Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

MS Security Bulletin Summary - February 2013


  • Please log in to reply
1 reply to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 12 February 2013 - 02:05 PM

FYI...

- http://technet.micro...lletin/ms13-feb
February 12, 2013 - "This bulletin summary lists security bulletins released for February 2013...
(Total of -12-)

Microsoft Security Bulletin MS13-009 - Critical
Cumulative Security Update for Internet Explorer (2792100)
- https://technet.micr...lletin/ms13-009
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS13-010 - Critical
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2797052)
- https://technet.micr...lletin/ms13-010
Critical - Remote Code Execution - May require restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS13-011 - Critical
Vulnerability in Media Decompression Could Allow Remote Code Execution (2780091)
- http://technet.micro...lletin/ms13-011
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS13-012 - Critical
Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2809279)
- http://technet.micro...lletin/ms13-012
Critical - Remote Code Execution - May require restart - Microsoft Server Software

Microsoft Security Bulletin MS13-020 - Critical
Vulnerability in OLE Automation Could Allow Remote Code Execution (2802968)
- http://technet.micro...lletin/ms13-020
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-013 - Important
Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2784242)
- http://technet.micro...lletin/ms13-013
Important - Remote Code Execution - May require restart Microsoft Office, Microsoft Server Software

Microsoft Security Bulletin MS13-014 - Important
Vulnerability in NFS Server Could Allow Denial of Service (2790978)
- http://technet.micro...lletin/ms13-014
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-015 - Important
Vulnerability in .NET Framework Could Allow Elevation of Privilege (2800277)
- http://technet.micro...lletin/ms13-015
Important - Elevation of Privilege - May require restart - Microsoft Windows, Microsoft .NET Framework

Microsoft Security Bulletin MS13-016 - Important
Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778344)
- http://technet.micro...lletin/ms13-016
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-017 - Important
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2799494)
- http://technet.micro...lletin/ms13-017
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-018 - Important
Vulnerability in TCP/IP Could Allow Denial of Service (2790655)
- https://technet.micr...lletin/ms13-018
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-019 - Important
Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2790113)
- http://technet.micro...lletin/ms13-019
Important - Elevation of Privilege - Requires restart - Microsoft Windows
___

Bulletin Deployment Priority
- https://blogs.techne...-_2D00_-png.png

Severity and Exploitability Index
- https://blogs.techne...-_2D00_-png.png

- http://blogs.technet...Redirected=true
"... 12 bulletins, five Critical-class and seven Important-class, addressing 57 vulnerabilities in Microsoft Windows, Office, Internet Explorer, Exchange and .NET Framework..."
___

ISC Analysis
- https://isc.sans.edu...l?storyid=15142
Last Updated: 2013-02-13

- http://atlas.arbor.n...index#332003461
High Severity
Feb 13, 2013
Analysis: Many attackers are likely frustrated that their vulnerabilities have now been patched. However, those same attackers still have a significant window of opportunity because not everyone can, or will patch in a timely manner, as has been clearly demonstrated in the widespread use of commodity exploit kits as well as numerous targeted attacks that continue to reign in victims despite vulnerabilities being patched years ago in some cases. The most critical patches are for Internet Explorer, a major target for exploitation due to it's widespread use. Additional hardening in sensitive environments can help reduce the impact of exploitation attempts until patches can be deployed, and robust monitoring can help detect those exploit attempts to provide valuable security intelligence...
___

- https://secunia.com/advisories/52122/ - MS13-009
- https://secunia.com/advisories/52129/ - MS13-010
- https://secunia.com/advisories/52130/ - MS13-011
- https://secunia.com/advisories/52133/ - MS13-012
- https://secunia.com/advisories/52136/ - MS13-013
- https://secunia.com/advisories/52138/ - MS13-014
- https://secunia.com/advisories/52143/ - MS13-015
- https://secunia.com/advisories/52156/ - MS13-016
- https://secunia.com/advisories/52157/ - MS13-017
- https://secunia.com/advisories/52158/ - MS13-018
- https://secunia.com/advisories/52162/ - MS13-019
- https://secunia.com/advisories/52184/ - MS13-020

- https://secunia.com/advisories/52164/ - IE10 Flash
___

MSRT
- https://support.micr...om/?kbid=890830
Last Review: February 12, 2013 - Revision: 119.0
- http://www.microsoft...e-families.aspx
"... added in this release...
• Sirefef..."

- https://blogs.techne...Redirected=true
12 Feb 2013

Download:
- https://www.microsof...i...ng=en&id=16
File Name: Windows-KB890830-V4.17.exe - 17.6 MB
- https://www.microsof...ls.aspx?id=9905
x64 version of MSRT:
File Name: Windows-KB890830-x64-V4.17.exe - 18.3 MB

.

Edited by AplusWebMaster, 15 February 2013 - 03:46 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

    Advertisements

Register to Remove


#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 26 February 2013 - 03:40 PM

FYI...

Win7 IE10 released
- http://windows.micro...dwide-languages
Feb 26, 2013

"Catch 22" ...
- http://arstechnica.c...-for-windows-7/
Feb 26, 2013 - "... Windows Update will, in its default configuration, install it silently and automatically. Over the coming months, Microsoft will classify Internet Explorer 10 as "important" in more and more markets to ensure it is installed automatically as widely as possible. This marks a significant change from Microsoft's past practices. Traditionally, the company has released new browsers only as optional updates... Internet Explorer 10 on Windows 7 will be near-identical to its Windows 8 counterpart. This includes features such as support for the Pointer Events touch API and hardware acceleration using Direct2D and DirectWrite. To that end, installing Internet Explorer 10 on Windows 7 -requires- the installation of a platform update that brings Windows 7's version of these APIs in line with Windows 8... There will be one important difference between the versions, however. Internet Explorer 10 on Windows 8 includes an embedded version of Flash that gets its updates from Windows Update, rather than through Adobe's installer. On Windows 7, Flash will not be embedded. Instead, it will use the same ActiveX plugin as Internet Explorer 9 did. Updates will have to be installed using Adobe's updater, not Microsoft's."
___

From: Susan Bradley - http://msmvps.com/blogs/bradley/
Subject: Tracking BSOD's after KB2670838
- http://answers.micro...9c-5dc6f0f55d37
28 Feb 2013

I'd not be rushing that one out just yet

- https://www.infoworl...c-update-213802
March 04, 2013 - "... This buggy patch was part of the non-security-related patches typically released on the fourth Tuesday of the month. Since Microsoft switched the patch over to "Optional" on Thursday, it won't be offered automatically to those with Automatic Update turned on. But if you've already downloaded it, Windows may try to install it over and over again.If you've been bit by this bad patch, fortunately the solution is easy -- if you know where the problem came from and how to get rid of it.
> From a blue screen, re-start your PC. Click Start (yes, this is Windows 7) -> Control Panel -> Uninstall a Program. On the left, click the link to View Installed Updates. Scroll way down to KB 2670838, which should be at or near the top of the section marked Microsoft Windows. Double-click on the patch to uninstall it. Re-boot.
Next, just to make sure your system doesn't pick up the patch again, click Start -> Control Panel -> System and Security. Under Windows Update, click the link to Check for Updates. Click the link that says XX Optional Updates are Available. Right-click KB 2670383 and choose Hide.
And while you're at it, make sure Automatic Update is turned off. Last year, Microsoft pushed five different bad patches through Automatic Update. So far this year,the company is running at its usual rate of one really buggy patch every two or three months..."

IEv10 does not install on a hybrid graphics system
- http://support.micro...b/2823483/en-us
Last Review: March 12, 2013 - Revision: 8.0
Applies to: Internet Explorer 10, Windows 7 Service Pack 1
___

- http://support.micro....com/kb/2670838
Last Review: February 26, 2013 - Revision: 4.0
"... a platform update for Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1. This update improves the features and performance of the following components:
• Direct2D
• DirectWrite
• Direct3D
• Windows Imaging Component (WIC)
• Windows Advanced Rasterization Platform (WARP)
• Windows Animation Manager (WAM)
• XPS Document API
• H.264 Video Decoder
• JPEG XR codec ..."

:ph34r: :ph34r:

Edited by AplusWebMaster, 19 March 2013 - 03:46 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users