Microsoft IT Security Bulletins
Microsoft Security Content: Comprehensive Edition
Updated: 8 hours 28 min ago
MS13-048 - Important : Vulnerability in Windows Kernel Could Allow Information Disclosure (2839229) - Version: 1.2
Severity Rating: Important
Revision Note: V1.2 (June 18, 2013): Bulletin revised to announce a detection change in the security update for 2839229 to address the known issue documented in Microsoft Knowledge Base Article 2839229. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves one privately reported vulnerability in Windows Kernel. The vulnerability could allow information disclosure if an attacker logs on to a system and runs a specially crafted application or convinces a local, logged-in user to run a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise an affected system.
Revision Note: V1.2 (June 18, 2013): Bulletin revised to announce a detection change in the security update for 2839229 to address the known issue documented in Microsoft Knowledge Base Article 2839229. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves one privately reported vulnerability in Windows Kernel. The vulnerability could allow information disclosure if an attacker logs on to a system and runs a specially crafted application or convinces a local, logged-in user to run a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise an affected system.
Microsoft Security Advisory (2854544): Update to Improve Cryptography and Digital Certificate Handling in Windows - Version: 1.0
Revision Note: V1.0 (June 11, 2013): Advisory published.
Summary: Microsoft is announcing the availability of an update as part of ongoing efforts to improve cryptography and digital certificate handling in Windows. Over the course of months, Microsoft will continue to announce additional updates via this advisory, all aimed at bolstering the Windows cryptography and certificate handling infrastructure in response to an evolving threat environment.
Summary: Microsoft is announcing the availability of an update as part of ongoing efforts to improve cryptography and digital certificate handling in Windows. Over the course of months, Microsoft will continue to announce additional updates via this advisory, all aimed at bolstering the Windows cryptography and certificate handling infrastructure in response to an evolving threat environment.
MS13-051 - Important : Vulnerability in Microsoft Office Could Allow Remote Code Execution (2839571) - Version: 1.0
Severity Rating: Important
Revision Note: V1.0 (June 11, 2013): Bulletin published.
Summary: This security update resolves one privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Office document using an affected version of Microsoft Office software, or previews or opens a specially crafted email message in Outlook while using Microsoft Word as the email reader. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Revision Note: V1.0 (June 11, 2013): Bulletin published.
Summary: This security update resolves one privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Office document using an affected version of Microsoft Office software, or previews or opens a specially crafted email message in Outlook while using Microsoft Word as the email reader. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS13-050 - Important : Vulnerability in Windows Print Spooler Components Could Allow Elevation of Privilege (2839894) - Version: 1.0
Severity Rating: Important
Revision Note: V1.0 (June 11, 2013) Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege when an authenticated attacker deletes a printer connection. An attacker must have valid logon credentials and be able to log on to exploit this vulnerability.
Revision Note: V1.0 (June 11, 2013) Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege when an authenticated attacker deletes a printer connection. An attacker must have valid logon credentials and be able to log on to exploit this vulnerability.
MS13-049 - Important : Vulnerability in Kernel-Mode Driver Could Allow Denial of Service (2845690) - Version: 1.0
Severity Rating: Important
Revision Note: V1.0 (June 11, 2013): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sends specially crafted packets to the server. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter.
Revision Note: V1.0 (June 11, 2013): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sends specially crafted packets to the server. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter.
MS13-048 - Important : Vulnerability in Windows Kernel Could Allow Information Disclosure (2839229) - Version: 1.0
Severity Rating: Important
Revision Note: V1.0 (June 11, 2013): Bulletin published.
Summary: This security update resolves one privately reported vulnerability in Windows Kernel. The vulnerability could allow information disclosure if an attacker logs on to a system and runs a specially crafted application or convinces a local, logged-in user to run a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise an affected system.
Revision Note: V1.0 (June 11, 2013): Bulletin published.
Summary: This security update resolves one privately reported vulnerability in Windows Kernel. The vulnerability could allow information disclosure if an attacker logs on to a system and runs a specially crafted application or convinces a local, logged-in user to run a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise an affected system.
MS13-047 - Critical : Cumulative Security Update for Internet Explorer (2838727) - Version: 1.0
Severity Rating: Critical
Revision Note: V1.0 (June 11, 2013): Bulletin published.
Summary: This security update resolves nineteen privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Revision Note: V1.0 (June 11, 2013): Bulletin published.
Summary: This security update resolves nineteen privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft Security Advisory (2755801): Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 - Version: 13.0
Revision Note: V13.0 (June 11, 2013): Added the 2847928 update to the Current Update section.
Summary: Microsoft is aware of vulnerabilities in Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows 8, Windows Server 2012, and Windows RT. Microsoft provides updates that address the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10.
Summary: Microsoft is aware of vulnerabilities in Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows 8, Windows Server 2012, and Windows RT. Microsoft provides updates that address the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10.
Summary for June 2013 - Version: 1.0
Revision Note: V1.0 (June 11, 2013): Bulletin Summary published.
Summary: This bulletin summary lists security bulletins released for June 2013.
Summary: This bulletin summary lists security bulletins released for June 2013.
MS12-069 - Important : Vulnerability in Kerberos Could Allow Denial of Service (2743555) - Version: 1.1
Severity Rating: Important
Revision Note: V1.1 (May 29, 2013): Corrected update replacement entries in the Affected Software table for x64-based editions of Windows Server 2008 R2. This is a bulletin change only. There were no changes to detection logic or security update files.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a remote attacker sends a specially crafted session request to the Kerberos server.
Revision Note: V1.1 (May 29, 2013): Corrected update replacement entries in the Affected Software table for x64-based editions of Windows Server 2008 R2. This is a bulletin change only. There were no changes to detection logic or security update files.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a remote attacker sends a specially crafted session request to the Kerberos server.
MS13-040 - Important : Vulnerabilities in .NET Framework Could Allow Spoofing (2836440) - Version: 1.1
Severity Rating: Important
Revision Note: V1.1 (May 29, 2013): Added a Non-Applicable Software table to identify platforms on which the .NET Framework is not installable.
Summary: This security update resolves one privately reported vulnerability and one publicly disclosed vulnerability in the .NET Framework. The more severe of the vulnerabilities could allow spoofing if a .NET application receives a specially crafted XML file. An attacker who successfully exploited the vulnerabilities could modify the contents of an XML file without invalidating the file's signature and could gain access to endpoint functions as if they were an authenticated user.
Revision Note: V1.1 (May 29, 2013): Added a Non-Applicable Software table to identify platforms on which the .NET Framework is not installable.
Summary: This security update resolves one privately reported vulnerability and one publicly disclosed vulnerability in the .NET Framework. The more severe of the vulnerabilities could allow spoofing if a .NET application receives a specially crafted XML file. An attacker who successfully exploited the vulnerabilities could modify the contents of an XML file without invalidating the file's signature and could gain access to endpoint functions as if they were an authenticated user.
MS13-038 - Critical : Security Update for Internet Explorer (2847204) - Version: 1.1
Severity Rating: Critical
Revision Note: V1.1 (May 29, 2013): Updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes".
Summary: This security update resolves one publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Revision Note: V1.1 (May 29, 2013): Updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes".
Summary: This security update resolves one publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS13-044 - Important : Vulnerability in Microsoft Visio Could Allow Information Disclosure (2834692) - Version: 1.1
Severity Rating: Important
Revision Note: V1.1 (May 23, 2013): Revised bulletin to announce a detection change for the Microsoft Visio 2010 (2810068) update. This is a detection change only. There were no changes to the update files. Customers who have successfully installed the update do not need to take any action.
Summary: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow information disclosure if a user opens a specially crafted Visio file. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise an affected system.
Revision Note: V1.1 (May 23, 2013): Revised bulletin to announce a detection change for the Microsoft Visio 2010 (2810068) update. This is a detection change only. There were no changes to the update files. Customers who have successfully installed the update do not need to take any action.
Summary: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow information disclosure if a user opens a specially crafted Visio file. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise an affected system.
MS12-081 - Critical : Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857) - Version: 1.1
Severity Rating: Critical
Revision Note: V1.1 (May 22, 2013): Added a link to Microsoft Knowledge Base Article 2758857 under Known Issues in the Executive Summary.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user browses to a folder that contains a file or subfolder with a specially crafted name. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Revision Note: V1.1 (May 22, 2013): Added a link to Microsoft Knowledge Base Article 2758857 under Known Issues in the Executive Summary.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user browses to a folder that contains a file or subfolder with a specially crafted name. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS13-037 - Critical : Cumulative Security Update for Internet Explorer (2829530) - Version: 1.1
Severity Rating: Critical
Revision Note: V1.1 (May 22, 2013): Corrected the Common Vulnerabilities and Exposures number for CVE-2013-3140. This is an informational change only.
Summary: This security update resolves eleven privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Revision Note: V1.1 (May 22, 2013): Corrected the Common Vulnerabilities and Exposures number for CVE-2013-3140. This is an informational change only.
Summary: This security update resolves eleven privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Summary for May 2013 - Version: 1.1
Revision Note: V1.1 (May 22, 2013): For MS13-037, corrected the Common Vulnerabilities and Exposures number for CVE-2013-3140. This is an informational change only.
Summary: This bulletin summary lists security bulletins released for May 2013.
Summary: This bulletin summary lists security bulletins released for May 2013.