Thursday, 10 January 2013

Microsoft Patch Tuesday - January 2013

Executive Summary
With this January 2013 Microsoft Patch Tuesday update, we see a set of 7 updates; 2 of which are marked as "Critical", and 5 rated as "Important". 


The Patch Tuesday Security Update analysis was performed by the Quest ChangeBASE Patch Impact team and identified a small percentage of applications from the thousands of applications included in testing for this release which showed an Amber issue.

Of the seven patches, all 7 will  require a restart", so it is probably best to assume all require a restart to be installed correctly

Sample Results

Here is a sample of the results for one package against this January Patch Tuesday update:





Quest ChangeBASE Microsoft Security Update Report Summary



Security Bulletin Overview
And, here are the Microsoft Patch Tuesday individual Patch Tuesday bulletins with their respective Security Ratings, Payload and potential Impact.

MS13-001
Vulnerability in Windows Print Spooler Components Could Allow Remote Code Execution (2769369)
Description
This security update resolves one privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a print server received a specially crafted print job. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems connected directly to the Internet have a minimal number of ports exposed.
Payload
Win32spl.dll
Impact
Critical - Remote Code Execution


MS13-002
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (2756145)
Description
This security update resolves two privately reported vulnerabilities in Microsoft XML Core Services. The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes the user to the attacker's website.
Payload
Msxml6.dll
Impact
Critical - Remote Code Execution

MS13-003
Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege (2748552) 
Description
This security update resolves two privately reported vulnerabilities in Microsoft System Center Operations Manager. The vulnerabilities could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the affected website.
Payload
No specific file information
Impact
Important - Elevation of Privilege

MS13-004
Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2769324)
Description
This security update resolves four privately reported vulnerabilities in the .NET Framework. The most severe of these vulnerabilities could allow elevation of privilege if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). The vulnerabilities could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Payload
No Specific File Information
Impact
Important - Elevation of Privilege

MS13-005
Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778930)
Description
This security update resolves one privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application.
Payload
Win32k.sys
Impact
Important - Elevation of Privilege

MS13-006
Vulnerability in Microsoft Windows Could Allow Security Feature Bypass(2785220)
Description
This security update resolves a privately reported vulnerability in the implementation of SSL and TLS in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker intercepts encrypted web traffic handshakes.
Payload
Ncrypt.dll
Impact
Important - Security Feature Bypass

MS13-007
Vulnerability in Open Data Protocol Could Allow Denial of Service (2769327)
Description
This security update resolves a privately reported vulnerability in the Open Data (OData) protocol. The vulnerability could allow denial of service if an unauthenticated attacker sends specially crafted HTTP requests to an affected site. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
Payload
DataSvcUtil.exe, System.Data.Services.Client.dll, System.Data.Services.Design.dll, System.Data.Services.dll
Impact
Important - Denial of Service

*All results are based on an AOK Application Compatibility Lab’s test portfolio of over 1,000 applications.

No comments: