Monthly Security Bulletin Briefing - TechNet Blogs

More documents

Recommendations

Info

MS13-050 Vulnerability in Windows Print Spooler Components Could Allow Elevation of Privilege (2839894) Affected Software: Windows Vista (All Supported Versions) Windows Server 2008 (All Supported Versions) Windows 7 (All Supported Versions) Windows Server 2008 R2 (All Supported Versions) Windows 8 (All Supported Versions) Windows Server 2012 Windows RT Detection and Deployment WU MU MBSA WSUS ITMU SCCM Yes Yes Yes 1 | 2 Yes 2 Yes 2 Yes 2 Severity | Important Deployment Priority Update Replacement More Information and / or Known Issues 2 MS13-001 Yes 3 Restart Requirement A restart is required Uninstall Support Use Add or Remove Programs in Control Panel 1. The Microsoft Baseline Security Analyzer (MBSA) tool does not support Windows 8 or Windows Server 2012 2. Windows RT devices can only be serviced with Windows and Microsoft Update 3. Windows RT devices require update 2808380 to be installed before WU will offer this security update GBS Security Worldwide Programs 10
MS13-050 Vulnerability in Windows Print Spooler Components Could Allow Elevation of Privilege (2839894) Vulnerability Details: • An elevation of privilege vulnerability exists in the way that Microsoft Windows Print Spooler handles memory when a printer is deleted. • The vulnerability could allow an attacker with valid logon credentials to log on locally and run arbitrary code in the context of the local system and take complete control of an affected system by deleting a printer connection CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory CVE-2013-1339 Important Elevation of Privilege 1 1 P No None None Attack Vectors • A maliciously crafted application Mitigations • An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities Workarounds • Disable the Print Spooler service Exploitability Index: DoS Rating: 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected | * - Not Rated T = Temporary (DoS ends when an attack ceases) | P = Permanent (Administrative action required to recover) GBS Security Worldwide Programs 11
Page 1 and 2: Monthly Security Bulletin Briefing
Page 3 and 4: June 2013 Security Bulletins Bullet
Page 5 and 6: MS13-047 Cumulative Security Update
Page 7 and 8: MS13-048 Vulnerability in Windows K
Page 9: MS13-049 Vulnerability in Kernel-Mo
Page 13 and 14: MS13-051 Vulnerability in Microsoft
Page 15 and 16: Security Advisory Rerelease Securit
Page 17 and 18: Microsoft Support Lifecycle Lifecyc
Page 19 and 20: TechNet Public Webcast TechNet Webc
Page 21 and 22: Malicious Software Removal Tool Upd
Page 23 and 24: June 2013 Non- Security Content (Wi

Monthly Security Bulletin Briefing - TechNet Blogs

Create successful ePaper yourself

Delete template?

Save as template?