Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

January 2013 Patch Tuesday: Patches, but none for the IE 0day!

January 8, 2013

  • Blog
  • Archive
Happy New Year! Starting off 2013, we’ve got a critical vulnerability within the Windows Print Spooler, and we’re still seeing bugs surface in widely used software like MSXML, the .NET framework, and SSL/TLS. January’s Patch Tuesday greets us with seven patches, addressing 12 vulnerabilities across a spectrum of Microsoft software. Two of these bulletins are rated critical, while the rest are rated important. The first of the critical bulletins, MS13-001, addresses a critical remote code execution vulnerability in the Windows Print Spooler, which manages printing tasks that are sent to the system. According to preliminary details it appears an attacker would need to queue a specially crafted print job to a shared printer, once that print job was queued then an attacker would potentially be able to compromise systems that enumerate the shared printer queue. The catch, according to Microsoft, is that by default Windows itself does not enumerate shared printer queues in a vulnerable way but third-party printer management software does in some cases. In Microsoft’s bulletin, they say the only mitigating factor is firewalling or disabling the printer service. However, given the extra requirements, it seems harder to exploit than the bulletin would let on. This would normally be considered a wormable vulnerability; however, the default Windows drivers do provide access to the vulnerable functionality, so it would require 3rd party software, such as manufacturers’ drivers, to open the attack vector for this vulnerability. Even though it is not wormable, it is still a critical vulnerability, so if you’re managing Windows 7 or Server 2008 R2 systems (including server core), make sure to get this patch rolled out as soon as possible. Next, MS13-002 patches some holes in MSXML 3.0, 4.0, 5.0, and 6.0. MSXML is a core processing utility that can be used to process XML data and is included with all versions of Windows, in addition to being bundled with other software, such as Microsoft Office 2003 & 2007, SharePoint Server 2007, Groove Server 2007, and Expression Web. The two vulnerabilities patched in this bulletin can be used by attackers to execute code when certain XML data is processed by an application utilizing MSXML services. Because this affects so many different pieces of software, including all supported versions of Windows, this is another patch that is incredibly important to get deployed as soon as possible. A good Patch Tuesday isn’t complete without a little .NET action, so Microsoft has provided just that with MS13-004. This bulletin patches vulnerabilities affecting every supported version of .NET, with the exception of .NET 3.5 SP1. Three of the four vulnerabilities addressed in this bulletin allow attackers to raise their privileges to being able to execute code on the vulnerable system just as if the attacker were a legitimate user on that machine. Other bulletins of note include MS13-005, which addresses an issue with how the Windows kernel handles window broadcast messages. While this does not grant direct code execution, it may be useful as the first step of a multi-stage attack that attackers would use to increase their privileges to kernel level. The other bulletin of note, MS13-006, addresses a security feature bypass affecting SSL/TLS in Windows. This could be used by attackers to perform man-in-the-middle attacks and lower the SSL version to a level that supports cyphers that could be cracked. Lastly for this month’s patches, MS13-003 addresses a couple of cross-site scripting vulnerabilities within the System Center Operations Manager, and MS13-007 addresses a vulnerability in the Windows implementation of the Open Data Protocol, which could be used to cause a denial of service condition to IIS by resource exhaustion. This month marks the inclusion of six new vulnerabilities in Windows RT, addressed in MS13-002, MS13-004, MS13-005, and MS13-006. This is the third month since Windows RT started receiving updates and it has received security updates for each month during that time. This month’s Patch Tuesday comes just two days after a security researcher revealed how to run unsigned code on Windows RT. If you’ve been following the security news recently, you’ll no doubt have heard of the recently disclosed Internet Explorer zero day, CVE-2012-4792, that made its rounds this last month. Well, you’ll also note that this month does not include a fix for that vulnerability. While a Fix it does exist, no full patch has been released by Microsoft. Additionally, some researchers have claimed to bypass the Fix it. Because no patch currently exists, attackers will be having a heyday, since publicly available exploits exist to target this vulnerability. It only affects Internet Explorer versions 6 through 8, so if you are able to do so, upgrade to Internet Explorer 9 or 10 or use an alternate browser such as Chrome. So be sure to get those first two patches, MS13-001 and MS13-002, rolled out as soon as you can, as they are the most critical among this month’s collection. We hope you have a great start to your new year. VEF ATTENDEES: If you joined our January VEF and have an answer to our giveaway question, then you're in the right spot! Post your answer in the comments below! Most compelling answer wins a Kindle Fire!

Scott Lang, Sr. Director, Product Marketing at BeyondTrust

Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

A Zero Trust Approach to Secure Access

Webcasts

Rising CISOs: Ransomware, Cyber Extortion, Cloud Compromise, oh my!

Whitepapers

A Zero Trust Approach to Windows & Mac Endpoint Security

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.