Tag Archives: MSA-2755801

MSA-2755801 Microsoft Emergency Patch For Flash Player 0day

Microsoft has release, December 29th 2015, an emergency patch, with the updated of one security advisory concerning Adobe Flash Player.

Microsoft Security Advisory 2755801

MSA-2755801,released during September 2012, has been updated. The security advisory is concerning updates for vulnerabilities in Adobe Flash Player in Internet Explorer 10, Internet Explorer 11 and Microsoft Edge. KB3132372 has been released for supported editions of for:

  • Internet Explorer 10 on Windows 8, Windows Server 2012, and Windows RT;
  • Internet Explorer 11 on Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10;
  • Microsoft Edge on Windows 10.

The update addresses the vulnerabilities and Adobe Flash Player 0day (CVE-2015-8651described in Adobe Security bulletin APSB16-01.

Application of KB3132372 could lead to limited application crashes on Windows 10.

Microsoft December 2015 Patch Tuesday Review

Microsoft has release, December 8th 2015, during his December 2015 Patch Tuesday, two updated security advisory, one new security advisory and twelve security bulletins. On the twelve security bulletins eight of them have a Critical security rating.

Microsoft Security Advisory 2755801

MSA-2755801,released during September 2012, has been updated. The security advisory is concerning updates for vulnerabilities in Adobe Flash Player in Internet Explorer 10, Internet Explorer 11 and Microsoft Edge. KB3119147 has been released for supported editions of for:

  • Internet Explorer 10 on Windows 8, Windows Server 2012, and Windows RT;
  • Internet Explorer 11 on Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10;
  • Microsoft Edge on Windows 10.

The update addresses the vulnerabilities described in Adobe Security bulletin APSB15-32.

Microsoft Security Advisory 3057154

MSA-3057154, release during July 2015, has been updated. The security advisory is concerning harden scenarios in which Data Encryption Standard (DES) encryption keys are used with accounts to ensure that domain users, services, and computers that support other encryption types are not vulnerable to credential theft or elevation of privilege attacks.  KB3057154 has been released for:

  • Windows Server 2003 Service Pack 2
  • Windows Server 2003 R2 Service Pack 2
  • Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2003 R2 x64 Edition Service Pack 2
  • Windows Server 2003 with SP2 for Itanium-based Systems
  • Windows Vista Service Pack 2
  • Windows Vista x64 Edition Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for Itanium-based Systems Service Pack 2
  • Windows 7 for 32-bit Systems Service Pack 1
  • Windows 7 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
  • Windows 8 for 32-bit Systems
  • Windows 8 for x64-based Systems
  • Windows 8.1 for 32-bit Systems
  • Windows 8.1 for x64-based Systems
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows RT
  • Windows RT 8.1
  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012 R2 (Server Core installation)

Microsoft Security Advisory 3123040

MSA-3123040 concerns an SSL/TLS digital certificate for *.xboxlive.com for which the private keys were inadvertently disclosed. The certificate could be used in attempts to perform man-in-the-middle attacks. It cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows. KB2677070 has been release for:

  • Windows Vista Service Pack 2
  • Windows Vista x64 Edition Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for Itanium-based Systems Service Pack 2
  • Windows 7 for 32-bit Systems Service Pack 1
  • Windows 7 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
  • Windows 8 for 32-bit Systems
  • Windows 8 for x64-based Systems
  • Windows 8.1 for 32-bit Systems
  • Windows 8.1 for x64-based Systems
  • Windows RT
  • Windows RT 8.1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows 10
  • Windows 10 Version 1511
  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 R2 for x64-based Systems (Server Core installation)
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012 R2 (Server Core installation)
  • Windows Phone 8
  • Windows Phone 8.1
  • Windows 10 Mobile

MS15-124 Cumulative Security Update for Internet Explorer

MS15-124 security update, classified as Critical, allowing remote code execution, is the fix for 30 privately reported vulnerabilities in Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11. KB3116180 has been release for fixing the bellow vulnerabilities:

CVECVSS scoreDisclosedExploitedCredit
CVE-2015-60839.3NoNoHui Gao of Palo Alto Networks
CVE-2015-61349.3NoNoSkyLined, working with HP’s Zero Day Initiative
CVE-2015-61355.0NoNoSimon Zuckerbraun, working with HP’s Zero Day Initiative
CVE-2015-61369.3NoNo- Simon Zuckerbraun, working with HP’s Zero Day Initiative
- An anonymous researcher, working with HP’s Zero Day Initiative
- Yuki Chen of Qihoo 360Vulcan Team
CVE-2015-61384.3NoNoNone
CVE-2015-61399.3NoNoMichal Bentkowski
CVE-2015-61409.3NoNoBo Qu of Palo Alto Networks
CVE-2015-61419.3NoNoB6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative
CVE-2015-61429.3NoNoSimon Zuckerbraun, working with HP’s Zero Day Initiative
CVE-2015-61439.3NoNoNone
CVE-2015-61444.3NoNoMasato Kinugawa
CVE-2015-61459.3NoNoCong Zhang and Yi Jiang, working with Beijing VRV Software Co., LTD.
CVE-2015-61469.3NoNoBo Qu of Palo Alto Networks
CVE-2015-61479.3NoNoB6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative
CVE-2015-61489.3NoNoA3F2160DCA1BDE70DA1D99ED267D5DC1EC336192, working with HP’s Zero Day Initiative
CVE-2015-61499.3NoNoB6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative
CVE-2015-61509.3NoNoB6BEB4D5E828CF0CCB47BB24AAC22515, working with HP’s Zero Day Initiative
CVE-2015-61519.3NoNoLi Kemeng of Baidu Security Team(x-Team) , working with HP’s Zero Day Initiative
CVE-2015-61529.3NoNoMoritz Jodeit of Blue Frost Security
CVE-2015-61539.3NoNoShi Ji (@Puzzor)
CVE-2015-61549.3NoNoChenDong Li and YunZe Ni of Tencent
CVE-2015-61559.3NoNoZheng Huang of the Baidu Scloud XTeam, working with VeriSign iDefense Labs
CVE-2015-61569.3NoNoAnonymous contributor, working with VeriSign iDefense Labs
CVE-2015-61574.3NoNoZheng Huang of the Baidu Scloud XTeam, working with VeriSign iDefense Labs
CVE-2015-61589.3NoNoZheng Huang of the Baidu Scloud XTeam, working with VeriSign iDefense Labs
CVE-2015-61599.3NoNoZheng Huang of the Baidu Scloud XTeam
CVE-2015-61609.3NoNoGarage4Hackers, working with HP’s Zero Day Initiative
CVE-2015-61614.3NoNoRh0
CVE-2015-61629.3NoNoWenxiang Qian of TencentQQBrowser
CVE-2015-61646.8NoNoNone

MS15-125 Cumulative Security Update for Microsoft Edge

MS15-125 security update, classified as Critical, allowing remote code execution, is the fix for 15 privately reported vulnerabilities in Microsoft Edge on Windows 10. KB3116184 has been released for fixing the bellow vulnerabilities:

CVECVSS scoreDisclosedExploitedCredit
CVE-2015-61399.3NoNoMichal Bentkowski
CVE-2015-61409.3NoNoBo Qu of Palo Alto Networks
CVE-2015-61429.3NoNoSimon Zuckerbraun, working with HP’s Zero Day Initiative
CVE-2015-61489.3NoNoA3F2160DCA1BDE70DA1D99ED267D5DC1EC336192, working with HP’s Zero Day Initiative
CVE-2015-61519.3NoNoLi Kemeng of Baidu Security Team(x-Team) , working with HP’s Zero Day Initiative
CVE-2015-61539.3NoNoShi Ji (@Puzzor)
CVE-2015-61549.3NoNoChenDong Li and YunZe Ni of Tencent
CVE-2015-61559.3NoNoZheng Huang of the Baidu Scloud XTeam, working with VeriSign iDefense Labs
CVE-2015-61589.3NoNoZheng Huang of the Baidu Scloud XTeam, working with VeriSign iDefense Labs
CVE-2015-61599.3NoNoZheng Huang of the Baidu Scloud XTeam
CVE-2015-61614.3NoNoRh0
CVE-2015-61689.3NoNoSkyLined, working with HP’s Zero Day Initiative
CVE-2015-61694.3NoNoNone
CVE-2015-61706.8NoNoMario Heiderich of Cure53
CVE-2015-61764.3NoNoMasato Kinugawa

MS15-126 Cumulative Security Update for JScript and VBScript

MS15-126 security update, classified as Critical, allowing remote code execution, is the fix for 2 privately reported vulnerabilities in VBScript scripting engine in Microsoft Windows. KB3116178 has been released for fixing the bellow vulnerabilities:

CVECVSS scoreDisclosedExploitedCredit
CVE-2015-61355.0NoNoSimon Zuckerbraun, working with HP’s Zero Day Initiative
CVE-2015-61369.3NoNo- Simon Zuckerbraun, working with HP’s Zero Day Initiative
- An anonymous researcher, working with HP’s Zero Day Initiative
- Yuki Chen of Qihoo 360Vulcan Team

MS15-127 Security Update for Microsoft Windows DNS

MS15-127 security update, classified as Critical, allowing remote code execution, is the fix for 1 privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted requests to a DNS server. KB3100465 has been released for fixing the bellow vulnerability:

CVECVSS scoreDisclosedExploitedCredit
CVE-2015-61259.3NoNoNone

MS15-128 Security Update for Microsoft Graphics Component

MS15-128 security update, classified as Critical, allowing remote code execution, is the fix for 3 privately reported vulnerabilities in Microsoft Windows, .NET Framework, Microsoft Office, Skype for Business, Microsoft Lync, and Silverlight. The vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts. KB3104503 has been released for fixing the bellow vulnerabilities:

CVECVSS scoreDisclosedExploitedCredit
CVE-2015-61069.3NoNoSteven Vittitoe of Google Project Zero
CVE-2015-61079.3NoNoSteven Vittitoe of Google Project Zero
CVE-2015-61089.3NoNoNone

MS15-129 Security Update for Silverlight

MS15-129 security update, classified as Critical, allowing remote code execution, is the fix for 3 privately reported vulnerabilities in Microsoft Silverlight. KB3106614 has been released for fixing the bellow vulnerabilities:

CVECVSS scoreDisclosedExploitedCredit
CVE-2015-61144.3YesYesNone
CVE-2015-61654.3NoNoMarcin 'Icewall' Noga of Cisco Talos
CVE-2015-61669.3NoNoNone

CVE-2015-6114 vulnerability details have been disclosed publicly by @_Icewall from Cisco Talos vulndev team.

MS15-130 Security Update for Microsoft Uniscribe

MS15-130 security update, classified as Critical, allowing remote code execution, is the fix for 1 privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains specially crafted fonts. KB3108670 has been released for fixing the bellow vulnerability:

CVECVSS scoreDisclosedExploitedCredit
CVE-2015-61309.3NoNoHossein Lotfi, Secunia Research (now part of Flexera Software)

MS15-131 Security Update for Microsoft Office

MS15-131 security update, classified as Critical, allowing remote code execution, is the fix for 6 privately reported vulnerabilities in Microsoft Windows. Interesting to see that CVE-2015-6124 has been privately reported but seen as exploited in wild. KB3116111 has been released for fixing the bellow vulnerabilities:

CVECVSS scoreDisclosedExploitedCredit
CVE-2015-60409.3NoNoSteven Vittitoe of Google Project Zero
CVE-2015-61189.3NoNoKai Lu of Fortinet's FortiGuard Labs
CVE-2015-61229.3NoNoSteven Vittitoe of Google Project Zero
CVE-2015-61249.3NoYesNone
CVE-2015-61729.3NoNoHaifei Li of Intel Security IPS Research Team
CVE-2015-61779.3NoNoKai Lu of Fortinet's FortiGuard Labs

MS15-132 Security Update for Microsoft Windows

MS15-132 security update, classified as Important, allowing remote code execution, is the fix for 3 privately reported vulnerabilities in Microsoft Windows. KB3116162 has been released for fixing the bellow vulnerabilities:

CVECVSS scoreDisclosedExploitedCredit
CVE-2015-61287.2YesYes- Steven Vittitoe of Google Project Zero
- Parvez Anwar
CVE-2015-61327.2NoNoNone
CVE-2015-61337.2NoNoNone

CVE-2015-6128 vulnerability details have been disclosed publicly with a proof of concept.

MS15-133 Security Update for Windows PGM

MS15-133 security update, classified as Important, allowing elevation of privilege, is the fix for 1 privately reported vulnerability in Microsoft Windows. KB3116130 has been released for fixing the bellow vulnerability:

CVECVSS scoreDisclosedExploitedCredit
CVE-2015-61267.2NoNoNone

MS15-134 Security Update for Windows Media Center

MS15-134 security update, classified as Important, allowing remote code execution, is the fix for 2 privately reported vulnerabilities in Microsoft Windows. KB3108669 has been released for fixing the bellow vulnerabilities:

CVECVSS scoreDisclosedExploitedCredit
CVE-2015-61274.3YesYesFrancisco Falcon of Core Security
CVE-2015-61319.3YesYesZhang YunHai of NSFOCUS Security Team

CVE-2015-6127 vulnerability details have been disclosed publicly with a proof of concept.

CVE-2015-6131 vulnerability details have been disclosed publicly with a proof of concept.

MS15-135 Security Update for Windows Kernel-Mode Drivers

MS15-135 security update, classified as Important, allowing elevation of privilege, is the fix for 4 privately reported vulnerabilities in Microsoft Windows. Interesting to see that CVE-2015-6175 has been publicly reported and also seen exploited in wild. KB3119075 has been released for fixing the bellow vulnerabilities:

CVECVSS scoreDisclosedExploitedCredit
CVE-2015-61717.2NoNoNils Sommer of bytegeist, working with Google Project Zero
CVE-2015-61737.2NoNoNils Sommer of bytegeist, working with Google Project Zero
CVE-2015-61747.2NoNoNils Sommer of bytegeist, working with Google Project Zero
CVE-2015-61757.2YesYesNone

Microsoft June 2013 Patch Tuesday Review

Microsoft has release, June 11th 2013, during his June Patch Tuesday, one updated security advisory, one new security advisory and five security bulletins. On the five security bulletins one of them has a Critical security rating.

Microsoft Security Advisory 2755801

MSA-2755801,released during September 2012, has been updated. The security advisory is regarding updates for vulnerabilities in Adobe Flash Player in Internet Explorer 10. KB2847928 has been released for supported editions of Windows 8, Windows Server 2012, and Windows RT. The update addresses the vulnerabilities described in Adobe Security bulletin APSB13-16.

Microsoft Security Advisory 2854544

MSA-2854544 concern improvements of cryptography and digital certificate handling in Windows. KB2813430 expand Certificate Trust List (CTL) functionality for managing private PKI environments on Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT.

MS13-047 Cumulative Security Update for Internet Explorer

MS13-047 security update, classified as Critical, allowing remote code execution, is the fix for nineteen privately reported vulnerabilities in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10. CVE-2013-3126 (2.0 CVSS base score) and CVE-2013-3123 (9.3 CVSS base score) were discovered and privately reported by [email protected], working with HP’s Zero Day Initiative. CVE-2013-3110 (9.3 CVSS base score) was discovered and privately reported by Scott Bell of Security-Assessment.com. CVE-2013-3111 (9.3 CVSS base score) and CVE-2013-3120 (9.3 CVSS base score) were discovered and privately reported by SkyLined, working with HP’s Zero Day Initiative. CVE-2013-3112 (9.3 CVSS base score), CVE-2013-3121 (9.3 CVSS base score), CVE-2013-3122 (9.3 CVSS base score) and CVE-2013-3141 (9.3 CVSS base score) were discovered and privately reported by anonymous researcher’s, working with HP’s Zero Day Initiative. CVE-2013-3113 (9.3 CVSS base score), CVE-2013-3114 (9.3 CVSS base score), CVE-2013-3116 (9.3 CVSS base score) and CVE-2013-3117 (9.3 CVSS base score) were discovered and privately reported by Ivan Fratric and Ben Hawkes of the Google Security Team. CVE-2013-3118 (9.3 CVSS base score) and CVE-2013-3125 (9.3 CVSS base score) were discovered and privately reported by Omair, working with HP’s Zero Day Initiative. CVE-2013-3119 (9.3 CVSS base score) was discovered and privately reported by Stephen Fewer of Harmony Security, working with HP’s Zero Day Initiative. CVE-2013-3124 (9.3 CVSS base score) and CVE-2013-3125 (9.3 CVSS base score) were discovered and privately reported by Omair, working with HP’s Zero Day Initiative, and by Amol Naik also working with HP’s Zero Day Initiative. CVE-2013-3139 (9.3 CVSS base score) was discovered and privately reported by an unknown security researcher. CVE-2013-3142 (9.3 CVSS base score) was discovered and privately reported by Toan Pham Van, working with HP’s Zero Day Initiative.

MS13-048 Vulnerability in Windows Kernel Could Allow Information Disclosure

MS13-048 security update, classified as Important, allowing information disclosure, is the fix for one privately reported vulnerability in Windows Kernel. CVE-2013-3136 (4.4 CVSS base score) was discovered and privately reported by Mateusz “j00ru” Jurczyk of Google Inc.

MS13-049 Vulnerability in Kernel-Mode Driver Could Allow Denial of Service

MS13-049 security update, classified as Important, allowing denial of service, is the fix for one privately reported vulnerability in Windows Kernel-Mode Driver. CVE-2013-3138 (7.1 CVSS base score) was discovered and privately reported by an anonymous security researcher.

MS13-050 Vulnerability in Windows Print Spooler Components Could Allow Elevation of Privilege

MS13-050 security update, classified as Important, allowing elevation of privilege, is the fix for one privately reported vulnerability in Windows Print Spooler Components. CVE-2013-1339 (9.0 CVSS base score) was discovered and privately reported by an anonymous security researcher.

MS13-051 Vulnerability in Microsoft Office Could Allow Remote Code Execution

MS13-051 security update, classified as Important, allowing remote code execution, is the fix for one privately reported vulnerability in Microsoft Office. CVE-2013-1331 (9.3 CVSS base score) was discovered and privately reported by Andrew Lyons and Neel Mehta of Google Inc.

Microsoft May 2013 Patch Tuesday Review

Microsoft has release, May 14th 2013, during his May Patch Tuesday, two updated security advisories, two new security advisories and ten security bulletins. On the ten security bulletins two of them have a Critical security rating.

Microsoft Security Advisory 2755801

MSA-2755801,released during September 2012, has been updated. The security advisory is regarding updates for vulnerabilities in Adobe Flash Player in Internet Explorer 10. KB2840613 has been released for supported editions of Windows 8, Windows Server 2012, and Windows RT. The update addresses the vulnerabilities described in Adobe Security bulletin APSB13-14.

Microsoft Security Advisory 2820197

MSA-2820197 update includes kill bits to prevent Honeywell Enterprise Buildings Integrator and SymmetrE and ComfortPoint Open Manager ActiveX controls from being run in Internet Explorer.

Microsoft Security Advisory 2846338

MSA-2846338 concern a privately reported security vulnerability, CVE-2013-1303 (9.3 CVSS base score), in Microsoft Malware Protection Engine that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. This vulnerability has been publicly disclosed as a denial of service. Only x64-based versions of the Malware Protection Engine are affected.

Microsoft Security Advisory 2847140

MSA-2847140, released May 3rd 2013, has been updated. The security advisory concern Microsoft Internet Explorer 8 remote code execution vulnerability (CVE-2013-1347) used in targeted attacks against United States Department of Labor (DOL) Site Exposure Matrices (SEM) and other websites. Microsoft has issue MS13-038 to address the vulnerability.

MS13-037 Cumulative Security Update for Internet Explorer

MS13-037 security update, classified as Critical, allowing remote code execution, is the fix for 11 privately reported vulnerabilities in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10. CVE-2013-1297 (4.3 CVSS base score) was discovered and privately reported by Yosuke Hasegawa. CVE-2013-0811 (9.3 CVSS base score) was discovered and privately reported by Jose Antonio Vazquez Gonzalez, working with VeriSign iDefense Labs. CVE-2013-1306 (9.3 CVSS base score) and CVE-2013-1309 (9.3 CVSS base score) were discovered and privately reported by SkyLined, working with HP’s Zero Day Initiative. CVE-2013-1307 (9.3 CVSS base score) was discovered and privately reported by Ivan Fratric of the Google Security Team. CVE-2013-1308 (9.3 CVSS base score) was discovered and privately reported by [email protected], working with HP’s Zero Day Initiative. CVE-2013-1310 (9.3 CVSS base score) was discovered and privately reported by Yuhong Bao. CVE-2013-1311 (9.3 CVSS base score) was discovered and privately reported by Scott Bell of Security-Assessment.com. CVE-2013-1312 (9.3 CVSS base score) was discovered and privately reported by Stephen Fewer of Harmony Security. CVE-2013-1313 (9.3 CVSS base score) was discovered and privately reported by VUPEN Security (Pwn2Own 2013), working with HP’s Zero Day Initiative.

MS13-038 Security Update for Internet Explorer

MS13-038 security update, classified as Critical, allowing remote code execution, is the fix for one publicly disclosed vulnerability in Internet Explorer 8. CVE-2013-1347 (9.3 CVSS base score), was discovered exploited in the wild in targeted attacks.

MS13-039 Vulnerability in HTTP.sys Could Allow Denial of Service

MS13-039 security update, classified as Important, allowing denial of service, is the fix for one privately reported vulnerability in Microsoft Windows. CVE-2013-1305 (5.0 CVSS base score) was discovered and privately reported by Marek Kroemeke, 22733db72ab3ed94b5f8a1ffcde850251fe6f466, AKAT-1, working with HP’s Zero Day Initiative.

MS13-040 Vulnerabilities in .NET Framework Could Allow Spoofing

MS13-040 security update, classified as Important, allowing spoofing, is the fix for one privately reported vulnerability and one publicly disclosed vulnerability in .NET Framework. CVE-2013-1336 (5.0 CVSS base score) was discovered and privately reported by James Forshaw of Context Information Security. CVE-2013-1337 (7.5 CVSS base score) was publicly disclosed.

MS13-041 Vulnerability in Lync Could Allow Remote Code Execution

MS13-041 security update, classified as Important, allowing remote code execution, is the fix for one privately reported vulnerability in Microsoft Lync. CVE-2013-1302 (9.3 CVSS base score) was discovered and privately reported.

MS13-042 Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution

MS13-042 security update, classified as Important, allowing remote code execution, is the fix for 11 privately reported vulnerabilities in Microsoft Office. CVE-2013-1316 (9.3 CVSS base score), CVE-2013-1317 (9.3 CVSS base score), CVE-2013-1318 (10.0 CVSS base score), CVE-2013-1319 (10.0 CVSS base score), CVE-2013-1320 (10.0 CVSS base score), CVE-2013-1321 (9.3 CVSS base score), CVE-2013-1322 (10.0 CVSS base score), CVE-2013-1323 (9.3 CVSS base score), CVE-2013-1327 (9.3 CVSS base score), CVE-2013-1328 (9.3 CVSS base score) and CVE-2013-1329 (9.3 CVSS base score) were discovered and privately reported by Will Dormann of the CERT/CC.

MS13-043 Vulnerability in Microsoft Word Could Allow Remote Code Execution

MS13-043 security update, classified as Important, allowing remote code execution, is the fix for one privately reported vulnerability in Microsoft Office. CVE-2013-1335 (9.3 CVSS base score) was discovered and privately reported by Will Dormann of the CERT/CC.

MS13-044 Vulnerability in Microsoft Visio Could Allow Information Disclosure

MS13-044 security update, classified as Important, allowing information disclosure, is the fix for one privately reported vulnerability in Microsoft Office. CVE-2013-1301 (4.3 CVSS base score) was discovered and privately reported by Timur Yunusov of Positive Technologies.

MS13-045 Vulnerability in Windows Essentials Could Allow Information Disclosure

MS13-045 security update, classified as Important, allowing information disclosure, is the fix for one privately reported vulnerability in Windows Essentials. CVE-2013-0096 (6.8 CVSS base score) was discovered and privately reported by Andrea Micalizzi, working with Beyond Security’s SecuriTeam Secure Disclosure team.

MS13-046 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege

MS13-046 security update, classified as Important, allowing elevation of privilege, is the fix for three privately reported vulnerabilities in Microsoft Windows. CVE-2013-1332 (7.2 CVSS base score) was discovered and privately reported by Gynvael Coldwind and Mateusz “j00ru” Jurczyk of Google Inc. CVE-2013-1333 (7.2 CVSS base score) was discovered and privately reported by Qihoo 360 Security Center. CVE-2013-1334 (7.2 CVSS base score) was discovered and privately reported by an anonymous researcher, working with the iDefense VCP.