Tag Archives: MSA-2755801

Microsoft April 2013 Patch Tuesday Review

09/04/2013Vulnerability ManagementAPSB13-11, CVE-2013-0078, CVE-2013-1282, CVE-2013-1283, CVE-2013-1284, CVE-2013-1289, CVE-2013-1290, CVE-2013-1291, CVE-2013-1292, CVE-2013-1293, CVE-2013-1294, CVE-2013-1295, CVE-2013-1296, CVE-2013-1303, CVE-2013-1304, KB2813170, KB2817183, KB2820917, KB2821818, KB2823482, KB2827663, KB2828223, KB2829996, KB2830914, KB2833510, Microsoft, MS13-028, MS13-029, MS13-030, MS13-031, MS13-032, MS13-033, MS13-034, MS13-035, MS13-036, MSA-2755801wow

Microsoft has release, the 9 April 2013, during his April Patch Tuesday, one updated security advisory and nine security bulletins. On the nine security bulletins two of them have a Critical security rating.

Microsoft Security Advisory 2755801

MSA-2755801,released during September 2012, has been updated. The security advisory is regarding updates for vulnerabilities in Adobe Flash Player in Internet Explorer 10. KB2833510 has been released for supported editions of Windows 8, Windows Server 2012, and Windows RT. The update addresses the vulnerabilities described in Adobe Security bulletin APSB13-11.

MS13-028 – Cumulative Security Update for Internet Explorer

MS13-028 security update, classified as Critical, allowing remote code execution, is the fix for 2 privately reported vulnerabilities in Internet Explorer. CVE-2013-1303 (6.8 CVSS base score) and CVE-2013-1304 (6.8 CVSS base score) were discovered and privately reported by Ivan Fratric and Ben Hawkes of Google Security Team.

MS13-029 – Vulnerability in Remote Desktop Client Could Allow Remote Code Execution

MS13-029 security update, classified as Critical, allowing remote code execution, is the fix for 1 privately reported vulnerability in Windows Remote Desktop Client. CVE-2013-1296 (9.3 CVSS base score) was discovered and privately reported by c1d2d9acc746ae45eeb477b97fa74688, working with HP’s Zero Day Initiative.

MS13-030 – Vulnerability in SharePoint Could Allow Information Disclosure

MS13-030 security update, classified as Important, allowing information disclosure, is the fix for 1 publicly reported vulnerability in Microsoft SharePoint Server. CVE-2013-1290 (3.5 CVSS base score) was publicly disclosed.

MS13-031 – Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege

MS13-031 security update, classified as Important, allowing elevation of privileges, is the fix for 2 privately reported vulnerabilities in Microsoft Windows. CVE-2013-1284 (4.9 CVSS base score) and CVE-2013-1294 (4.9 CVSS base score) were discovered and privately reported by Gynvael Coldwind and Mateusz “j00ru” Jurczyk of Google Inc.

MS13-032 – Vulnerability in Active Directory Could Lead to Denial of Service

MS13-032 security update, classified as Important, allowing denial of service, is the fix for 1 privately reported vulnerability in Active Directory. CVE-2013-1282 (unknown CVSS base score) was discovered and privately reported.

MS13-033 – Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege

MS13-033 security update, classified as Important, allowing elevation of privileges, is the fix for 1 privately reported vulnerability. CVE-2013-1295 (5.0 CVSS base score) was discovered and privately reported by George Georgiev Valkov.

MS13-034 – Vulnerability in Microsoft Antimalware Client Could Allow Elevation of Privilege

MS13-034 security update, classified as Important, allowing elevation of privileges, is the fix for 1 privately reported vulnerability in the Microsoft Antimalware Client. CVE-2013-0078 (7.2 CVSS base score) was discovered and privately reported.

MS13-035 – Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege

MS13-035 security update, classified as Important, allowing elevation of privileges, is the fix for 1 privately reported vulnerability in the Microsoft Office. CVE-2013-1289 (4.3 CVSS base score) was discovered and privately reported by Drew Hintz of Google Security Team.

MS13-036 – Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege

MS13-036 security update, classified as Important, allowing elevation of privileges, is the fix for three privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft Windows. CVE-2013-1283 (6.9 CVSS base score) and CVE-2013-1292 (6.9 CVSS base score) were discovered and privately reported by Gynvael Coldwind and Mateusz “j00ru” Jurczyk of Google Inc. CVE-2013-1293 (6.9 CVSS base score) was publicly disclosed by Gynvael Coldwind and Mateusz “j00ru” Jurczyk of Google Inc. CVE-2013-1291 (7.1 CVSS base score) was discovered and privately reported by Wang Yu.

Microsoft March 2013 Patch Tuesday Review

12/03/2013Vulnerability ManagementAPSB13-09, CVE-2013-0074, CVE-2013-0079, CVE-2013-0080, CVE-2013-0083, CVE-2013-0084, CVE-2013-0085, CVE-2013-0086, CVE-2013-0087, CVE-2013-0088, CVE-2013-0089, CVE-2013-0090, CVE-2013-0091, CVE-2013-0092, CVE-2013-0093, CVE-2013-0094, CVE-2013-0095, CVE-2013-1285, CVE-2013-1286, CVE-2013-1287, CVE-2013-1288, KB2780176, KB2801261, KB2807986, KB2809289, KB2813682, KB2814124, KB2816264, KB2824670, MS13-021, MS13-022, MS13-023, MS13-024, MS13-025, MS13-026, MS13-027, MSA-2755801wow

Microsoft has release, the 12 March 2013, during his March Patch Tuesday, one updated security advisory and seven security bulletins. On the seven security bulletins four of them have a Critical security rating.

Microsoft Security Advisory 2755801

MSA-2755801,released during September 2012, has been updated. The security advisory is regarding updates for vulnerabilities in Adobe Flash Player in Internet Explorer 10. Update KB2824670 has been released for supported editions of Windows 8, Windows Server 2012, and Windows RT. The update addresses the vulnerabilities described in Adobe Security bulletin APSB13-09.

MS13-021 – Cumulative Security Update for Internet Explorer

MS13-021 security update, classified as Critical, allowing remote code execution, is the fix for 8 privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. CVE-2013-0087 (9.3 CVSS base score) was discovered and privately reported by Arseniy Akuney of TELUS Security Labs. CVE-2013-0088 (9.3 CVSS base score) was discovered and privately reported by an anonymous researcher, working with HP’s Zero Day Initiative. CVE-2013-0089 (9.3 CVSS base score) was discovered and privately reported by an anonymous researcher, working with HP’s Zero Day Initiative. CVE-2013-0090 (9.3 CVSS base score) was discovered and privately reported by Stephen Fewer of Harmony Security, working with HP’s Zero Day Initiative, and SkyLined, working with HP’s Zero Day Initiative. CVE-2013-0091 (9.3 CVSS base score) was discovered and privately reported by Jose A Vazquez of Yenteasy Security Research, working with the Exodus Intelligence. CVE-2013-0092 (9.3 CVSS base score) was discovered and privately reported by [email protected], working with HP’s Zero Day Initiative. CVE-2013-0093 (9.3 CVSS base score) was discovered and privately reported by [email protected], working with HP’s Zero Day Initiative. CVE-2013-0094 (9.3 CVSS base score) was discovered and privately reported by Simon Zuckerbraun, working with HP’s Zero Day Initiative. CVE-2013-1288 (9.3 CVSS base score) was discovered and publicly disclosed by Gen Chen of Venustech ADLab and by Qihoo 360 Security Center.

MS13-022 – Vulnerability in Silverlight Could Allow Remote Code Execution

MS13-022 security update, classified as Critical, allowing remote code execution, is the fix for one privately reported vulnerability. CVE-2013-0074 (9.3 CVSS base score) was discovered and privately reported by James Forshaw of Context Information Security.

MS13-023 – Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution

MS13-023 security update, classified as Critical, allowing remote code execution, is the fix for one privately reported vulnerability. CVE-2013-0079 (9.3 CVSS base score) was discovered and privately reported by [email protected], working with VeriSign iDefense Labs.

MS13-024 – Vulnerabilities in SharePoint Could Allow Elevation of Privilege

MS13-024 security update, classified as Critical, allowing elevation of privilege, is the fix for four privately reported vulnerabilities. CVE-2013-0080 (7.5 CVSS base score) was discovered and privately reported by Emanuel Bronshtein of BugSec. CVE-2013-0083 (4.3 CVSS base score) was discovered and privately reported by Sunil Yadav of INR Labs (Network Intelligence India). CVE-2013-0084 (7.5 CVSS base score) was discovered and privately reported by Moritz Jodeit of n.runs AG. CVE-2013-0085 (7.8 CVSS base score) was discovered and privately reported by an unknown security researcher.

MS13-025 – Vulnerability in Microsoft OneNote Could Allow Information Disclosure

MS13-025 security update, classified as Important, allowing information disclosure, is the fix for one privately reported vulnerability. CVE-2013-0086 (5.0 CVSS base score) was discovered and reported by Christopher Gabriel of Telos Corporation.

MS13-026 – Vulnerability in Office Outlook for Mac Could Allow Information Disclosure

MS13-026 security update, classified as Important, allowing information disclosure, is the fix for one privately reported vulnerability. CVE-2013-0095 (5.0 CVSS base score) was discovered and reported by Nick Semenkovich.

MS13-027 – Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege

MS13-027 security update, classified as Important, allowing elevation of privilege, is the fix for three privately reported vulnerabilities. CVE-2013-1285 (7.2 CVSS base score), CVE-2013-1286 (7.2 CVSS base score) and CVE-2013-1287 (7.2 CVSS base score) were discovered and reported by Andy Davis of NCC Group.

An interesting blog post is describing MS13-027 “Addressing an issue in the USB driver requiring physical access“. This fix look like to the Stuxnet flaw.

Microsoft February 2013 Patch Tuesday Review

13/02/2013VariousAdobe, APSB13-05, CVE-2012-3214, CVE-2012-3217, CVE-2013-0015, CVE-2013-0018, CVE-2013-0019, CVE-2013-0020, CVE-2013-0021, CVE-2013-0022, CVE-2013-0023, CVE-2013-0024, CVE-2013-0025, CVE-2013-0026, CVE-2013-0027, CVE-2013-0028, CVE-2013-0029, CVE-2013-0030, CVE-2013-0073, CVE-2013-0075, CVE-2013-0076, CVE-2013-0077, CVE-2013-0393, CVE-2013-0418, CVE-2013-1248, CVE-2013-1249, CVE-2013-1250, CVE-2013-1251, CVE-2013-1252, CVE-2013-1253, CVE-2013-1254, CVE-2013-1255, CVE-2013-1256, CVE-2013-1257, CVE-2013-1258, CVE-2013-1259, CVE-2013-1260, CVE-2013-1261, CVE-2013-1262, CVE-2013-1263, CVE-2013-1264, CVE-2013-1265, CVE-2013-1266, CVE-2013-1267, CVE-2013-1268, CVE-2013-1269, CVE-2013-1270, CVE-2013-1271, CVE-2013-1272, CVE-2013-1273, CVE-2013-1274, CVE-2013-1275, CVE-2013-1276, CVE-2013-1277, CVE-2013-1278, CVE-2013-1279, CVE-2013-1280, CVE-2013-1281, CVE-2013-1313, Flash, KB2778344, KB2780091, KB2784242, KB2790113, KB2790655, KB2790978, KB2792100, KB2797052, KB2799494, KB2800277, KB2802968, KB2805940, KB2809279, Microsoft, MS13-009, MS13-010, MS13-011, MS13-012, MS13-013, MS13-014, MS13-015, MS13-016, MS13-017, MS13-018, MS13-019, MS13-020, MSA-2755801, Oracle, Oracle Critical Patch Update January 2013wow

Microsoft has release, the 12 February 2013, during his February Patch Tuesday, one updated security advisory and twelve security bulletins. On the twelve security bulletins five of them have a Critical security rating.

Microsoft Security Advisory 2755801

MSA-2755801,released during September 2012, has been updated. The security advisory is regarding updates for vulnerabilities in Adobe Flash Player in Internet Explorer 10. Update KB2805940 has been released for supported editions of Windows 8, Windows Server 2012, and Windows RT. The update addresses the vulnerabilities described in Adobe Security bulletin APSB13-05.

MS13-009 – Cumulative Security Update for Internet Explorer

MS13-009 security update, classified as Critical, allowing remote code execution, is the fix for 13 reported vulnerabilities. CVE-2013-0015 (4.3 CVSS base score) was discovered and reported by Masato Kinugawa. CVE-2013-0018 (9.3 CVSS base score) and CVE-2013-0022 (9.3 CVSS base score) were discovered and privately reported by Omair. CVE-2013-0019 (9.3 CVSS base score) was discovered and privately reported by SkyLined, working with HP’s Zero Day Initiative. CVE-2013-0020 (9.3 CVSS base score) was discovered and privately reported by Arthur Gerkis, working with the Exodus Intelligence, and by Stephen Fewer of Harmony Security. CVE-2013-0021 (9.3 CVSS base score) was discovered and privately reported by Tencent PC Manager. CVE-2013-0023 (9.3 CVSS base score) was discovered and privately reported by Arthur Gerkis, working with HP’s Zero Day Initiative. CVE-2013-0024 (9.3 CVSS base score) was discovered and privately reported by an anonymous researcher, working with HP’s Zero Day Initiative. CVE-2013-0025 (9.3 CVSS base score) and CVE-2013-0028 (9.3 CVSS base score) were discovered and privately reported by Scott Bell of Security-Assessment.com. CVE-2013-0026 (9.3 CVSS base score) was discovered and privately reported by Jose A Vazquez of Yenteasy Security Research, working with the Exodus Intelligence. CVE-2013-0027 (9.3 CVSS base score) was discovered and privately reported by Mark Yason of IBM X-Force. CVE-2013-0029 (9.3 CVSS base score) was discovered and privately reported by Stephen Fewer of Harmony Security and [email protected], working with HP’s Zero Day Initiative.

MS13-010 – Vulnerability in Vector Markup Language Could Allow Remote Code Execution

MS13-010 security update, classified as Critical, allowing remote code execution, is the fix for one privately reported vulnerability. CVE-2013-0030 (9.3 CVSS base score) was discovered and privately reported by an unknown security researcher.

MS13-011 – Vulnerability in Media Decompression Could Allow Remote Code Execution

MS13-011 security update, classified as Critical, allowing remote code execution, is the fix for one publicly reported vulnerability. CVE-2013-0077 (9.3 CVSS base score) was discovered and reported by Tencent Security Team.

MS13-012 – Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution

MS13-012 security update, classified as Critical, allowing remote code execution, is the fix for two publicly reported vulnerability linked to Oracle Outside In vulnerabilities fixed during January 2013 Critical Patch Update. These vulnerabilities are CVE-2013-0418 (6.8 CVSS base score) and CVE-2013-0393 (6.8 CVSS base score).

MS13-020 – Vulnerability in OLE Automation Could Allow Remote Code Execution

MS13-020 security update, classified as Critical, allowing remote code execution, is the fix for one publicly reported vulnerability. CVE-2013-1313 (9.3 CVSS base score) was discovered and reported by an anonymous researcher, working with HP’s Zero Day Initiative.

MS13-013 – Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution

MS13-013 security update, classified as Important, allowing remote code execution, is the fix for two publicly reported vulnerability linked to Oracle Outside In vulnerabilities fixed during January 2013 Critical Patch Update. These vulnerabilities are CVE-2012-3214 (2.1 CVSS base score) and CVE-2012-3217 (2.1 CVSS base score).

MS13-014 – Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution

MS13-014 security update, classified as Important, allowing denial of service, is the fix for one privately reported vulnerability. CVE-2013-1281 (7.1 CVSS base score) was discovered and privately reported by an anonymous researcher.

MS13-015 – Vulnerability in .NET Framework Could Allow Elevation of Privilege

MS13-015 security update, classified as Important, allowing elevation of privileges, is the fix for one privately reported vulnerability. CVE-2013-0073 (10.0 CVSS base score) was discovered and privately reported by James Forshaw of Context Information Security.

MS13-016 – Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege

MS13-016 security update, classified as Important, allowing elevation of privileges, is the fix for 30 privately reported vulnerability. CVE-2013-1248 (4.9 CVSS base score) and CVE-2013-1249 (4.9 CVSS base score) were discovered and privately reported by Mateusz “j00ru” Jurczyk of Google Inc, and Tencent Security Team. CVE-2013-1251 (4.9 CVSS base score), CVE-2013-1252 (4.9 CVSS base score) and CVE-2013-1253 (4.9 CVSS base score) were discovered and privately reported by Gynvael Coldwind and Mateusz “j00ru” Jurczyk of Google Inc. CVE-2013-1250 (4.9 CVSS base score), CVE-2013-1254 (4.9 CVSS base score), CVE-2013-1255 (4.9 CVSS base score), CVE-2013-1256 (4.9 CVSS base score), CVE-2013-1257 (4.9 CVSS base score), CVE-2013-1258 (4.9 CVSS base score), CVE-2013-1259 (4.9 CVSS base score), CVE-2013-1260 (4.9 CVSS base score), CVE-2013-1261 (4.9 CVSS base score), CVE-2013-1262 (4.9 CVSS base score), CVE-2013-1263 (4.9 CVSS base score), CVE-2013-1264 (4.9 CVSS base score), CVE-2013-1265 (4.9 CVSS base score), CVE-2013-1266 (4.9 CVSS base score), CVE-2013-1267 (4.9 CVSS base score), CVE-2013-1268 (4.9 CVSS base score), CVE-2013-1269 (4.9 CVSS base score), CVE-2013-1270 (4.9 CVSS base score), CVE-2013-1271 (4.9 CVSS base score), CVE-2013-1272 (4.9 CVSS base score), CVE-2013-1273 (4.9 CVSS base score), CVE-2013-1274 (4.9 CVSS base score), CVE-2013-1275 (4.9 CVSS base score), CVE-2013-1276 (4.9 CVSS base score) and CVE-2013-1277 (4.9 CVSS base score) were discovered and privately reported by Mateusz “j00ru” Jurczyk of Google Inc.

MS13-017 – Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege

MS13-017 security update, classified as Important, allowing elevation of privileges, is the fix for three privately reported vulnerability. CVE-2013-1278 (7.2 CVSS base score) and CVE-2013-1279 (7.2 CVSS base score) were discovered and privately reported by Gynvael Coldwind and Mateusz “j00ru” Jurczyk of Google Inc. CVE-2013-1280 (7.2 CVSS base score) was discovered and privately reported by an unknown security researcher.

MS13-018 – Vulnerability in TCP/IP Could Allow Denial of Service

MS13-018 security update, classified as Important, allowing denial of service, is the fix for a privately reported vulnerability. CVE-2013-0075 (7.1 CVSS base score) was discovered and privately reported by an unknown security researcher.

MS13-019 – Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege

MS13-019 security update, classified as Important, allowing elevation of privileges, is the fix for a publicly reported vulnerability. CVE-2013-0076 (7.2 CVSS base score) was discovered and privately reported by Max DeLiso.

Microsoft January 2013 Patch Tuesday Review

09/01/2013Vulnerability ManagementAdobe, APSB13-01, CVE-2013-0001, CVE-2013-0002, CVE-2013-0003, CVE-2013-0004, CVE-2013-0005, CVE-2013-0006, CVE-2013-0007, CVE-2013-0008, CVE-2013-0009, CVE-2013-0010, CVE-2013-0011, CVE-2013-0013, Flash, KB2796096, Microsoft, MS13-001, MS13-002, MS13-003, MS13-004, MS13-005, MS13-006, MS13-007, MSA-2755801, MSA-973811wow

Microsoft has release, the 8 January 2013, during his January Patch Tuesday, two updated security advisories and seven security bulletins. On the seven security bulletins two of them has a Critical security rating.

Microsoft Security Advisory 973811

MSA-973811,released during August 2009, has been updated. The security advisory is regarding updates for Extended Protection for Authentication. Update v1.14 will provide more informations in the FAQ and Suggested Actions with information about attacks against NTLMv1 and LAN Manager network authentication. Applying Microsoft “Fix it“, for Windows XP or Windows Server 2003, enables NTLMv2 settings in order to take advantage of Extended Protection for Authentication.

Microsoft Security Advisory 2755801

MSA-2755801,released during September 2012, has been updated. The security advisory is regarding updates for vulnerabilities in Adobe Flash Player in Internet Explorer 10. Update KB2796096 has been released for supported editions of Windows 8, Windows Server 2012, and Windows RT. The update addresses the vulnerabilities described in Adobe Security bulletin APSB13-01.

MS13-001 – Vulnerability in Windows Print Spooler Components Could Allow Remote Code Execution

MS13-001 security update, classified as Critical, allowing remote code execution, is the fix for one privately reported vulnerability. CVE-2013-0011 has a 10.0 CVSS base score and was discovered and privately reported by un unknown security researcher.

Affected software are:

Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 8 for 32-bit Systems
Windows 8 for 64-bit Systems
Windows Server 2012
Windows RT

MS13-002 – Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution

MS13-002 security update, classified as Critical, allowing remote code execution, is fixing two privately reported vulnerabilities. CVE-2013-0006 has a 9.3 CVSS base score and was discovered and privately reported by an unknown security researcher. CVE-2013-0007 has a 9.3 CVSS base score and was discovered and privately reported by Nicolas Gregoire of Agarri, working with VeriSign iDefense Labs.

Affected softwares are:

Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for 64-bit Systems
Windows Server 2012
Windows RT

MS13-003 – Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege

MS13-003 security update, classified as Important, allowing elevation of privilege, is fixing two privately reported vulnerabilities. CVE-2013-0009 has a 4.3 CVSS base score and was discovered and privately reported by an anonymous security researcher. CVE-2013-0010 has a 4.3 CVSS base score and was discovered and privately reported by Andy Yang of Stratsec.

Affected softwares are:

Microsoft System Center Operations Manager 2007 Service Pack 1
Microsoft System Center Operations Manager 2007 R2

MS13-004 – Vulnerabilities in .NET Framework Could Allow Elevation of Privilege

MS13-004 security update, classified as Important, allowing elevation of privilege, is fixing four privately reported vulnerabilities. CVE-2013-0001 has a 7.1 CVSS base score and was discovered and privately reported by Jon Erickson of iSIGHT Partners Global Vulnerability Partnership. CVE-2013-0002 has a 9.3 CVSS base score and was discovered and privately reported by Vitaliy Toropov, working with Tipping Point’s Zero Day Initiative. CVE-2013-0003 has a 9.3 CVSS base score and was discovered and privately reported by Vitaliy Toropov, working with Tipping Point’s Zero Day Initiative. CVE-2013-0004 has a 9.3 CVSS base score and was discovered and privately reported by James Forshaw of Context Information Security.

Affected softwares are:

Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for 64-bit Systems
Windows Server 2012
Windows RT

MS13-005 – Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege

MS13-005 security update, classified as Important, allowing elevation of privilege, is fixing one privately reported vulnerability. CVE-2013-0008 has a 6.9 CVSS base score and was discovered and privately reported by an unknown security researcher.

Affected softwares are:

Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for 64-bit Systems
Windows Server 2012
Windows RT

MS13-006 – Vulnerability in Microsoft Windows Could Allow Security Feature Bypass

MS13-006 security update, classified as Important, allowing security feature bypass, is fixing one privately reported vulnerability. CVE-2013-0013 has a 5.8 CVSS base score and was discovered and privately reported by Kenichiro Katayama.

Affected softwares are:

Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for 64-bit Systems
Windows Server 2012
Windows RT

MS13-007- Vulnerability in Open Data Protocol Could Allow Denial of Service

MS13-007 security update, classified as Important, allowing denial of service, is fixing one privately reported vulnerability. CVE-2013-0005 has a 7.8 CVSS base score and was discovered and privately reported by an anonymous security researcher.

Affected softwares are:

Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for 64-bit Systems
Windows Server 2012