Microsoft Security Bulletins for February 2013

by Carol~ Moderator - 2/12/13 11:04 AM

Microsoft Security Bulletin Summary for February 2013

Published : February 12, 2013

Microsoft released 12 new security updates today, as part of their routine monthly security update cycle. As indicated below, Five (5) are identified as Critical and Seven (7) as Important.

The February bulletins address 57 vulnerabilities in Microsoft Windows, Office, Internet Explorer, Exchange and .NET Framework..

Microsoft also released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Critical: 5

MS13-009 - Cumulative Security Update for Internet Explorer (2792100)
MS13-010 - Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2797052)
MS13-011 - Vulnerability in Media Decompression Could Allow Remote Code Execution (2780091)
MS13-012 - Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2809279)
MS13-020 - Vulnerability in OLE Automation Could Allow Remote Code Execution (2802968)

Important: 7

MS13-013 - Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2784242)
MS13-014 - Vulnerability in NFS Server Could Allow Denial of Service (2790978)
MS13-015 - Vulnerability in .NET Framework Could Allow Elevation of Privilege (2800277)
MS13-016 - Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778344)
MS13-017 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2799494)
MS13-018 - Vulnerability in TCP/IP Could Allow Denial of Service (2790655)
MS13-019 - Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2790113)

Security Bulletin : http://technet.microsoft.com/en-us/security/bulletin/ms13-feb

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

For those who need to prioritize deployment, Microsoft recommends focusing on MS13-009, MS13-010 and MS13-020 first:

MS13-009 (Microsoft Internet Explorer)

This security update resolves thirteen issues in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same rights as the current owner. The issues were privately disclosed and we have not detected any attacks or customer impact.

MS13-010 (Vector Markup Language)

This security update resolves an issue in the Microsoft implementation of Vector Markup Language (VML). The vulnerability could allow remote code execution if a user viewed a specially crafted webpage using Internet Explorer. This issue was privately reported and we have not detected any attacks or customer impact.

MS13-020 (Microsoft Windows)

This security update resolves an issue in Microsoft Windows Object Linking and Embedding (OLE) Automation. The vulnerability could allow remote code execution if a user opens a specially crafted file. An attacker who successfully exploited the vulnerability could gain the same rights as the current owner. This issue was privately reported and we have not detected any attacks or customer impact.

See: Baseball, Bulletins and the February 2013 Release