Microsoft security alert.
February 12, 2013
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 57 vulnerabilities that were fixed in 12 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 12 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Internet Explorer Remote Code Execution Vulnerability (MS13-009)
- Severity
- Urgent 5
- Qualys ID
- 100136
- Vendor Reference
- MS13-009
- CVE Reference
- CVE-2013-0015, CVE-2013-0018, CVE-2013-0019, CVE-2013-0020, CVE-2013-0021, CVE-2013-0022, CVE-2013-0023, CVE-2013-0024, CVE-2013-0025, CVE-2013-0026, CVE-2013-0027, CVE-2013-0028, CVE-2013-0029
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
Internet Explorer is a graphical web browser developed by Microsoft and included as part of the Microsoft Windows operating systems.
Microsoft Internet Explorer is prone to a remote code execution vulnerability caused by the way Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Microsoft has released a security update that addresses the vulnerability by modifying the way that Internet Explorer handles objects in memory.
This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8, Internet Explorer 9, and Internet Explorer 10 on Windows servers.
Windows Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
February 2013 Security Updates Are on MyOEM and ECE for XPe SP3 and Standard 2009 (KB2792100)
- Consequence
-
The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operates with administrative user rights.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:
Windows XP Service Pack 3 (Internet Explorer 6)
Windows XP Professional x64 Edition Service Pack 2 (Internet Explorer 6)
Windows Server 2003 Service Pack 2 (Internet Explorer 6)
Windows Server 2003 x64 Edition Service Pack 2 (Internet Explorer 6)
Windows Server 2003 with SP2 for Itanium-based Systems (Internet Explorer 6)
Windows XP Service Pack 3 (Internet Explorer 7)
Windows XP Professional x64 Edition Service Pack 2 (Internet Explorer 7)
Windows Server 2003 Service Pack 2 (Internet Explorer 7)
Windows Server 2003 x64 Edition Service Pack 2 (Internet Explorer 7)
Windows Server 2003 with SP2 for Itanium-based Systems (Internet Explorer 7)
Windows Vista Service Pack 2 (Internet Explorer 7)
For a complete list of patch download links, please refer to Microsoft Security Bulletin MS13-009.
Workaround:
1. Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
2. Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone
-
Microsoft Vector Markup Language Remote Code Execution Vulnerability (MS13-010)
- Severity
- Urgent 5
- Qualys ID
- 100137
- Vendor Reference
- MS13-010
- CVE Reference
- CVE-2013-0030
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
A remote code execution vulnerability exists in the way Internet Explorer handles objects in memory.
When VML buffers are allocated, specially crafted data may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. (CVE-2013-0030)
Affected Software:
Internet Explorer 6:
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Internet Explorer 7:
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Internet Explorer 8:
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Internet Explorer 9:
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Internet Explorer 10:
Windows 8 for 32-bit Systems
Windows 8 for 64-bit Systems
Windows Server 2012
Windows RT - Consequence
- An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take complete control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows XP Service Pack 3 (Internet Explorer 6)
Windows XP Professional x64 Edition Service Pack 2 (Internet Explorer 6)
Windows Server 2003 Service Pack 2 (Internet Explorer 6)
Windows Server 2003 x64 Edition Service Pack 2 (Internet Explorer 6)
Windows Server 2003 with SP2 for Itanium-based Systems (Internet Explorer 6)
Windows XP Service Pack 3 (Internet Explorer 7)
Windows XP Professional x64 Edition Service Pack 2 (Internet Explorer 7)
Windows Server 2003 Service Pack 2 (Internet Explorer 7)
Windows Server 2003 x64 Edition Service Pack 2 (Internet Explorer 7)
Windows Server 2003 with SP2 for Itanium-based Systems (Internet Explorer 7)
Windows Vista Service Pack 2 (Internet Explorer 7)
Windows Vista x64 Edition Service Pack 2 (Internet Explorer 7)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Internet Explorer 7)
Windows Server 2008 for x64-based Systems Service Pack 2 (Internet Explorer 7)
Windows Server 2008 for Itanium-based Systems Service Pack 2 (Internet Explorer 7)
Windows XP Service Pack 3 (Internet Explorer 8)
Windows XP Professional x64 Edition Service Pack 2 (Internet Explorer 8)
Windows Server 2003 Service Pack 2 (Internet Explorer 8)
For a complete list of patch download links, please refer to Microsoft Security Bulletin MS13-010.
-
Microsoft Windows Media Decompression Remote Code Execution Vulnerability (MS13-011)
- Severity
- Urgent 5
- Qualys ID
- 90860
- Vendor Reference
- MS13-011
- CVE Reference
- CVE-2013-0077
- CVSS Scores
- Base 9.3 / Temporal 7.3
- Description
-
Microsoft DirectShow is used for streaming media on Microsoft Windows operating systems. Microsoft DirectX is a feature of the Windows operating system used for streaming media to enable graphics and sound when playing games or watching video.
A vulnerability exists when Microsoft DirectShow fails to handle specially crafted media content.
Microsoft has released a security update that addresses the vulnerability by correcting the way DirectShow handles specially crafted media content.
This security update is rated Critical for all supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
Windows Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
February 2013 Security Updates Are on MyOEM and ECE for XPe SP3 and Standard 2009 (KB2780091)
- Consequence
- Exploitation could lead to remote code execution.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows XP Service Pack 3 (Quartz.dll (DirectShow))
Windows XP Professional x64 Edition Service Pack 2 (Quartz.dll (DirectShow))
Windows Server 2003 Service Pack 2 (Quartz.dll (DirectShow))
Windows Server 2003 x64 Edition Service Pack 2 (Quartz.dll (DirectShow))
Windows Server 2003 with SP2 for Itanium-based Systems (Quartz.dll (DirectShow))
Windows Vista Service Pack 2 (Quartz.dll (DirectShow))
Windows Vista x64 Edition Service Pack 2 (Quartz.dll (DirectShow))
Windows Server 2008 for 32-bit Systems Service Pack 2 (Quartz.dll (DirectShow))
Windows Server 2008 for x64-based Systems Service Pack 2 (Quartz.dll (DirectShow))
Windows Server 2008 for Itanium-based Systems Service Pack 2 (Quartz.dll (DirectShow))
Refer to Microsoft Security Bulletin MS13-011 for further details.
Workaround:
1) Modify the Access Control List (ACL) on quartz.dllImpact of workaround #1 - Windows Media Player will not be able to play .avi or .wav files.
2) Unregister quartz.dll
Impact of workaround #2: Windows Media Player will not be able to play .avi or .wav files.
-
Microsoft Exchange Server Remote Code Execution Vulnerability (MS13-012)
- Severity
- Critical 4
- Qualys ID
- 74264
- Vendor Reference
- MS13-012
- CVE Reference
- CVE-2013-0393, CVE-2013-0418
- CVSS Scores
- Base 6.8 / Temporal 5.3
- Description
-
Microsoft Exchange Server is a messaging and collaborative software product that provides support for email, calendaring, contacts and tasks, mobile and Web-based access to information, and data storage.
This security update resolves publicly disclosed vulnerabilities and one privately reported vulnerability in Microsoft Exchange Server. The most severe vulnerabilities are in Microsoft Exchange Server WebReady Document Viewing and could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA).
Two vulnerabilities exist in Microsoft Exchange Server through the WebReady Document Viewing feature. The WebReady service parses files using the Oracle Outside In libraries in order to provide a preview of the document in the browser. The vulnerabilities are caused when WebReady Document Viewer is used to preview a specially crafted file.
This security update is rated Critical for Microsoft Exchange Server 2007 Service Pack 3, and Microsoft Exchange Server 2010 Service Pack 2.
- Consequence
- An attacker could send an email message containing a specially crafted file to a user on an affected version of Exchange. The vulnerabilities could be exploited when the user previews the specially crafted file in the browser.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft Exchange Server 2007 Service Pack 3
Microsoft Exchange Server 2010 Service Pack 2
Refer to Microsoft Security Bulletin MS13-012 for further details.
Workaround:
1. Disable WebReady document view
Log in to the Exchange Management Shell as an Exchange Organization Administrator.
Issue the following PowerShell command:
Get-OwaVirtualDirectory | where {$_.OwaVersion -eq 'Exchange2007' -or $_.OwaVersion -eq 'Exchange2010'} | Set-OwaVirtualDirectory -WebReadyDocumentViewingOnPublicComputersEnabled:$False -WebReadyDocumentViewingOnPrivateComputersEnabled:$FalseImpact of workaround. OWA users may not be able to preview the content of email attachments.
-
Microsoft FAST Search Server 2010 for SharePoint Remote Code Execution Vulnerability (MS13-013)
- Severity
- Critical 4
- Qualys ID
- 90863
- Vendor Reference
- MS13-013
- CVE Reference
- CVE-2012-3214, CVE-2012-3217
- CVSS Scores
- Base 2.1 / Temporal 1.6
- Description
-
Advanced Filter Pack is a FAST Search Server 2010 for SharePoint feature that enables text and metadata extraction from several hundred file formats, complementing the document formats that are supported by the Microsoft Filter Pack.
Remote code execution vulnerabilities exist in FAST Search Server 2010 for SharePoint with the Advanced Filter Pack enabled. The vulnerabilities exist in the way that the Oracle Outside In libraries, used by the Advanced Filter Pack, parse specially crafted files.
By default, Advanced Filter Pack in FAST is disabled.
Microsoft has released a security update that addresses the vulnerabilities by updating the affected Oracle Outside In libraries to a non-vulnerable version.
This security update is rated Important for supported editions of FAST Search Server 2010 for SharePoint.
- Consequence
- An attacker who successfully exploited these vulnerabilities could run arbitrary code in the context of a user account with a restricted token.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Microsoft FAST Search Server 2010 for SharePoint Service Pack 1
Refer to Microsoft Security Bulletin MS13-013 for further details.
Workaround:
1) Disable the Advanced Filter Pack for FAST Search Server 2010 for SharePoint
-
Microsoft NFS Server Denial of Service Vulnerability (MS13-014)
- Severity
- Serious 3
- Qualys ID
- 90861
- Vendor Reference
- MS13-014
- CVE Reference
- CVE-2013-1281
- CVSS Scores
- Base 7.1 / Temporal 5.6
- Description
-
Network File System (NFS) is an industry standard protocol, defined in RFC 1094, that provides transparent remote access to shared files across networks.
A denial of service vulnerability exists when the Windows NFS server fails to properly handle a file operation on a read-only share. (CVE-2013-1281)
Affected Software:
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2012 (Server Core installation) - Consequence
- An attacker who exploited this vulnerability could cause the affected system to stop responding and restart.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Refer to Microsoft Security Bulletin MS13-014 for further details.
-
Microsoft .Net Framework Elevation of Privilege Vulnerability (MS13-015)
- Severity
- Critical 4
- Qualys ID
- 90868
- Vendor Reference
- MS13-015
- CVE Reference
- CVE-2013-0073
- CVSS Scores
- Base 10 / Temporal 7.4
- Description
-
The Microsoft .NET Framework is a software framework for computers running Microsoft Windows operating systems.
An elevation of privilege vulnerability exists in the way that the .NET Framework elevates the permissions of a callback function when a particular Windows Forms object is created (CVE-2013-0073).
This security update is rated Important for Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4, and Microsoft .NET Framework 4.5 on affected editions of Microsoft Windows.
Windows Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
February 2013 Security Updates Are on MyOEM and ECE for XPe SP3 and Standard 2009
- Consequence
- Successfully exploiting this vulnerability might allow an attacker to gain escalated privileges
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows XP Service Pack 3 (Microsoft .NET Framework 2.0 Service Pack 2)
Windows XP Service Pack 3 (Microsoft .NET Framework 4)
Windows XP Professional x64 Edition Service Pack 2 (Microsoft .NET Framework 2.0 Service Pack 2)
Windows XP Professional x64 Edition Service Pack 2 (Microsoft .NET Framework 4)
Windows Server 2003 Service Pack 2 (Microsoft .NET Framework 2.0 Service Pack 2)
Windows Server 2003 Service Pack 2 (Microsoft .NET Framework 4)
Windows Server 2003 x64 Edition Service Pack 2 (Microsoft .NET Framework 2.0 Service Pack 2)
Windows Server 2003 x64 Edition Service Pack 2 (Microsoft .NET Framework 4)
Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft .NET Framework 2.0 Service Pack 2)
Windows Server 2003 with SP2 for Itanium-based Systems (Microsoft .NET Framework 4)
Windows Vista Service Pack 2 (Microsoft .NET Framework 2.0 Service Pack 2)
Windows Vista Service Pack 2 (Microsoft .NET Framework 4)
Windows Vista Service Pack 2 (Microsoft .NET Framework 4.5)
Windows Vista x64 Edition Service Pack 2 (Microsoft .NET Framework 2.0 Service Pack 2)
Windows Vista x64 Edition Service Pack 2 (Microsoft .NET Framework 4)
Windows Vista x64 Edition Service Pack 2 (Microsoft .NET Framework 4.5)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Microsoft .NET Framework 2.0 Service Pack 2)
For a complete list of patch download links, please refer to Microsoft Security Bulletin MS13-015.
-
Microsoft Windows Kernel-Mode Driver Elevation of Privilege Vulnerability (MS13-016)
- Severity
- Critical 4
- Qualys ID
- 90867
- Vendor Reference
- MS13-016
- CVE Reference
- CVE-2013-1248, CVE-2013-1249, CVE-2013-1250, CVE-2013-1251, CVE-2013-1252, CVE-2013-1253, CVE-2013-1254, CVE-2013-1255, CVE-2013-1256, CVE-2013-1257, CVE-2013-1258, CVE-2013-1259, CVE-2013-1260, CVE-2013-1261, CVE-2013-1262, CVE-2013-1263, CVE-2013-1264, CVE-2013-1265, CVE-2013-1266, CVE-2013-1267, CVE-2013-1268, CVE-2013-1269, CVE-2013-1270, CVE-2013-1271, CVE-2013-1272, CVE-2013-1273, CVE-2013-1274, CVE-2013-1275, CVE-2013-1276, CVE-2013-1277
- CVSS Scores
- Base 4.9 / Temporal 3.6
- Description
-
The Win32k.sys is a kernel-mode device driver and is the kernel part of the Windows subsystem.
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver improperly handles objects in memory.
The security update addresses the vulnerabilities by correcting the way that the Windows kernel-mode driver handles objects in memory.
This security update is rated Important for all supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT.
Windows Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
February 2013 Security Updates Are on MyOEM and ECE for XPe SP3 and Standard 2009 (KB2778344)
- Consequence
- Successfully exploiting these security vulnerabilities could allow an attacker to gain elevated privileges and read arbitrary amounts of kernel memory.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
For a complete list of patch download links, please refer to Microsoft Security Bulletin MS13-016.
-
Microsoft Windows Kernel Multiple Elevation of Privilege Vulnerabilities (MS13-017)
- Severity
- Critical 4
- Qualys ID
- 90862
- Vendor Reference
- MS13-017
- CVE Reference
- CVE-2013-1278, CVE-2013-1279, CVE-2013-1280
- CVSS Scores
- Base 7.2 / Temporal 5.3
- Description
-
The Windows kernel is the core of the operating system. The kernel provides system-level services such as device management and memory management, allocates processor time to processes and manages error handling.
Windows kernel is prone to multiple elevation of privilege vulnerabilities because it improperly handles objects in memory (CVE-2013-1278,CVE-2013-1279,CVE-2013-1280).
This security update is rated Important for all supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT.
Windows Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
February 2013 Security Updates Are on MyOEM and ECE for XPe SP3 and Standard 2009
- Consequence
- Successfully exploiting these vulnerabilities might allow a local user to gain escalated privileges
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
For a complete list of patch download links, please refer to Microsoft Security Bulletin MS13-017.
-
Microsoft Windows TCP/IP Denial of Service Vulnerability (MS13-018)
- Severity
- Serious 3
- Qualys ID
- 90866
- Vendor Reference
- MS13-018
- CVE Reference
- CVE-2013-0075
- CVSS Scores
- Base 7.8 / Temporal 6.1
- Description
-
TCP/IP is a set of networking protocols that are widely used on the Internet.
A denial of service vulnerability exists in the Windows TCP/IP stack that could cause the target system to stop responding and automatically restart.
The vulnerability occurs when the TCP/IP stack improperly handles a connection termination sequence.This security update is rated Important for all supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows 2012 and Windows RT.
- Consequence
- An attacker who successfully exploited this vulnerability could cause the target system to stop responding and automatically restart.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
For a complete list of patch download links, please refer to Microsoft Security Bulletin MS13-018.
-
Microsoft Windows Client-Server Runtime Subsystem Elevation of Privilege Vulnerability (MS13-019)
- Severity
- Urgent 5
- Qualys ID
- 90865
- Vendor Reference
- MS13-019
- CVE Reference
- CVE-2013-0076
- CVSS Scores
- Base 7.2 / Temporal 5.3
- Description
-
The Windows Client/Server Runtime Subsystem (CSRSS) is the user-mode portion of the Win32 subsystem (Win32.sys is the kernel-mode portion). It is responsible for handling console windows, creating and/or deleting threads. It is an essential subsystem that must be running at all times.
An elevation of privilege vulnerability exists when the Windows CSRSS improperly handles objects in memory. (CVE-2013-0076)
Affected Software:
Windows 7 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) - Consequence
- An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the local system. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Refer to Microsoft Security Bulletin MS13-019 for further details.
-
Microsoft OLE Automation Remote Code Execution Vulnerability (MS13-020)
- Severity
- Urgent 5
- Qualys ID
- 90864
- Vendor Reference
- MS13-020
- CVE Reference
- CVE-2013-1313
- CVSS Scores
- Base 9.3 / Temporal 6.9
- Description
-
Microsoft Object Linking and Embedding (OLE) Automation is a Windows protocol that allows an application to share data with or to control another application.
A remote code execution vulnerability is caused by the way OLE Automation parses a specially crafted file.
The security update addresses the vulnerability by correcting the way in which OLE Automation parses files.This security update is rated Critical for Windows XP Service Pack 3.
Windows Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
February 2013 Security Updates Are on MyOEM and ECE for XPe SP3 and Standard 2009 (KB2802968)
- Consequence
-
An attacker who successfully exploited this vulnerability could take complete control of an affected system remotely.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. - Solution
-
Patch:
Following are links for downloading patches to fix the vulnerabilities:Refer to Microsoft Security Bulletin MS13-020 for further details.
These new vulnerability checks are included in Qualys vulnerability signature 2.2.356-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 100136
- 100137
- 90860
- 74264
- 90863
- 90861
- 90868
- 90867
- 90862
- 90866
- 90865
- 90864
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.