Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

April 2013 Patch Tuesday

April 9, 2013

  • Blog
  • Archive
Patch Tuesday is here again, and April's collection of patches will fix vulnerabilities across various pieces of Microsoft operating systems and software. This includes Internet Explorer, the Remote Desktop Client, SharePoint, the Windows kernel (and some kernel-mode drivers), Active Directory, the Windows Client/Server Run-time Subsystem (CSRSS), Microsoft Antimalware Client, and an HTML sanitization component in various products like Office and Microsoft server software. In total, there are nine bulletins (2 critical and 7 important), which fix 14 vulnerabilities. While Internet Explorer did get patched this month (MS13-028), it did not receive a fix for the recently disclosed zero-day. Instead, the patch addresses two use after free vulnerabilities that both affect every supported version of Internet Explorer (versions 6 through 10). Attackers will be looking into how to exploit these two vulnerabilities, since attackers can target multiple versions of Internet Explorer through the use of only a couple vulnerabilities, so it is important to deploy this patch as soon as possible. In addition to the Internet Explorer patch, there is a fix provided for a vulnerability within the Microsoft Remote Desktop client (MS13-029). This patch fixes a use after free vulnerability that exists within the Remote Desktop client ActiveX control, mstscax.dll. Attackers can exploit this vulnerability by luring victims to attacker-controlled websites hosting malicious ActiveX controls. When viewed, the vulnerability would be exploited, granting attackers the ability to execute arbitrary code in the context of the user. Therefore, it is very important to get this patch rolled out as soon as possible. Three patches this month focus on patching server software. MS13-030 fixes an information disclosure vulnerability affecting only the latest version of SharePoint Server, 2013. Attackers that exploit this vulnerability will be able to access SharePoint list items that would normally not be accessible to them. This vulnerability has been publicly disclosed, but it has not been seen exploited in the wild at the time of patch release. MS13-032 addresses a denial of service vulnerability in Active Directory, which affects every supported version of Windows, with the exception of Itanium-based Server 2008/2008 R2 installations and Windows RT. Attackers could send a malicious LDAP query that would exploit this vulnerability, exhausting the system's memory, causing a denial of service. MS13-035 fixes an issue within the HTML Sanitization component found in various software packages like Microsoft InfoPath, SharePoint Server, Groove Server, SharePoint Foundation, and Office Web Apps. An attacker that successfully exploited this vulnerability would be able to execute scripts in a context that is not normally permitted, allowing the attacker to read restricted data or perform unauthorized actions on behalf of logged on users that opened links sent by the attacker. While this vulnerability was not publicly disclosed, it has been reportedly used in the wild in targeted attacks. Four patches in this month's collection address elevation of privilege vulnerabilities in various pieces of software. MS13-034 addresses an issue within Microsoft Antimalware Client, which grants an elevation of privilege to LocalSystem for locally authenticated attackers exploiting the vulnerability. It's noteworthy that MS13-034 addresses an issue that only exists within Windows Defender for Windows 8 and Windows RT, while Windows Defender for all other versions of Windows is unaffected. MS13-031 fixes two race condition vulnerabilities, affecting every supported version of Windows, which could be exploited by locally authenticated attackers to read arbitrary amounts of memory in the kernel. MS13-033 provides a fix for a memory corruption vulnerability in the Windows Client/Server Run-time Subsystem (CSRSS), affecting Windows XP, Server 2003, Vista, and Server 2008. For most systems, exploitation of this vulnerability would lead to a denial of service condition until the system is restarted, but for XP 64-bit and Server 2003, attackers could leverage the vulnerability to elevate their privileges to LocalSystem. This bug is less likely to see interest from attackers in the near future. Lastly, MS13-036 fixes four vulnerabilities in a kernel-mode driver; one vulnerability, CVE-2013-1293, has been publicly disclosed. One vulnerability within this bulletin, CVE-2013-1283, affects every supported version of Windows. With any of these privilege elevation vulnerabilities fixed in these bulletins, they become particularly potent when combined with a browser-based exploit, such as one targeting MS13-028 or MS13-029. With such an exploit combination, attackers can go from no code execution on a system to complete system compromise with just two exploits, so it is important to get these patches rolled out. So be sure to get MS13-028 and MS13-029 patched as soon as possible, followed by the rest of the patches right after that. Also, be sure to join us for the Vulnerability Expert Forum tomorrow, Wednesday, April 10 at 1pm PT, where we cover these patches, as well as other security news. Sign up here. Update 4-11-13: Microsoft has released a support article stating that after installing MS13-036 on Windows 7 systems, some users are unable to recover from restarts and some applications will not load. It is recommended that users uninstall KB2823324 from MS13-036 until further notice. Update 4-23-13: Microsoft has released KB2840149 to replace KB2823324. MS13-036 has the updated patch.

Scott Lang, Sr. Director, Product Marketing at BeyondTrust

Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

A Zero Trust Approach to Secure Access

Webcasts

Rising CISOs: Ransomware, Cyber Extortion, Cloud Compromise, oh my!

Whitepapers

A Zero Trust Approach to Windows & Mac Endpoint Security

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.