Monthly Security Bulletin Briefing - TechNet Blogs

Monthly Security 

Bulletin Briefing 

Daniel Mauser 

Sr. Technical Lead 

Teresa Ghiorzoe 

Security PM LATAM 

(June 2013) 

Latamsrc@Microsoft.com 

GBS Security Worldwide Programs 

1

June 2013 

Agenda 

Security Advisories 

New Rerelease 

1 1 

Other Security 

Resources 

• Detection and 

Deployment Table 

• Lifecycle Information 

New Security 

Bulletins 

5 

Critical 

1 4 

Important 

• June 2013 Bulletin Release 

Summary 

• TechNet Public Webcast 

Details 

Appendix 

• Malicious Software 

Removal Tool Updates 

• Public Security Bulletin 

Links 

• 2013 Non-Security 

Updates 


2

June 2013 

Security 

Bulletins 

Bulletin Impact Component Severity Priority 

Exploit 

Index 

MS13-047 Remote Code Execution Internet Explorer Critical 1 1 No 

Public 

MS13-048 Information Disclosure Windows Kernel Important 3 3 No 

MS13-049 Denial of Service Kernel-Mode Drivers Important 2 3 No 

MS13-050 Elevation of Privilege Print Spooler Important 2 1 No 

MS13-051 Remote Code Execution Office Important 1 1 Yes 

Exploitability Index: 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected | * - Not Rated 


3

MS13-047 

Cumulative 

Security Update 

for Internet 

Explorer 

(2838727) 

Affected Software: 

 

IE 6 on Windows XP and Windows Server 

2003 

IE 7 on Windows XP, Windows Server 2003, 

Windows Vista, and Windows Server 2008 

IE 8 on Windows XP, Windows Server 2003, 

Windows Vista, Windows Server 2008, 

Windows 7, and Windows Server 2008 R2 

 

IE 9 on Windows Vista, Windows Server 

2008, Windows 7, and Windows Server 2008 

R2 

IE 10 on Windows 7, Windows Server 2008 

R2, Windows 8, Windows Server 2012, and 

Windows RT 

Detection and Deployment 

WU MU MBSA WSUS ITMU SCCM 

Yes Yes Yes 1 | 2 Yes 2 Yes 2 Yes 2 

Severity | Critical 

Deployment 

Priority 

1 

Restart 

Requirement 

A restart is 

required 

Update 

Replacement 

MS13-037 

MS13-038 

More Information 

and / or 

Known Issues 

Yes 3 

Uninstall Support 

Use Add or Remove 

Programs in Control 

Panel 

1. The Microsoft Baseline Security Analyzer (MBSA) 

tool does not support Windows 8 or Windows 

Server 2012 

2. Windows RT devices can only be serviced with 

Windows and Microsoft Update 

3. Windows RT devices require update 2808380 to 

be installed before WU will offer this security 

update 


4

MS13-047 

Cumulative 

Security Update 

for Internet 

Explorer 

(2838727) 

Vulnerability Details: 

• Eighteen (18) remote code execution vulnerabilities exist in the way that Internet Explorer accesses an 

object in memory that has been deleted that could allow an attacker to take complete control of an 

affected system if they can convince a user to view a specially crafted website 

• A remote code execution vulnerability exists when Internet Explorer improperly processes scripts while 

debugging a webpage that could allow an attacker to take complete control of an affected system if they 

can convince a user to debug a specially crafted website 

CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory 

Multiple * 

CVE-2013-3126 

Attack Vectors 

Critical 

Moderate 

• A maliciously crafted Web page 

• Compromised websites and 

websites that accept or host 

user-provided content or 

advertisements 

* CVE-2013-3110, CVE-2013-3111 

* CVE-2013-3112, CVE-2013-3113 

* CVE-2013-3114, CVE-2013-3116 

* CVE-2013-3117, CVE-2013-3118 

* CVE-2013-3119, CVE-2013-3120 

* CVE-2013-3121, CVE-2013-3122 

* CVE-2013-3123, CVE-2013-3124 

* CVE-2013-3125, CVE-2013-3139 

* CVE-2013-3141, CVE-2013-3142 

Remote Code Execution 

Remote Code Execution 

Mitigations 

1 

* 

• Users would have to be persuaded 

to view a malicious web page 

• Exploitation only gains the same 

user rights as the logged on 

account 

• By default, all supported e-mail 

clients open HTML e-mail 

messages in Restricted sites zone 

• By default, IE on Windows 2003, 

Windows 2008, Windows 2008 R2, 

& Windows 2012 runs in a 

restricted mode 

• By default, script debugging is not 

enabled for CVE-2013-3126 

1 

* 

NA 

NA 

No 

No 

No 

No 

Workarounds 

None 

None 

• Set IE security to High for 

Internet and Intranet zones 

• Configure IE to prompt before 

running ActiveX and Active 

Scripting 

• Do not debug script on 

untrusted webpages or 

webpages that you do not 

control for CVE-2013-3126 

Exploitability Index: 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected | * - Not Rated 

DoS Rating: 

T = Temporary (DoS ends when an attack ceases) | P = Permanent (Administrative action required to recover) 


5

MS13-048 

Vulnerability in 

Windows Kernel 

Could Allow 

Information 

Disclosure 

(2839229) 


Windows XP SP3 

Windows Server 2003 SP2 

Windows Vista SP2 

Windows Server 2008 for 32-bit Systems SP2 

Windows 7 for 32-bit Systems SP1 

Windows 8 for 32-bit Systems 


Severity | Important 

Deployment 

Priority 

3 

Restart 

Requirement 

A restart is 

required 

Update 

Replacement 

MS13-031 

MS13-046 


and / or 

Known Issues 

None 




Panel 


* The Microsoft Baseline Security Analyzer 

(MBSA) tool does not support Windows 8 or 

Windows Server 2012 

Yes Yes Yes * Yes Yes Yes 


6

MS13-048 


Windows Kernel 

Could Allow 

Information 

Disclosure 

(2839229) 


• An information disclosure vulnerability exists when the Kernel improperly handles objects in memory. 

• An attacker with valid logon credentials could log on locally and run a specially crafted application to 

disclose information from kernel addresses. 


CVE-2013-3136 Important Information Disclosure 3 3 P No No None 


• A maliciously crafted application 

Mitigations 

• An attacker must have valid logon 

credentials and be able to log on 

locally to exploit these 

vulnerabilities 

Workarounds 

• Microsoft has not identified 

any workarounds for any of 

these vulnerabilities 

Exploitability Index: 

DoS Rating: 

1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected | * - Not Rated 



7

MS13-049 


Kernel-Mode 

Driver Could 

Allow Denial of 

Service 

(2845690) 


 

 

 

 

 

Windows Vista (All Supported Versions) 

Windows Server 2008 (All Supported 

Versions) 

Windows 7 (All Supported Versions) 

Windows Server 2008 R2 (All Supported 

Versions) 



 

Windows RT 



Deployment 

Priority 

Update 

Replacement 


and / or 

Known Issues 

2 

MS13-018 Yes 3 

Restart 

Requirement 

A restart is 

required 




Panel 





Server 2012 





update 


8

MS13-049 


Kernel-Mode 

Driver Could 

Allow Denial of 

Service 

(2845690) 


• A denial of service vulnerability exists in the way that the Windows TCP/IP driver improperly handles 

packets during a TCP connection. 

• An attacker who successfully exploited this vulnerability could cause the target system to stop responding 

by sending maliciously crafted network packets to the target system. 


CVE-2013-3138 Important Denial of Service 3 3 P No No None 


• Maliciously crafted network 

packets 

Mitigations 

• Firewall best practices and 

standard default firewall 

configurations can help protect 

networks from attacks that 

originate outside the enterprise 

perimeter 

Workarounds 

• Microsoft has not identified 

any workarounds for any of 

these vulnerabilities 


DoS Rating: 




9

MS13-050 


Windows Print 

Spooler 

Components 

Could Allow 

Elevation of 

Privilege 

(2839894) 


 

 

 

 

 



Versions) 


Windows Server 2008 R2 (All Supported 

Versions) 



 

Windows RT 





Deployment 

Priority 

Update 

Replacement 


and / or 

Known Issues 

2 

MS13-001 Yes 3 

Restart 

Requirement 

A restart is 

required 




Panel 



Server 2012 





update 


10

MS13-050 


Windows Print 

Spooler 

Components 

Could Allow 

Elevation of 

Privilege 

(2839894) 


• An elevation of privilege vulnerability exists in the way that Microsoft Windows Print Spooler handles 

memory when a printer is deleted. 

• The vulnerability could allow an attacker with valid logon credentials to log on locally and run arbitrary 

code in the context of the local system and take complete control of an affected system by deleting a 

printer connection 


CVE-2013-1339 Important Elevation of Privilege 1 1 P No None None 


• A maliciously crafted application 

Mitigations 

• An attacker must have valid logon 

credentials and be able to log on 

locally to exploit these 

vulnerabilities 

Workarounds 

• Disable the Print Spooler 

service 


DoS Rating: 




11

MS13-051 


Microsoft Office 

Could Allow 

Remote Code 

Execution 

(2839571) 


Office 2003 SP3 

Office for Mac 2011 



Deployment 

Priority 

1 

Restart 

Requirement 

A restart is not 

required 

Update 

Replacement 

MS11-073 

MS13-026 


and / or 

Known Issues 

None 




Panel 

WU 

No 

MU 

Yes * MBSA 

Yes * WSUS 

Yes * ITMU 

Yes * SCCM 

Yes * 

* Microsoft does not offer any detection and 

deployment tools for applications designed to run 

on Macintosh, but the applications feature a built 

in automatic updating component 


12

MS13-051 


Microsoft Office 

Could Allow 

Remote Code 

Execution 

(2839571) 


• A remote code execution vulnerability exists in the way that Microsoft Office parses specially crafted Office 

files. 

• This vulnerability could allow an attacker to take complete control of an affected system if they can 

convince a user to open a specially crafted office file. 


CVE-2013-1331 Important Remote Code Execution NA 1 NA No Yes * None 


• A maliciously crafted Office file 

• Common delivery mechanisms: 

a maliciously crafted Web page, 

an e-mail attachment, an instant 

message, a peer-to-peer file 

share, a network share, and/or a 

USB thumb drive 

* Microsoft is aware of limited 

targeted attacks against this 

vulnerability 

Mitigations 

• Users would have to be persuaded 

to visit a malicious web site 

• Exploitation only gains the same 

user rights as the logged on 

account 

Workarounds 

• Do not open or save Office 

files that you receive from 

untrusted sources or that you 

receive unexpectedly from 

trusted sources 

• For Office for Mac 2011, 

disassociate binary Office file 

formats from Office for Mac in 

OS X's LaunchServices 

database 


DoS Rating: 




13

Security Advisory 

(2854544) 

Update to Improve 

Cryptography and 

Digital Certificate 

Handling in 

Windows 


 

 

 

 

 



Versions) 


Windows Server 2008 R2 (All 

Supported Versions) 



 

Windows RT 

This update as part of ongoing 

efforts to improve cryptography and 

digital certificate handling in 

Windows. 

Updates will bolster the Windows 

cryptography and certificate handling 

infrastructure in response to an evolving 

threat environment. 

Microsoft will announce additional 

updates via this advisory. 

Executive Summary: 

Microsoft is releasing an update (2813430) that 

builds on the expanded Certificate Trust List (CTL) 

functionality provided in update (2677070), which 

gave enterprises more options for managing their 

private PKI environments. 

This update allows admins to: 

• Configure domain-joined computers to use the 

auto update mechanism (for both trusted and 

disallowed CTLs) without having access to WU. 

• Configure domain-joined computers to opt in 

(for both trusted and disallowed CTLs) to auto 

update independently. 

• Examine the set of roots in Microsoft root 

programs and to choose a subset of them for 

distribution via Group Policy. 


14


Advisory 

Rerelease 

Security Advisory (2755801) 

Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 

Windows 8 for 32-bit and 64-bit Systems 


Windows RT 

Reason for rerelease: 

 

The update addresses the vulnerabilities 

described in Adobe Security bulletin 

APSB13-16 

For more information about this 

update, including download links, 

see KB Article 2847928 


15

June 2013 

Manageability 

Tools 

Reference 

Bulletin 

Windows 

Update 

Microsoft 

Update 

MBSA WSUS SMS ITMU SCCM 

MS13-047 Yes Yes Yes 1 | 2 Yes 2 Yes 2 Yes 2 

MS13-048 Yes Yes Yes 1 Yes Yes Yes 



MS13-051 No Yes 3 Yes 3 Yes 3 Yes 3 Yes 3 

1. The MBSA does not support detection on systems running Windows 8 or Windows Server 2012 

2. Windows RT devices can only be serviced with Windows and Microsoft Update and the Microsoft Store 

3. Microsoft does not offer any detection and/or deployment tools for products that run on Mac 

GBS Security Worldwide Programs

Microsoft 

Support 

Lifecycle 

Lifecycle Changes 

There are no product families and/or service 

pack levels that scheduled to have their 

support lifecycle expire on June 11 th 2013 

Remember that support for the entire Windows XP product 

family will expire on 4/8/2014 

http://support.microsoft.com/lifecycle 


17

June 2013 



Summary 

Bulletin Description Severity Priority 

MS13-047 Cumulative Security Update for Internet Explorer Critical 1 

MS13-048 Vulnerability in Windows Kernel Could Allow Information Disclosure Important 3 

MS13-049 Vulnerability in Kernel-Mode Driver Could Allow Denial of Service Important 2 

MS13-050 

Vulnerability in Windows Print Spooler Components Could Allow 

Elevation of Privilege 

Important 2 

MS13-051 Vulnerability in Microsoft Office Could Allow Remote Code Execution Important 1 


TechNet 

Public 

Webcast 

TechNet Webcast 

• Microsoft will host a public webcast to address 

customer questions on these bulletins: 

Information About Microsoft's Security Bulletins 

Wednesday, June 12, 2013 11:00 AM Pacific Time (US & Canada) 

You can register for the webcast here: 

• http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032538733 


19

Appendix 


20

Malicious 

Software 

Removal Tool 

Updates 

New malware families 

added to the June 2013 

MSRT 

Win32/Tupym 

Additional Tools 

Microsoft Safety Scanner 

• Same basic engine as the MSRT, but 

with a full set of A/V signatures 

Windows Defender Offline 

• An offline bootable A/V tool with a 

full set of signatures 

• Designed to remove rootkits and 

other advanced malware that can't 

always be detected by antimalware 

programs 

• Requires you to download an ISO file 

and burn a CD, DVD, or USB flash 

drive 


21

Public 



Links 

Monthly Bulletin Links 

• Microsoft Security Bulletin Summary for June 2013 

http://technet.microsoft.com/en-us/security/bulletin/ms13-jun 

• Security Bulletin Search 

http://technet.microsoft.com/en-us/security/bulletin 

• Security Advisories 

http://technet.microsoft.com/en-us/security/advisory 

• Microsoft Technical Security Notifications 

http://technet.microsoft.com/en-us/security/dd252948.aspx 

Blogs 

• MSRC Blog 

http://blogs.technet.com/msrc 

• SRD Team Blog 

http://blogs.technet.com/srd 

• MMPC Team Blog 

http://blogs.technet.com/mmpc 

• MSRC Ecosystem Team Blog 

http://blogs.technet.com/ecostrat 

Supplemental Security Reference Articles 

• Detailed Bulletin Information Spreadsheet 

http://go.microsoft.com/fwlink/?LinkID=245778 

• Security Tools for IT Pros 

http://technet.microsoft.com/en-us/security/cc297183 

• KB894199 Description of Software Update Services and Windows Server Update Services changes 

in content 

http://support.microsoft.com/kb/894199 

• The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent 

malicious software 

http://support.microsoft.com/kb/890830 


6/13/2013 22

June 2013 

Non- Security 

Content 

(Windows) 

Description Classification Deployment 

Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, 

Server 2008 x86 (KB2836939) 

Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Server 2003, Vista 

and Server 2008 x86 (KB2836940) 

Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and 

Windows XP x86 (KB2836941) 

Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2836942) 

Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2836943 

Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2008 SP2 x86 

(KB2836945) 

Update for Microsoft .NET Framework 3.5 on Windows 8 x86 (KB2836947) 

Update for Windows 8 (KB2808679) 

Update 

(Recommended) 

Update 

(Recommended) 

Update 

(Recommended) 

Update 

(Recommended) 

Update 

(Recommended) 

Update 

(Recommended) 

Update 

(Recommended) 

Update 

(Recommended) 

Site, AU, SUS, Catalog 








Update for Windows 8 (KB2821895) Critical Update Site, AU, SUS, Catalog 





Update 

(Recommended) 

Update 

(Recommended) 

Update 

(Recommended) 

Update 

(Recommended) 





Update for Windows 8 (KB2845533) Critical Update Site, AU, SUS, Catalog 


Update 

(Optional) 

Site, SUS, Catalog 

Windows Malicious Software Removal Tool - June 2013 (KB890830) Update Rollup Site, AU, SUS, Catalog 


June 2013 

Non- Security 

Content 

(Office) 

Description Classification Deployment 

Update for Microsoft Office 2013 (KB2760538) Critical Update Site, AU, SUS, Catalog 

Update for Microsoft Office 2013 (KB2760610) Critical Update Site, Catalog 


Update for Microsoft Office 2013 (KB2810017) Critical Update Site, AU 


Update for Microsoft Office 2013 (KB2817320 Critical Update Site, AU, SUS, Catalog 

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) Critical Update Site, AU, SUS, Catalog 

Update for Microsoft Outlook 2013 (KB2817313) Critical Update Site, AU, SUS, Catalog 

Update for Microsoft SkyDrive Pro (KB2767865) Critical Update Site, AU, SUS, Catalog 

Update for Microsoft Word 2013 (KB2810086) Critical Update Site, AU, SUS, Catalog 

Update for Microsoft Word 2013 (KB2817308) Critical Update Site, AU, SUS, Catalog 

Update for Outlook 2003 Junk E-mail Filter (KB2817473) Critical Update Site, AU, SUS, Catalog 

Update for Microsoft Security Essentials Prerelease (KB2855252) Critical Update Site, AU 

Update Rollup for Lync 2010 Attendee - Administrator level installation (KB2853846) Update Rollup Site, AU, SUS, Catalog

Monthly Security Bulletin Briefing - TechNet Blogs

Create successful ePaper yourself

Delete template?

Save as template?