Microsoft Security Bulletin: March 2013 Release

  • Article

7801_7103_securitybulletin_thumb_32407BF9_thumb_546E6F52

This month is pretty busy in the updates arena so make sure you check out the details below. Plus this month there is an update for IE 10 to fully support flash as reported on the IE blog earlier this week. And if you have a Surface RT device there is another firmware update as well.

MS13-021 - Cumulative Security Update for Internet Explorer (2809289) This security update resolves eight privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Maximum Severity Rating - Critical
Vulnerability Impact - Remote Code Execution
Restart Requirement - Requires restart
Affected Software - Microsoft Windows, Internet Explorer

MS13-022 - Vulnerability in Silverlight Could Allow Remote Code Execution (2814124)

This security update resolves a privately reported vulnerability in Microsoft Silverlight. The vulnerability could allow remote code execution if an attacker hosts a website that contains a specially crafted Silverlight application that could exploit this vulnerability and then convinces a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. Such websites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit a website. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or in an Instant Messenger message that takes them to the attacker's website. It could also be possible to display specially crafted web content by using banner advertisements or by using other methods to deliver web content to affected systems.

Maximum Severity Rating - Critical
Vulnerability Impact - Remote Code Execution
Restart Requirement - Requires restart
Affected Software - Microsoft Silverlight

MS13-023 - Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2801261) This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Maximum Severity Rating - Critical
Vulnerability Impact - Remote Code Execution
Restart Requirement - Requires restart
Affected Software – Microsoft Office

MS13-024 - Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2780176) This security update resolves four privately reported vulnerabilities in Microsoft SharePoint and Microsoft SharePoint Foundation. The most severe vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes the user to a targeted SharePoint site.

Maximum Severity Rating - Critical
Vulnerability Impact - Remote Code Execution
Restart Requirement - Requires restart
Affected Software – Microsoft Office, Microsoft Server Software

MS13-025 - Vulnerability in Microsoft OneNote Could Allow Information Disclosure (2816264) This security update resolves a privately reported vulnerability in Microsoft OneNote. The vulnerability could allow information disclosure if an attacker convinces a user to open a specially crafted OneNote file.

Maximum Severity Rating - Important
Vulnerability Impact - Information Disclosure
Restart Requirement - May require restart
Affected Software - Microsoft Office

MS13-026 - Vulnerability in Office Outlook for Mac Could Allow Information Disclosure (2813682) This security update resolves one privately reported vulnerability in Microsoft Office for Mac. The vulnerability could allow information disclosure if a user opens a specially crafted email message.

Maximum Severity Rating - Important
Vulnerability Impact - Information Disclosure
Restart Requirement - Does not require restart
Affected Software - Microsoft Office

MS13-027 - Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2807986) This security update resolves three privately reported vulnerabilities in Microsoft Windows. These vulnerabilities could allow elevation of privilege if an attacker gains access to a system.

Maximum Severity Rating - Important
Vulnerability Impact - Elevation of Privilege
Restart Requirement - Requires restart
Affected Software - Microsoft Windows

Get Patching!

Jeffa

Technorati Tags: Updating,Patching,WSUS

 

Digg This