Microsoft Patch Tuesday – March 2013

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing seven bulletins covering a total of 20 vulnerabilities. Twelve of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the March releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Mar

The following is a breakdown of the issues being addressed this month:

  1. MS13-021 Cumulative Security Update for Internet Explorer

    Internet Explorer OnResize Use After Free Vulnerability (CVE-2013-0087) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer saveHistory Use After Free Vulnerability (CVE-2013-0088) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer CMarkupBehaviorContext Use After Free Vulnerability (CVE-2013-0089) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer CCaret Use After Free Vulnerability (CVE-2013-0090) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer CElement Use After Free Vulnerability (CVE-2013-0091) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer GetMarkupPtr Use After Free Vulnerability (CVE-2013-0092) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer onBeforeCopy Use After Free Vulnerability (CVE-2013-0093) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer removeChild Use After Free Vulnerability (CVE-2013-0094) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer CTreeNode Use After Free Vulnerability (CVE-2013-1288) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

  2. MS13-022 Critical Vulnerability in Silverlight Could Allow Remote Code Execution

    Silverlight Double Deference Vulnerability (CVE-2013-0074) MS Rating: Critical

    A remote code execution vulnerability exists in Microsoft Silverlight that can allow a specially crafted Silverlight application to access memory in an unsafe manner. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the current user. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  3. MS13-023 Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution

    Visio Viewer Tree Object Type Confusion Vulnerability (CVE-2013-0079) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Microsoft Visio Viewer handles memory when rendering specially crafted Visio files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

  4. MS13-024 Vulnerabilities in SharePoint Could Allow Elevation of Privilege

    Callback Function Vulnerability (CVE-2013-0080) MS Rating: Important

    An elevation of privilege vulnerability exists in Microsoft SharePoint Server. An attacker who successfully exploited this vulnerability could allow an attacker to elevate their access to the server after obtaining sensitive system data.

    SharePoint XSS Vulnerability (CVE-2013-0083) MS Rating: Critical

    An elevation of privilege vulnerability exists in Microsoft SharePoint Server. An attacker who successfully exploited this vulnerability could potentially issue SharePoint commands in the context of an administrative user on the site.

    SharePoint Directory Traversal Vulnerability (CVE-2013-0084) MS Rating: Important

    An elevation of privilege vulnerability exists in Microsoft SharePoint Server. An attacker who successfully exploited this vulnerability could allow an attacker to elevate their access to the server after obtaining sensitive system data.

    Buffer Overflow Vulnerability (CVE-2013-0085) MS Rating: Moderate

    A denial of service vulnerability exists in Microsoft SharePoint Server. An attacker who successfully exploited this vulnerability could cause the W3WP process on an affected version of SharePoint Server to terminate, causing the SharePoint site, and any other sites running under that process, to become unavailable until the process is restarted.

  5. MS13-025 Vulnerability in Microsoft OneNote Could Allow Information Disclosure

    Buffer Size Validation Vulnerability (CVE-2013-0086) MS Rating: Important

    An information disclosure vulnerability exists in the way that Microsoft OneNote allocates memory from parsing a specially crafted OneNote (.ONE) file.

  6. MS13-026 Vulnerability in Office Outlook for Mac Could Allow Information Disclosure

    Unintended Content Loading Vulnerability (CVE- 2013-0095) MS Rating: Important

    An information disclosure vulnerability exists in the way that Microsoft Outlook for Mac 2008 and Microsoft Outlook for Mac 2011 load specific content tags in an HTML5 email message.

  7. MS13-027 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege

    Windows USB Descriptor Vulnerability (CVE-2013-1285) MS Rating: Important

    An elevation of privilege vulnerability exists when Windows USB drivers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs, view, change, or delete data, or create new accounts with full administrative rights.

    Windows USB Descriptor Vulnerability (CVE-2013-1287) MS Rating: Important

    An elevation of privilege vulnerability exists when Windows USB drivers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs, view, change, or delete data, or create new accounts with full administrative rights.

    Windows USB Descriptor Vulnerability (CVE-2013-1286) MS Rating: Important

    An elevation of privilege vulnerability exists when Windows USB drivers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs, view, change, or delete data, or create new accounts with full administrative rights.

More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.