Microsoft Security Bulletin Summary for January 2013

Number: AV13-003
Date: 9 January 2013

Purpose

The purpose of this advisory is to bring attention to the monthly Microsoft Security Bulletin Summary for January. The summary covers 7 bulletins (2 Critical and 5 Important), which address multiple vulnerabilities in some Microsoft products.

Assessment

Microsoft has released the following security bulletins:

MS13-001 - Vulnerability in Windows Print Spooler Components Could Allow Remote Code Execution (2769369)

Details: The vulnerability could allow remote code execution if a print server received a specially crafted print job.

The security update addresses the vulnerability by correcting how the Windows Print Spooler handles specially crafted print jobs.

Maximum Security Impact: Remote Code Execution Aggregate Severity Rating: Critical Maximum Exploitability Index:   1 - Exploit code likely Maximum Denial of Service Exploitability Index: Temporary Affected Products: Windows 7, Windows Server 2008 R2, Server Core installation option CVE
References:  CVE-2013-0011

http://technet.microsoft.com/en-us/security/bulletin/ms13-001

MS13-02 - Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (2756145)

Details: The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.

The security update addresses the vulnerabilities by modifying the way that Microsoft XML Core Services parses XML content.

Maximum Security Impact: Remote Code Execution Aggregate Severity Rating: Critical Maximum Exploitability Index:   1 - Exploit code likely Maximum Denial of Service Exploitability Index: Not applicable Affected Products: Windows XP Service Pack 3, Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista Service Pack 2, Windows Vista x64 Edition Service Pack 2, Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2, Windows Server 2008 for Itanium-based Systems Service Pack 2, Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for Itanium-based Systems, Windows Server 2008 R2 for Itanium-based Systems Service Pack 1, Windows 8 for 32-bit Systems, Windows 8 for 64-bit Systems, Windows Server 2012, Windows RT, Windows Server 2008 for 32-bit and x64 Systems Service Pack 2 (Server Core installation), Windows Server 2008 R2 for x64-based Systems (Server Core installation), Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation), Windows Server 2012 (Server Core installation) CVE
References:  CVE-2013-0006, CVE-2013-0007

http://technet.microsoft.com/en-us/security/bulletin/ms13-002

MS13-03 - Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege (2748552)

Details: The vulnerabilities could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL.

The security update addresses the vulnerabilities by modifying the way that Microsoft System Center Operations Manager accepts input.

Maximum Security Impact: Elevation of Privilege Aggregate Severity Rating: Important Maximum Exploitability Index:   1 - Exploit code likely Maximum Denial of Service Exploitability Index: Not applicable Affected Products: Microsoft System Center Operations Manager 2007 Service Pack 1, Microsoft System Center Operations Manager 2007 R2 CVE
References: CVE-2013-0009, CVE-2013-0010

http://technet.microsoft.com/en-us/security/bulletin/ms13-003

MS13-04 - Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2769324)

Details: The most severe of these vulnerabilities could allow elevation of privilege if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). The vulnerabilities could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

The security update addresses the vulnerabilities by correcting how the .NET Framework initializes memory arrays, copies objects in memory, validates the size of an array prior to copying objects in memory, and validates the permissions of objects.

Maximum Security Impact: Elevation of Privilege Aggregate Severity Rating: Important Maximum Exploitability Index:   1 - Exploit code likely Maximum Denial of Service Exploitability Index: Not applicable Affected Products: Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Server Core installation option CVE
References:  CVE-2013-0001, CVE-2013-0002, CVE-2013-0003, CVE-2013-0004

http://technet.microsoft.com/en-us/security/bulletin/ms13-004

MS13-05 - Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778930)

Details: The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application.

The security update addresses the vulnerability by correcting the way that the Windows kernel-mode driver handles window broadcast messages.

Maximum Security Impact: Elevation of Privilege Aggregate Severity Rating: Important Maximum Exploitability Index:   1 - Exploit code likely Maximum Denial of Service Exploitability Index: Not applicable Affected Products: Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Server Core Installation Option CVE
References:  CVE-2013-0008

http://technet.microsoft.com/en-us/security/bulletin/ms13-005

MS13-06 - Vulnerability in Microsoft Windows Could Allow Security Feature Bypass (2785220)

Details: The vulnerability could allow security feature bypass if an attacker intercepts encrypted web traffic handshakes.

The security update addresses the vulnerability by modifying the way that the Windows SSL provider component handles encrypted network packets.

Maximum Security Impact: Security Feature Bypass Aggregate Severity Rating: Important Maximum Exploitability Index:   Not Applicable Maximum Denial of Service Exploitability Index: Not applicable Affected Products: Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Server Core installation option CVE
References: CVE-2013-0013

http://technet.microsoft.com/en-us/security/bulletin/ms13-006

MS13-07 - Vulnerability in Open Data Protocol Could Allow Denial of Service (2769327)

Details: The vulnerability could allow denial of service if an unauthenticated attacker sends specially crafted HTTP requests to an affected site.

The security update addresses the vulnerability by turning off the WCF Replace function by default.

Maximum Security Impact: Denial of Service Aggregate Severity Rating: Important Maximum Exploitability Index: Not Applicable Maximum Denial of Service Exploitability Index: Temporary Affected Products: Windows XP, Windows Server 2003 Service Pack 2, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Server Core installation option CVE
References: CVE-2013-0005

http://technet.microsoft.com/en-us/security/bulletin/ms13-007

Suggested action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References:
http://technet.microsoft.com/en-us/security/bulletin/ms13-jan

Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.
http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/_fl/CCIRCPublicPGPKey.txt

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: ps.communications-communications.sp@canada.ca

Date modified: