BeyondTrust Patch Tuesday
January 08, 2013
Microsoft Patch Tuesday
This month, Microsoft released seven patches that repair a total of 12 vulnerabilities. Of these vulnerabilities, there were three remote code execution vulnerabilities, four elevation of privilege vulnerabilities, two elevation of privilege via cross-site-scripting vulnerabilities, one denial of service vulnerability, one information disclosure vulnerability, and one security bypass vulnerability.
Administrators are advised to patch MS13-001 and MS12-002 immediately to prevent exploitation by attackers. Lastly, administrators should patch MS13-003, MS13-004, MS13-005, MS13-006, and MS13-007 as soon as possible.
- Web Event: Vulnerability Expert Forum - January 2013
- Presenters: BeyondTrust Research Team
- Date/Time: January 9, 2013 at 1:00 PM - 2:00 PM PST
BULLETIN / ADVISORY DETAILS
MS13-001
Vulnerability in Windows Print Spooler Components Could Allow Remote Code Execution (2769369)
Microsoft Rating:
CVE:
CVE-2013-0011
Analysis:
This bulletin addresses a privately reported remote code execution vulnerability in Windows Print Spooler Components. The patch fixes a vulnerability that occurs when the Windows Print Spooler fails to properly handle a malicious print job. A remote unauthenticated attacker that successfully exploited this vulnerability would gain system level access to the target machine.
Recommendation:
Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, prevent the Print Spooler service from running.
MS13-002
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (2756145)
Microsoft Rating:
CVE List:
CVE-2013-0006 and CVE-2013-0007
Analysis:
This bulletin addresses two privately reported remote code execution vulnerabilities in Microsoft XML Core Services. The patch fixes an integer truncation vulnerability and an XSLT parsing vulnerability that occur when parsing specially crafted XML data. An attacker that successfully exploited this vulnerability would gain user level access to the target machine.
Recommendation:
Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, block access to msxml3.dll and msxml6.dll, block ActiveX controls and block/disable Active Scripting in both Internet and Local intranet zones, and block the MSXML 5.0 ActiveX control from running in Internet Explorer.
MS13-003
Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege (2748552)
Microsoft Rating:
CVE List:
CVE-2013-0009 and CVE-2013-0010
Analysis:
This bulletin addresses two privately reported elevation of privilege vulnerabilities in System Center Operations Manager. The patch fixes two cross-site scripting vulnerabilities that occur when improperly validating input. An attacker that successfully exploited this vulnerability would gain the ability to execute script code in the client's browser.
Recommendation:
Deploy patches as soon as possible. Until the patch can be installed, enable the XSS filter in Internet Explorer (available in versions 8 and higher).
MS13-004
Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2769324)
Microsoft Rating:
CVE List:
CVE-2013-0001, CVE-2013-0002, CVE-2013-0003, and CVE-2013-0004
Analysis:
This bulletin addresses four privately reported vulnerabilities in the .NET Framework: three elevation of privilege vulnerabilities and one information disclosure vulnerability. The patch fixes various issues with how the program state is corrupted when manipulating memory arrays. An attacker that successfully exploited this vulnerability would gain user level access to the target machine.
Recommendation:
Deploy patches as soon as possible. Until the patch can be installed, block XAML browser applications from running in Internet Explorer. Note that no workaround currently exists for the information disclosure vulnerability, CVE-2013-0001.
MS13-005
Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778930)
Microsoft Rating:
CVE:
CVE-2013-0008
Analysis:
This bulletin addresses a privately reported elevation of privilege vulnerability in the Windows kernel. The patch fixes how the kernel handles window broadcast messages. A local attacker that successfully exploited this vulnerability would gain the ability to execute code in a higher Integrity Level process on the target machine.
Recommendation:
Deploy patches as soon as possible; no mitigation is available.
MS13-006
Vulnerability in Microsoft Windows Could Allow Security Feature Bypass (2785220)
Microsoft Rating:
CVE:
CVE-2013-0013
Analysis:
This bulletin addresses a privately reported security bypass in Windows. The patch fixes a vulnerability that could allow attackers to downgrade an SSLv3 session to an SSLv2 session, which supports cyphers that can be cracked. A man-in-the-middle attacker that successfully exploited this vulnerability would then be able to crack the SSLv2 cypher that was used, allowing them to intercept and manipulate data within that downgraded SSLv2 session.
Recommendation:
Deploy patches as soon as possible. Until the patch can be installed, prevent both Internet Explorer and Internet Information Services from using SSLv2.
MS13-007
Vulnerability in Open Data Protocol Could Allow Denial of Service (2769327)
Microsoft Rating:
CVE:
CVE-2013-0005
Analysis:
This bulletin addresses a privately reported denial of service vulnerability in the Open Data Protocol. The patch fixes the way that the WCF Replace function sanitizes certain values. An attacker that successfully exploited this vulnerability would be able to cause a denial of service by resource exhaustion.
Recommendation:
Deploy patches as soon as possible. Until the patch can be installed, prevent OData Web Application ports from being exposed beyond the perimeter firewall and require that clients connecting to IIS first be authenticated.
Feedback
The BeyondTrust staff welcomes any comments, questions or suggestions from our readers. We hope that you will not hesitate to contact us with any feedback you may have. Send all feedback to communications@beyondtrust.com.
Disclaimer
The information within this advisory may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.
Notice
Permission is hereby granted for the redistribution of this newsletter electronically. It is not to be edited in any way without the express consent of BeyondTrust. If you wish to reprint the whole or any part of this newsletter in any other medium excluding electronic medium, please email communications@beyondtrust.com for permission.