and privately reported by c1d2d9acc746ae45eeb477b97fa74688, working with HP’s Zero Day Initiative.

MS13-030 – Vulnerability in SharePoint Could Allow Information Disclosure

MS13-030 security update, classified as Important, allowing information disclosure, is the fix for 1 publicly reported vulnerability in Microsoft SharePoint Server. CVE-2013-1290 (3.5 CVSS base score) was publicly disclosed.

MS13-031 – Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege

MS13-031 security update, classified as Important, allowing elevation of privileges, is the fix for 2 privately reported vulnerabilities in Microsoft Windows. CVE-2013-1284 (4.9 CVSS base score) and CVE-2013-1294 (4.9 CVSS base score) were discovered and privately reported by Gynvael Coldwind and Mateusz “j00ru” Jurczyk of Google Inc.

MS13-032 – Vulnerability in Active Directory Could Lead to Denial of Service

MS13-032 security update, classified as Important, allowing denial of service, is the fix for 1 privately reported vulnerability in Active Directory. CVE-2013-1282 (unknown CVSS base score) was discovered and privately reported.

MS13-033 – Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege

MS13-033 security update, classified as Important, allowing elevation of privileges, is the fix for 1 privately reported vulnerability. CVE-2013-1295 (5.0 CVSS base score) was discovered and privately reported by George Georgiev Valkov.

MS13-034 – Vulnerability in Microsoft Antimalware Client Could Allow Elevation of Privilege

MS13-034 security update, classified as Important, allowing elevation of privileges, is the fix for 1 privately reported vulnerability in the Microsoft Antimalware Client. CVE-2013-0078 (7.2 CVSS base score) was discovered and privately reported.

MS13-035 – Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege

MS13-035 security update, classified as Important, allowing elevation of privileges, is the fix for 1 privately reported vulnerability in the Microsoft Office. CVE-2013-1289 (4.3 CVSS base score) was discovered and privately reported by Drew Hintz of Google Security Team.

MS13-036 – Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege

MS13-036 security update, classified as Important, allowing elevation of privileges, is the fix for three privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft Windows. CVE-2013-1283 (6.9 CVSS base score) and CVE-2013-1292 (6.9 CVSS base score) were discovered and privately reported by Gynvael Coldwind and Mateusz “j00ru” Jurczyk of Google IncCVE-2013-1293 (6.9 CVSS base score) was publicly disclosed by Gynvael Coldwind and Mateusz “j00ru” Jurczyk of Google IncCVE-2013-1291 (7.1 CVSS base score) was discovered and privately reported by Wang Yu.