Microsoft Patch Tuesday – February 2013

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing 12 bulletins covering a total of 57 vulnerabilities. Eighteen of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the February releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Feb

The following is a breakdown of the issues being addressed this month:

  1. MS13-009 Cumulative Security Update for Internet Explorer

    Shift JIS Character Encoding Vulnerability (CVE-2013-0015) MS Rating: Critical

    An information disclosure vulnerability exists in Internet Explorer that could allow an attacker to gain access to information in another domain or Internet Explorer zone. An attacker could exploit the vulnerability by constructing a specially crafted webpage that could allow for an information disclosure if a user viewed the webpage.

    Internet Explorer SetCapture Use After Free Vulnerability (CVE-2013-0018) MS Rating: Critical

    Remote code execution vulnerabilities exist in the way that Internet Explorer accesses an object in memory that has been deleted. These vulnerabilities may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer COmWindowProxy Use After Free Vulnerability (CVE-2013-0019) MS Rating: Critical

    Remote code execution vulnerabilities exist in the way that Internet Explorer accesses an object in memory that has been deleted. These vulnerabilities may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer CMarkup Use After Free Vulnerability (CVE-2013-0020) MS Rating: Critical

    Remote code execution vulnerabilities exist in the way that Internet Explorer accesses an object in memory that has been deleted. These vulnerabilities may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer vtable Use After Free Vulnerability (CVE-2013-0021) MS Rating: Critical

    Remote code execution vulnerabilities exist in the way that Internet Explorer accesses an object in memory that has been deleted. These vulnerabilities may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer LsGetTrailInfo Use After Free Vulnerability (CVE-2013-0022) MS Rating: Critical

    Remote code execution vulnerabilities exist in the way that Internet Explorer accesses an object in memory that has been deleted. These vulnerabilities may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer CDispNode Use After Free Vulnerability (CVE-2013-0023) MS Rating: Critical

    Remote code execution vulnerabilities exist in the way that Internet Explorer accesses an object in memory that has been deleted. These vulnerabilities may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer pasteHTML Use After Free Vulnerability (CVE-2013-0024) MS Rating: Critical

    Remote code execution vulnerabilities exist in the way that Internet Explorer accesses an object in memory that has been deleted. These vulnerabilities may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer SLayoutRun Use After Free Vulnerability (CVE-2013-0025) MS Rating: Critical

    Remote code execution vulnerabilities exist in the way that Internet Explorer accesses an object in memory that has been deleted. These vulnerabilities may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer InsertElement Use After Free Vulnerability (CVE-2013-0026) MS Rating: Critical

    Remote code execution vulnerabilities exist in the way that Internet Explorer accesses an object in memory that has been deleted. These vulnerabilities may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer CPasteCommand Use After Free Vulnerability (CVE-2013-0027) MS Rating: Critical

    Remote code execution vulnerabilities exist in the way that Internet Explorer accesses an object in memory that has been deleted. These vulnerabilities may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer CObjectElement Use After Free Vulnerability (CVE-2013-0028) MS Rating: Critical

    Remote code execution vulnerabilities exist in the way that Internet Explorer accesses an object in memory that has been deleted. These vulnerabilities may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer CHTML Use After Free Vulnerability (CVE-2013-0029) MS Rating: Critical

    Remote code execution vulnerabilities exist in the way that Internet Explorer accesses an object in memory that has been deleted. These vulnerabilities may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

  2. MS13-010 Vulnerability in Vector Markup Language Could Allow Remote Code Execution

    VML Memory Corruption Vulnerability (CVE-2013-0030) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer handles objects in memory. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote code execution.

  3. MS13-011 Vulnerability in Media Decompression Could Allow Remote Code Execution

    Media Decompression Vulnerability (CVE-2013-0077) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Microsoft Windows handles media content. The vulnerability could allow remote code execution if a user opens a specially crafted media file (such as .MPG) or receives specially crafted streaming content.

  4. MS13-012 Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution

    Oracle Outside In Contains Multiple Exploitable Vulnerabilities (CVE-2013-0393) MS Rating: Important

    A vulnerability exists in Microsoft Exchange Server through the WebReady Document Viewing feature. The vulnerability could cause the affected Exchange Server to become unresponsive if a user views a specially crafted file through Outlook Web Access in a browser.

    Oracle Outside In Contains Multiple Exploitable Vulnerabilities (CVE-2013-0418) MS Rating: Critical

    A vulnerability exists in Microsoft Exchange Server through the WebReady Document Viewing feature. The vulnerability could allow remote code execution as the LocalService account if a user views a specially crafted file through Outlook Web Access in a browser.

  5. MS13-013 Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution

    Oracle Outside In contains multiple exploitable vulnerabilities (CVE-2012-3214) MS Rating: Important

    Remote code execution vulnerabilities exist in FAST Search Server 2010 for SharePoint with the Advanced Filter Pack enabled. An attacker who succesfully exploited these vulnerabilities could run arbitrary code in the context of a user account with a restricted token. By default, Advanced Filter Pack in FAST is disabled.

    Oracle Outside In contains multiple exploitable vulnerabilities (CVE-2012-3217) MS Rating: Important

    Remote code execution vulnerabilities exist in FAST Search Server 2010 for SharePoint with the Advanced Filter Pack enabled. An attacker who succesfully exploited these vulnerabilities could run arbitrary code in the context of a user account with a restricted token. By default, Advanced Filter Pack in FAST is disabled.

  6. MS13-014 Vulnerability in NFS Server Could Allow Denial of Service

    NULL Dereference Vulnerability (CVE-2013-1281) MS Rating: Important

    A denial of service vulnerability exists when the Windows NFS server fails to properly handle a file operation on a read-only share. An attacker who successfully exploited this vulnerability could cause the affected system to stop responding and restart.

  7. MS13-015 Vulnerability in .NET Framework Could Allow Elevation of Privilege

    WinForms Callback Elevation Vulnerability (CVE-2013-0073) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that the .NET Framework elevates the permissions of a callback function when a particular Windows Forms object is created. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

  8. MS13-016 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege

    Win32k Race Condition Vulnerabilities (CVE-2013-1248) MS Rating: Important

    Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Race Condition Vulnerabilities (CVE-2013-1249) MS Rating: Important

    Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Race Condition Vulnerabilities (CVE-2013-1250) MS Rating: Important

    Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Race Condition Vulnerabilities (CVE-2013-1251) MS Rating: Important

    Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Race Condition Vulnerabilities (CVE-2013-1252) MS Rating: Important

    Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Race Condition Vulnerabilities (CVE-2013-1253) MS Rating: Important

    Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Race Condition Vulnerabilities (CVE-2013-1254) MS Rating: Important

    Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Race Condition Vulnerabilities (CVE-2013-1255) MS Rating: Important

    Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Race Condition Vulnerabilities (CVE-2013-1256) MS Rating: Important

    Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Race Condition Vulnerabilities (CVE-2013-1257) MS Rating: Important

    Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Race Condition Vulnerabilities (CVE-2013-1258) MS Rating: Important

    Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Race Condition Vulnerabilities (CVE-2013-1259) MS Rating: Important

    Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Race Condition Vulnerabilities (CVE-2013-1260) MS Rating: Important

    Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Race Condition Vulnerabilities (CVE-2013-1261) MS Rating: Important

    Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Race Condition Vulnerabilities (CVE-2013-1262) MS Rating: Important

    Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Race Condition Vulnerabilities (CVE-2013-1263) MS Rating: Important

    Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Race Condition Vulnerabilities (CVE-2013-1264) MS Rating: Important

    Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Race Condition Vulnerabilities (CVE-2013-1265) MS Rating: Important

    Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Race Condition Vulnerabilities (CVE-2013-1266) MS Rating: Important

    Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Race Condition Vulnerabilities (CVE-2013-1267) MS Rating: Important

    Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Race Condition Vulnerabilities (CVE-2013-1268) MS Rating: Important

    Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Race Condition Vulnerabilities (CVE-2013-1269) MS Rating: Important

    Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Race Condition Vulnerabilities (CVE-2013-1270) MS Rating: Important

    Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Race Condition Vulnerabilities (CVE-2013-1271) MS Rating: Important

    Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Race Condition Vulnerabilities (CVE-2013-1272) MS Rating: Important

    Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Race Condition Vulnerabilities (CVE-2013-1273) MS Rating: Important

    Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Race Condition Vulnerabilities (CVE-2013-1274) MS Rating: Important

    Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Race Condition Vulnerabilities (CVE-2013-1275) MS Rating: Important

    Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Race Condition Vulnerabilities (CVE-2013-1276) MS Rating: Critical

    Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Race Condition Vulnerabilities (CVE-2013-1277) MS Rating: Important

    Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges and read arbitrary amounts of kernel memory.

  9. MS13-017 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege

    Windows Kernel Reference Count Vulnerability (CVE-2013-1280) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

    Kernel Race Condition Vulnerability (CVE-2013-1278) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

    Kernel Race Condition Vulnerability (CVE-2013-1279) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

  10. MS13-018 Vulnerability in TCP/IP Could Allow Denial of Service

    TCP FIN WAIT Vulnerability (CVE-2013-0075) MS Rating: Important

    A denial of service vulnerability exists in the Windows TCP/IP stack that could cause the target system to stop responding and automatically restart. The vulnerability is caused when the TCP/IP stack improperly handles a connection termination sequence.

  11. MS13-019 Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege

    Reference Count Vulnerability (CVE-2013-0076) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows CSRSS improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the local system.

  12. MS13-020 Vulnerability in OLE Automation Could Allow Remote Code Execution

    OLE Automation Remote Code Execution Vulnerability (CVE-2013-1313) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Object Linking and Embedding (OLE) Automation allocates memory. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.