Microsoft Patch Tuesday – April 2013

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing nine bulletins covering a total of 14 vulnerabilities. Four of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the April releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Apr

The following is a breakdown of the issues being addressed this month:

  1. MS13-028 Cumulative Security Update for Internet Explorer (2817183)

    Internet Explorer Use After Free Vulnerability (CVE-2013-1303) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Use After Free Vulnerability (CVE-2013-1304) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

  2. MS13-029 Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2828223)

    RDP ActiveX Control Remote Code Execution Vulnerability (CVE-2013-1296) MS Rating: Critical

    A remote code execution vulnerability exists when the Remote Desktop ActiveX control, mstscax.dll, attempts to access an object in memory that has been deleted. An attacker could exploit the vulnerability by convincing the user to visit a specially crafted webpage. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

  3. MS13-036 Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege (2829996)

    Win32k Font Parsing Vulnerability (CVE-2013-1291) MS Rating: Moderate

    A denial of service vulnerability exists when Windows fails to handle a specially crafted font file. The vulnerability could cause the computer to stop responding and restart.

    Win32k Race Condition Vulnerability (CVE-2013-1283) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Race Condition Vulnerability (CVE-2013-1292) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and read arbitrary amounts of kernel memory.

    NTFS NULL Pointer Dereference Vulnerability (CVE-2013-1293) MS Rating: Moderate

    An elevation of privilege vulnerability exists when the NTFS kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs, view, change, or delete data, or create new accounts with full administrative rights.

  4. MS13-031 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2813170)

    Kernel Race Condition Vulnerability (CVE-2013-1294) MS Rating: Critical

    An elevation of privilege vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and read arbitrary amounts of kernel memory.

    Kernel Race Condition Vulnerability (CVE-2013-1284) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and read arbitrary amounts of kernel memory.

  5. MS13-032 Vulnerability in Active Directory Could Lead to Denial of Service (2830914)

    Memory Consumption Vulnerability (CVE-2013-1282) MS Rating: Important

    A denial of service vulnerability exists in implementations of Active Directory that could cause the service to stop responding. The vulnerability is caused when the LDAP service fails to handle a specially crafted query.

  6. MS13-033 Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2820917)

    CSRSS Memory Corruption Vulnerability (CVE-2013-1295) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows CSRSS improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the local system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.

  7. MS13-034 Vulnerability in Microsoft Antimalware Client Could Allow Elevation of Privilege (2823482)

    Microsoft Antimalware Improper Pathname Vulnerability (CVE-2013-0078) MS Rating: Important

    This is an elevation of privilege vulnerability. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take complete control of the system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. An attacker must have valid logon credentials to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.

  8. MS13-035 Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2821818)

    HTML Sanitization Vulnerability (CVE-2013-1289) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that HTML strings are sanitized. An attacker who successfully exploited this vulnerability could perform cross-site scripting attacks on affected systems and run script in the security context of the current user.

  9. MS13-030 Vulnerability in SharePoint Could Allow Information Disclosure (2827663)

    Incorrect Access Rights Information Disclosure Vulnerability (CVE-2013-1290) MS Rating: Important

    An information disclosure vulnerability exists in the way that SharePoint Server enforces access controls on specific SharePoint Lists.

More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.