Microsoft has release, June 11th 2013, during his June Patch Tuesday, one updated security advisory, one new security advisory and five security bulletins. On the five security bulletins one of them has a Critical security rating.
Microsoft Security Advisory 2755801
MSA-2755801,released during September 2012, has been updated. The security advisory is regarding updates for vulnerabilities in Adobe Flash Player in Internet Explorer 10. KB2847928 has been released for supported editions of Windows 8, Windows Server 2012, and Windows RT. The update addresses the vulnerabilities described in Adobe Security bulletin APSB13-16.
Microsoft Security Advisory 2854544
MSA-2854544 concern improvements of cryptography and digital certificate handling in Windows. KB2813430 expand Certificate Trust List (CTL) functionality for managing private PKI environments on Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT.
MS13-047 Cumulative Security Update for Internet Explorer
MS13-047 security update, classified as Critical, allowing remote code execution, is the fix for nineteen privately reported vulnerabilities in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10. CVE-2013-3126 (2.0 CVSS base score) and CVE-2013-3123 (9.3 CVSS base score) were discovered and privately reported by [email protected], working with HP’s Zero Day Initiative. CVE-2013-3110 (9.3 CVSS base score) was discovered and privately reported by Scott Bell of Security-Assessment.com. CVE-2013-3111 (9.3 CVSS base score) and CVE-2013-3120 (9.3 CVSS base score) were discovered and privately reported by SkyLined, working with HP’s Zero Day Initiative. CVE-2013-3112 (9.3 CVSS base score), CVE-2013-3121 (9.3 CVSS base score), CVE-2013-3122 (9.3 CVSS base score) and CVE-2013-3141 (9.3 CVSS base score) were discovered and privately reported by anonymous researcher’s, working with HP’s Zero Day Initiative. CVE-2013-3113 (9.3 CVSS base score), CVE-2013-3114 (9.3 CVSS base score), CVE-2013-3116 (9.3 CVSS base score) and CVE-2013-3117 (9.3 CVSS base score) were discovered and privately reported by Ivan Fratric and Ben Hawkes of the Google Security Team. CVE-2013-3118 (9.3 CVSS base score) and CVE-2013-3125 (9.3 CVSS base score) were discovered and privately reported by Omair, working with HP’s Zero Day Initiative. CVE-2013-3119 (9.3 CVSS base score) was discovered and privately reported by Stephen Fewer of Harmony Security, working with HP’s Zero Day Initiative. CVE-2013-3124 (9.3 CVSS base score) and CVE-2013-3125 (9.3 CVSS base score) were discovered and privately reported by Omair, working with HP’s Zero Day Initiative, and by Amol Naik also working with HP’s Zero Day Initiative. CVE-2013-3139 (9.3 CVSS base score) was discovered and privately reported by an unknown security researcher. CVE-2013-3142 (9.3 CVSS base score) was discovered and privately reported by Toan Pham Van, working with HP’s Zero Day Initiative.
MS13-048 Vulnerability in Windows Kernel Could Allow Information Disclosure
MS13-048 security update, classified as Important, allowing information disclosure, is the fix for one privately reported vulnerability in Windows Kernel. CVE-2013-3136 (4.4 CVSS base score) was discovered and privately reported by Mateusz “j00ru” Jurczyk of Google Inc.
MS13-049 Vulnerability in Kernel-Mode Driver Could Allow Denial of Service
MS13-049 security update, classified as Important, allowing denial of service, is the fix for one privately reported vulnerability in Windows Kernel-Mode Driver. CVE-2013-3138 (7.1 CVSS base score) was discovered and privately reported by an anonymous security researcher.
MS13-050 Vulnerability in Windows Print Spooler Components Could Allow Elevation of Privilege
MS13-050 security update, classified as Important, allowing elevation of privilege, is the fix for one privately reported vulnerability in Windows Print Spooler Components. CVE-2013-1339 (9.0 CVSS base score) was discovered and privately reported by an anonymous security researcher.
MS13-051 Vulnerability in Microsoft Office Could Allow Remote Code Execution
MS13-051 security update, classified as Important, allowing remote code execution, is the fix for one privately reported vulnerability in Microsoft Office. CVE-2013-1331 (9.3 CVSS base score) was discovered and privately reported by Andrew Lyons and Neel Mehta of Google Inc.