Microsoft Security Bulletin Summary for April 2013

Number: AV13-016
Date: 09 April 2013

Purpose

The purpose of this advisory is to bring attention to the monthly Microsoft Security Bulletin Summary for April. The summary covers 9 bulletins (2 Critical and 7 Important), which address multiple vulnerabilities in some Microsoft products.

Assessment

Microsoft has released the following security bulletins:

MS13-028 - Cumulative Security Update for Internet Explorer (2817183)
Details:   These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.
The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory.
Maximum Security Impact: Remote Code Execution
Aggregate Severity Rating:  Critical
Maximum Exploitability Index:  2 - Exploit code would be difficult to build
Maximum Denial of Service Exploitability Index:  Not applicable
Affected Products:  Internet Explorer 6, 7, 8, 9 and 10
CVE References:  CVE-2013-1303, CVE-2013-1304
https://technet.microsoft.com/en-ca/security/bulletin/ms13-028

MS13-029 - Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2828223)
Details:   The vulnerability could allow remote code execution if a user views a specially crafted webpage. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
The security update addresses the vulnerability by modifying the way that Remote Desktop Client handles objects in memory.
Maximum Security Impact: Remote Code Execution
Aggregate Severity Rating:  Critical
Maximum Exploitability Index:  1 - Exploit code likely
Maximum Denial of Service Exploitability Index:  Not applicable
Affected Products:  Remote Desktop Connection 6.1 Client and Remote Desktop Connection 7.0 Client
CVE References:  CVE-2013-1296
https://technet.microsoft.com/en-ca/security/bulletin/ms13-029

MS13-030 - Vulnerability in SharePoint Could Allow Information Disclosure (2827663)
Details:   The vulnerability could allow information disclosure if an attacker determined the address or location of a specific SharePoint list and gained access to the SharePoint site where the list is maintained. The attacker would need to be able to satisfy the SharePoint site's authentication requests to exploit this vulnerability.
The security update addresses the vulnerability by correcting the default access controls applied to the SharePoint list.
Maximum Security Impact: Information Disclosure
Aggregate Severity Rating:  Important
Maximum Exploitability Index:  3 - Exploit code unlikely
Maximum Denial of Service Exploitability Index:  Not applicable
Affected Products:  Microsoft SharePoint Server 2013 (coreserverloc)
CVE References:  CVE-2013-1290
https://technet.microsoft.com/en-ca/security/bulletin/ms13-030

MS13-031 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2813170)
Details:   The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities.
The security update addresses the vulnerability by correcting the way that the Windows kernel handles objects in memory.
Maximum Security Impact: Elevation of Privilege
Aggregate Severity Rating:  Important
Maximum Exploitability Index:  2 - Exploit code would be difficult to build
Maximum Denial of Service Exploitability Index:  Permanent
Affected Products:  Windows XP Service Pack 3, Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista x64 Edition Service Pack 2, Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2, Windows Server 2008 for Itanium-based Systems Service Pack 2, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for Itanium-based Systems, Windows Server 2008 R2 for Itanium-based Systems Service Pack 1, Windows 8 for 64-bit Systems, Windows Server 2012, Windows RT, Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation), Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation), Windows Server 2008 R2 for x64-based Systems (Server Core installation), Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation), Windows Server 2012 (Server Core installation)
CVE References:  CVE-2013-1284, CVE-2013-1294
https://technet.microsoft.com/en-ca/security/bulletin/ms13-031

MS13-032 - Vulnerability in Active Directory Could Lead to Denial of Service (2830914)
Details:   The vulnerability could allow denial of service if an attacker sends a specially crafted query to the Lightweight Directory Access Protocol (LDAP) service.
The security update addresses the vulnerability by correcting how the LDAP service handles specially crafted LDAP queries.
Maximum Security Impact: Denial of Service
Aggregate Severity Rating:  Important
Maximum Exploitability Index:  3 - Exploit code unlikely
Maximum Denial of Service Exploitability Index:  Temporary
Affected Products:  Active Directory Application Mode (ADAM), Active Directory, Active Directory Lightweight Directory Service (AD LDS), Active Directory Services
CVE References:  CVE-2013-1282
https://technet.microsoft.com/en-ca/security/bulletin/ms13-032

MS13-033 - Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2820917)
Details:   The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
The security update addresses the vulnerability by correcting the way that the Windows Client/Server Run-time Subsystem (CSRSS) handles objects in memory.
Maximum Security Impact: Elevation of Privilege
Aggregate Severity Rating:  Important
Maximum Exploitability Index:  3 - Exploit code unlikely
Maximum Denial of Service Exploitability Index:  Permanent
Affected Products:  Windows XP Service Pack 3, Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista Service Pack 2, Windows Vista x64 Edition Service Pack 2, Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2, Windows Server 2008 for Itanium-based Systems Service Pack 2, Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2
CVE References:  CVE-2013-1295
https://technet.microsoft.com/en-ca/security/bulletin/ms13-033

MS13-034 - Vulnerability in Microsoft Antimalware Client Could Allow Elevation of Privilege (2823482)
Details:   The vulnerability could allow elevation of privilege due to the pathnames used by the Microsoft Antimalware Client. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system.
The security update addresses the vulnerability by correcting pathnames used by the Microsoft Antimalware Client.
Maximum Security Impact: Elevation of Privilege
Aggregate Severity Rating:  Important
Maximum Exploitability Index:  1 - Exploit code likely
Maximum Denial of Service Exploitability Index:  Not applicable
Affected Products:  Windows Defender for Windows 8 and Windows RT
CVE References:  CVE-2013-0078
https://technet.microsoft.com/en-ca/security/bulletin/ms13-034

MS13-035 - Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2821818)
Details:   The vulnerability could allow elevation of privilege if an attacker sends specially crafted content to a user.
The security update addresses the vulnerability by modifying the way that HTML strings are sanitized.
Maximum Security Impact: Elevation of Privilege
Aggregate Severity Rating:  Important
Maximum Exploitability Index:  3 - Exploit code unlikely
Maximum Denial of Service Exploitability Index:  Not applicable
Affected Products:  Microsoft InfoPath 2010 Service Pack 1 (32-bit editions), Microsoft InfoPath 2010 Service Pack 1 (64-bit editions), Microsoft SharePoint Server 2010 Service Pack 1 (wosrv), Microsoft SharePoint Server 2010 Service Pack 1 (coreserver), Microsoft Groove Server 2010 Service Pack 1, Microsoft SharePoint Foundation 2010 Service Pack 1, Microsoft Office Web Apps 2010 Service Pack 1
CVE References:  CVE-2013-1289
https://technet.microsoft.com/en-ca/security/bulletin/ms13-035

MS13-036 - Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege (2829996)
Details:   The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the most severe vulnerabilities.
The security update addresses the vulnerabilities by correcting the way that the Windows kernel-mode driver handles objects in memory.
Maximum Security Impact: Elevation of Privilege
Aggregate Severity Rating:  Important
Maximum Exploitability Index:  1 - Exploit code likely
Maximum Denial of Service Exploitability Index:  Permanent
Affected Products:  Windows XP Service Pack 3, Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista Service Pack 2, Windows Vista x64 Edition Service Pack 2, Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2, Windows Server 2008 for Itanium-based Systems Service Pack 2, Windows 7 for 32-bit Systems, Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for Itanium-based Systems, Windows Server 2008 R2 for Itanium-based Systems Service Pack 1, Windows 8 for 32-bit Systems, Windows 8 for 64-bit Systems, Windows Server 2012, Windows RT, Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation), Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation), Windows Server 2008 R2 for x64-based Systems (Server Core installation), Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation), Windows Server 2012 (Server Core installation)
CVE References:  CVE-2013-1283, CVE-2013-1291, CVE-2013-1292, CVE-2013-1293
https://technet.microsoft.com/en-ca/security/bulletin/ms13-036

Suggested action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

Microsoft has published a risk matrix table to assist organizations in evaluating and prioritizing deployment of these security updates. This table is available at the following URL:
http://blogs.technet.com/b/msrc/archive/2013/04/09/out-with-the-old-in-with-the-april-2013-security-updates.aspx

References:
https://technet.microsoft.com/en-ca/security/bulletin/ms13-apr

Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.
http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/_fl/CCIRCPublicPGPKey.txt

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: ps.communications-communications.sp@canada.ca

Date modified: