Tag Archives: KB2816264

Microsoft March 2013 Patch Tuesday Review

Microsoft has release, the 12 March 2013, during his March Patch Tuesday, one updated security advisory and seven security bulletins. On the seven security bulletins four of them have a Critical security rating.

Microsoft Security Advisory 2755801

MSA-2755801,released during September 2012, has been updated. The security advisory is regarding updates for vulnerabilities in Adobe Flash Player in Internet Explorer 10. Update KB2824670 has been released for supported editions of Windows 8, Windows Server 2012, and Windows RT. The update addresses the vulnerabilities described in Adobe Security bulletin APSB13-09.

MS13-021 – Cumulative Security Update for Internet Explorer

MS13-021 security update, classified as Critical, allowing remote code execution, is the fix for 8 privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. CVE-2013-0087 (9.3 CVSS base score) was discovered and privately reported by Arseniy Akuney of TELUS Security LabsCVE-2013-0088 (9.3 CVSS base score) was discovered and privately reported by an anonymous researcher, working with HP’s Zero Day InitiativeCVE-2013-0089 (9.3 CVSS base score) was discovered and privately reported by an anonymous researcher, working with HP’s Zero Day InitiativeCVE-2013-0090 (9.3 CVSS base score) was discovered and privately reported by Stephen Fewer of Harmony Security, working with HP’s Zero Day Initiative, and SkyLined, working with HP’s Zero Day InitiativeCVE-2013-0091 (9.3 CVSS base score) was discovered and privately reported by Jose A Vazquez of Yenteasy Security Research, working with the Exodus Intelligence. CVE-2013-0092 (9.3 CVSS base score) was discovered and privately reported by [email protected], working with HP’s Zero Day InitiativeCVE-2013-0093 (9.3 CVSS base score) was discovered and privately reported by [email protected], working with HP’s Zero Day InitiativeCVE-2013-0094 (9.3 CVSS base score) was discovered and privately reported by Simon Zuckerbraun, working with HP’s Zero Day InitiativeCVE-2013-1288 (9.3 CVSS base score) was discovered and publicly disclosed by Gen Chen of Venustech ADLab and by Qihoo 360 Security Center.

MS13-022 – Vulnerability in Silverlight Could Allow Remote Code Execution

MS13-022 security update, classified as Critical, allowing remote code execution, is the fix for one privately reported vulnerability. CVE-2013-0074 (9.3 CVSS base score) was discovered and privately reported by James Forshaw of Context Information Security.

MS13-023 – Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution

MS13-023 security update, classified as Critical, allowing remote code execution, is the fix for one privately reported vulnerability. CVE-2013-0079 (9.3 CVSS base score) was discovered and privately reported by [email protected], working with VeriSign iDefense Labs.

MS13-024 – Vulnerabilities in SharePoint Could Allow Elevation of Privilege

MS13-024 security update, classified as Critical, allowing elevation of privilege, is the fix for four privately reported vulnerabilities. CVE-2013-0080 (7.5 CVSS base score) was discovered and privately reported by Emanuel Bronshtein of BugSecCVE-2013-0083 (4.3 CVSS base score) was discovered and privately reported by Sunil Yadav of INR Labs (Network Intelligence India). CVE-2013-0084 (7.5 CVSS base score) was discovered and privately reported by Moritz Jodeit of n.runs AGCVE-2013-0085 (7.8 CVSS base score) was discovered and privately reported by an unknown security researcher.

MS13-025 – Vulnerability in Microsoft OneNote Could Allow Information Disclosure

MS13-025 security update, classified as Important, allowing information disclosure, is the fix for one privately reported vulnerability. CVE-2013-0086 (5.0 CVSS base score) was discovered and reported by Christopher Gabriel of Telos Corporation.

MS13-026 – Vulnerability in Office Outlook for Mac Could Allow Information Disclosure

MS13-026 security update, classified as Important, allowing information disclosure, is the fix for one privately reported vulnerability. CVE-2013-0095 (5.0 CVSS base score) was discovered and reported by Nick Semenkovich.

MS13-027 – Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege

MS13-027 security update, classified as Important, allowing elevation of privilege, is the fix for three privately reported vulnerabilities. CVE-2013-1285 (7.2 CVSS base score), CVE-2013-1286 (7.2 CVSS base score) and CVE-2013-1287 (7.2 CVSS base score) were discovered and reported by Andy Davis of NCC Group.

An interesting blog post is describing MS13-027 “Addressing an issue in the USB driver requiring physical access“. This fix look like to the Stuxnet flaw.