Microsoft Security Bulletin Summary for February 2013

Number: AV13-008
Date: 12 February 2013

Purpose

The purpose of this advisory is to bring attention to the monthly Microsoft Security Bulletin Summary for February. The summary covers 12 bulletins (5 Critical and 7 Important), which address multiple vulnerabilities in some Microsoft products.

Assessment

Microsoft has released the following security bulletins:

MS13-009 - Cumulative Security Update for Internet Explorer (2792100)
Details: The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.
The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory.
Maximum Security Impact:   Remote Code Execution
Aggregate Severity Rating:    Critical
Maximum Exploitability Index:  1 - Exploit code likely
Maximum Denial of Service Exploitability Index: Not applicable
Affected Products:    Internet Explorer 6, 7, 8, 9 and 10
CVE References: CVE-2013-0015, CVE-2013-0018, CVE-2013-0019, CVE-2013-0020, CVE-2013-0021, CVE-2013-0022, CVE-2013-0023, CVE-2013-0024,  CVE-2013-0025, CVE-2013-0026, CVE-2013-0027, CVE-2013-0028, CVE-2013-0029
http://technet.microsoft.com/en-ca/security/bulletin/ms13-009

MS13-010 - Vulnerability in Vector Markup Language (VLM) Could Allow Remote Code Execution (2797052)
Details: The vulnerability could allow remote code execution if a user viewed a specially crafted webpage using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The security update addresses the vulnerability by modifying the way that Internet Explorer handles objects in memory.
Maximum Security Impact:   Remote Code Execution
Aggregate Severity Rating:    Critical
Maximum Exploitability Index:  1 - Exploit code likely
Maximum Denial of Service Exploitability Index: Not applicable
Affected Products:    Internet Explorer 6, 7, 8, 9 and 10
CVE References: CVE-2013-0030
http://technet.microsoft.com/en-ca/security/bulletin/ms13-010

MS13-011 - Vulnerability in Media Decompression Could Allow Remote Code Execution (2780091)
Details: The vulnerability could allow remote code execution if a user opens a specially crafted media file (such as an .mpg file), opens a Microsoft Office document (such as a .ppt file) that contains a specially crafted embedded media file, or receives specially crafted streaming content. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.
The security update addresses the vulnerability by correcting the way that DirectShow handles specially crafted media content.
Maximum Security Impact:   Remote Code Execution
Aggregate Severity Rating:    Critical
Maximum Exploitability Index:  1 - Exploit code likely
Maximum Denial of Service Exploitability Index: Not applicable
Affected Products:    Quartz.dll (DirectShow) for Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008
CVE References: CVE-2013-0077
http://technet.microsoft.com/en-ca/security/bulletin/ms13-011

MS13-012 - Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2809279)
Details: The most severe vulnerability is in Microsoft Exchange Server WebReady Document Viewing, and could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA). The transcoding service in Exchange that is used for WebReady Document Viewing is running in the LocalService account.
The security update addresses the vulnerabilities by updating the affected Oracle Outside In libraries to a non-vulnerable version.
Maximum Security Impact:   Remote Code Execution
Aggregate Severity Rating:    Critical
Maximum Exploitability Index:  2 - Exploit code would be difficult to build
Maximum Denial of Service Exploitability Index: Permanent
Affected Products:    Microsoft Exchange Server 2007 Service Pack 3 and Microsoft Exchange Server 2010 Service Pack 2
CVE References: CVE-2013-0393, CVE-2013-0418
http://technet.microsoft.com/en-ca/security/bulletin/ms13-012

MS13-013 - Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2784242)
Details: The vulnerabilities could allow remote code execution in the security context of a user account with a restricted token. FAST Search Server for SharePoint is only affected by this issue when Advanced Filter Pack is enabled.
The security update addresses the vulnerabilities by updating the affected Oracle Outside In libraries to a non-vulnerable version.
Maximum Security Impact:   Remote Code Execution
Aggregate Severity Rating:    Important
Maximum Exploitability Index:  1 - Exploit code likely
Maximum Denial of Service Exploitability Index: Not applicable
Affected Products:    Microsoft FAST Search Server 2010 for SharePoint Service Pack 1
CVE References: CVE-2012-3214, CVE-2012-3217
http://technet.microsoft.com/en-ca/security/bulletin/ms13-013

MS13-014 - Vulnerability in NFS Server Could Allow Denial of Service (2790978)
Details: The vulnerability could allow denial of service if an attacker attempts a file operation on a read only share. An attacker who exploited this vulnerability could cause the affected system to stop responding and restart.
The security update addresses the vulnerability by correcting how the NFS server handles a file operation.
Maximum Security Impact:   Denial of Service
Aggregate Severity Rating:    Important
Maximum Exploitability Index:  3 - Exploit code unlikely
Maximum Denial of Service Exploitability Index: Permanent
Affected Products:    Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for Itanium-based Systems, Windows Server 2008 R2 for Itanium-based Systems Service Pack 1, Windows Server 2012, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems Service Pack 1, Windows Server 2012
CVE References: CVE-2013-1281
http://technet.microsoft.com/en-ca/security/bulletin/ms13-014

MS13-015 - Vulnerability in .NET Framework Could Allow Elevation of Privilege (2800277)
Details: The vulnerability could allow elevation of privilege if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). The vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.
The security update addresses the vulnerability by correcting how the .NET Framework elevates permissions when running a user-provided callback.
Maximum Security Impact:   Elevation of Privilege
Aggregate Severity Rating:    Important
Maximum Exploitability Index:  1 - Exploit code likely
Maximum Denial of Service Exploitability Index: Not applicable
Affected Products:    Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5, Microsoft .NET Framework 4
CVE References: CVE-2013-0073
http://technet.microsoft.com/en-ca/security/bulletin/ms13-015

MS13-016 - Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778344)
Details: The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities.
The security update addresses the vulnerabilities by correcting the way that the kernel-mode driver handles objects in memory.
Maximum Security Impact:   Elevation of Privilege
Aggregate Severity Rating:    Important
Maximum Exploitability Index:  2 - Exploit code would be difficult to build
Maximum Denial of Service Exploitability Index: Permanent
Affected Products:    Windows XP Service Pack 3, Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista Service Pack 2, Windows Vista x64 Edition Service Pack 2, Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2, Windows Server 2008 for Itanium-based Systems Service Pack 2, Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for Itanium-based Systems, Windows Server 2008 R2 for Itanium-based Systems Service Pack 1, Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation), Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation), Windows Server 2008 R2 for x64-based Systems (Server Core installation), Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
CVE References: CVE-2013-1248, CVE-2013-1249, CVE-2013-1250, CVE-2013-1251, CVE-2013-1252, CVE-2013-1253, CVE-2013-1254, CVE-2013-1255, CVE-2013-1256, CVE-2013-1257, CVE-2013-1258, CVE-2013-1259, CVE-2013-1260, CVE-2013-1261, CVE-2013-1262, CVE-2013-1263, CVE-2013-1264, CVE-2013-1265, CVE-2013-1266, CVE-2013-1267, CVE-2013-1268, CVE-2013-1269, CVE-2013-1270, CVE-2013-1271, CVE-2013-1272, CVE-2013-1273, CVE-2013-1274, CVE-2013-1275, CVE-2013-1276, CVE-2013-1277
http://technet.microsoft.com/en-ca/security/bulletin/ms13-016

MS13-017 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2799494)
Details: The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities.
The security update addresses the vulnerabilities by correcting the way that the Windows kernel handles objects in memory.
Maximum Security Impact:   Elevation of Privilege
Aggregate Severity Rating:    Important
Maximum Exploitability Index:  1 - Exploit code likely
Maximum Denial of Service Exploitability Index: Permanent
Affected Products:    Windows XP Service Pack 3, Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista x64 Edition Service Pack 2, Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2, Windows Server 2008 for Itanium-based Systems Service Pack 2, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for Itanium-based Systems, Windows Server 2008 R2 for Itanium-based Systems Service Pack 1, Windows 8 for 64-bit Systems, Windows Server 2012, Windows RT, Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation), Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation), Windows Server 2008 R2 for x64-based Systems (Server Core installation), Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation), Windows Server 2012 (Server Core installation)
CVE References: CVE-2013-1278, CVE-2013-1279, CVE-2013-1280
http://technet.microsoft.com/en-ca/security/bulletin/ms13-017

MS13-018 - Vulnerability in TCP/IP Could Allow Denial of Service (2790655)
Details: The vulnerability could allow denial of service if an unauthenticated attacker sends a specially crafted connection termination packet to the server.
The security update addresses the vulnerability by correcting how the Windows TCP/IP stack handles connection termination sequences.
Maximum Security Impact:   Denial of Service
Aggregate Severity Rating:    Important
Maximum Exploitability Index:  3 - Exploit code unlikely
Maximum Denial of Service Exploitability Index: Permanent
Affected Products:    Windows Vista Service Pack 2, Windows Vista x64 Edition Service Pack 2, Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2, Windows Server 2008 for Itanium-based Systems Service Pack 2, Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for Itanium-based Systems, Windows Server 2008 R2 for Itanium-based Systems Service Pack 1, Windows 8 for 64-bit Systems, Windows Server 2012, Windows RT, Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation), Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation), Windows Server 2008 R2 for x64-based Systems (Server Core installation), Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation), Windows Server 2012 (Server Core installation)
CVE References: CVE-2013-0075
http://technet.microsoft.com/en-ca/security/bulletin/ms13-018

MS13-019 - Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2790113)
Details: The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
The security update addresses the vulnerability by correcting the way that the Windows CSRSS handles objects in memory.
Maximum Security Impact:   Elevation of Privilege
Aggregate Severity Rating:    Important
Maximum Exploitability Index:  2 - Exploit code would be difficult to build
Maximum Denial of Service Exploitability Index: Permanent
Affected Products:    Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for Itanium-based Systems, Windows Server 2008 R2 for Itanium-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems (Server Core installation), Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
CVE References: CVE-2013-0076
http://technet.microsoft.com/en-ca/security/bulletin/ms13-019

MS13-020 -Vulnerability in OLE Automation Could Allow Remote Code Execution (2802968)
Details: The vulnerability could allow remote code execution if a user opens a specially crafted file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
The security update addresses the vulnerability by correcting the manner in which OLE Automation parses files.
Maximum Security Impact:   Remote Code Execution
Aggregate Severity Rating:    Critical
Maximum Exploitability Index:  1 - Exploit code likely
Maximum Denial of Service Exploitability Index: Not applicable
Affected Products:    Windows XP Service Pack 3
CVE References: CVE-2013-1313
http://technet.microsoft.com/en-ca/security/bulletin/ms13-020

Suggested action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.
Microsoft has published a risk matrix table to assist organizations in evaluating and prioritizing deployment of these security updates. This table is available at the following URL:
http://blogs.technet.com/b/msrc/archive/2013/02/12/baseball-bulletins-and-the-february-2013-release.aspx

References:
http://technet.microsoft.com/en-ca/security/bulletin/ms13-feb

Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.
http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/_fl/CCIRCPublicPGPKey.txt

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: ps.communications-communications.sp@canada.ca

Date modified: