Beyondtrust

BeyondTrust Patch Tuesday

March 12, 2013

Microsoft Patch Tuesday

This month, Microsoft released seven patches that repair a total of 20 vulnerabilities. Of these vulnerabilities, there were 11 remote code execution vulnerabilities, six elevation of privilege vulnerabilities, three information disclosure vulnerabilities, and one denial of service vulnerability.

Administrators are advised to patch MS13-021, MS13-022, MS13-023, and MS13-024 immediately to prevent exploitation by attackers. Next, administrators should patch MS13-025, MS13-026, and MS13-027 as soon as possible.

  • Web Event: Vulnerability Expert Forum (VEF)
  • Presenters: The BeyondTrust Research Team
  • Date/Time: Wednesday, Mar. 13, 2013
    1pm PT/ 4pm ET

BULLETIN / ADVISORY DETAILS

MS13-021

Cumulative Security Update for Internet Explorer (2809289)


Microsoft Rating:

Critical

CVE List:

CVE-2013-0087, CVE-2013-0088, CVE-2013-0089, CVE-2013-0090, CVE-2013-0091, CVE-2013-0092, CVE-2013-0093, CVE-2013-0094, and CVE-2013-1288

 

Analysis:

This bulletin addresses nine remote code execution vulnerabilities Internet Explorer, of which eight were privately disclosed and one was publicly disclosed. The patch fixes use after free vulnerabilities that occur when handling in-memory objects. An attacker that successfully exploited these vulnerabilities would gain user level access to the target machine.

 

Recommendation:

Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, block ActiveX controls and block/disable Active Scripting in both Internet and Local intranet zones.

 

MS13-022

Vulnerability in Silverlight Could Allow Remote Code Execution (2814124)


Microsoft Rating:

Critical

CVE:

CVE-2013-0074

 

Analysis:

This bulletin addresses a privately reported remote code execution vulnerability in Silverlight. The patch fixes a double dereference vulnerability that occurs when Silverlight incorrectly evaluates a pointer in memory, while rendering an HTML object. An attacker that successfully exploited this vulnerability would gain user level access to the target machine.

 

Recommendation:

Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, block the Silverlight ActiveX control from executing within Internet Explorer, Firefox, and Chrome.

 

MS13-023

Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2801261)


Microsoft Rating:

Critical

CVE:

CVE-2013-0079

 

Analysis:

This bulletin addresses a privately reported remote code execution vulnerability in Visio Viewer 2010. The patch fixes an object type confusion vulnerability that occurs when parsing tree objects within Visio files. An attacker that successfully exploited this vulnerability would gain user level access to the target machine.

 

Recommendation:

Install the patch immediately to prevent exploitation by attackers. Until the patch can be installed, block ActiveX controls and block/disable Active Scripting in both Internet and Local intranet zones.

 

MS13-024

Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2780176)


Microsoft Rating:

Critical

CVE List:

CVE-2013-0080, CVE-2013-0083, CVE-2013-0084, and CVE-2013-0085

 

Analysis:

This bulletin addresses three elevation of privilege vulnerabilities and one denial of service vulnerability in SharePoint Server 2010 SP1 and SharePoint Server Foundation 2010 SP1, all of which were reported privately. The patch fixes multiple vulnerabilities that occur in a variety of situations, including viewing a specially crafted webpage and using a specially crafted URL. An attacker that successfully exploited these vulnerabilities would be able to impersonate SharePoint users and perform actions on the SharePoint server on their behalf, or cause a denial of service, rendering a SharePoint site inoperable.

 

Recommendation:

Install the patch immediately to prevent exploitation by attackers; no mitigation is available.

 

MS13-025

Vulnerability in Microsoft OneNote Could Allow Information Disclosure (2816264)


Microsoft Rating:

Important

CVE:

CVE-2013-0086

 

Analysis:

This bulletin addresses a privately reported information disclosure vulnerability in OneNote 2010 SP1. The patch fixes a memory corruption vulnerability that occurs when a user opens a specially crafted OneNote file. An attacker that successfully exploited this vulnerability would gain access to sensitive data stored in memory, possibly allowing the attacker to discover the credentials for accounts present on the target machine.

 

Recommendation:

Deploy patches as soon as possible; no mitigation is available.

 

MS13-026

Vulnerability in Office Outlook for Mac Could Allow Information Disclosure (2813682)


Microsoft Rating:

Important

CVE:

CVE-2013-0095

 

Analysis:

This bulletin addresses a privately reported information disclosure vulnerability in Outlook 2008 for Mac and Outlook 2011 for Mac. The patch fixes an unintended content loading vulnerability that occurs when loading specific HTML5 content tags in an email. An attacker that successfully exploited this vulnerability would know that the email address that they sent a specially crafted message to is a valid address, and that the target user read the email.

 

Recommendation:

Deploy patches as soon as possible; no mitigation is available.

 

MS13-027

Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2807986)


Microsoft Rating:

Important

CVE List:

CVE-2013-1285, CVE-2013-1286, and CVE-2013-1287

 

Analysis:

This bulletin addresses three privately reported elevation of privilege vulnerabilities in Windows XP SP3 through Windows Server 2012 (except for Windows RT). The patch fixes memory corruption vulnerabilities that occur when an attacker inserts a maliciously crafted USB device. A physically-local attacker that successfully exploited this vulnerability would gain kernel level access to the target machine.

 

Recommendation:

Deploy patches as soon as possible. Until the patch can be installed, disable the ability for users to connect USB devices that have already been installed, as well as USB devices that have not been installed on the system.

 

Feedback

The BeyondTrust staff welcomes any comments, questions or suggestions from our readers. We hope that you will not hesitate to contact us with any feedback you may have. Send all feedback to communications@beyondtrust.com.

Disclaimer

The information within this advisory may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.

Notice

Permission is hereby granted for the redistribution of this newsletter electronically. It is not to be edited in any way without the express consent of BeyondTrust. If you wish to reprint the whole or any part of this newsletter in any other medium excluding electronic medium, please email communications@beyondtrust.com for permission.