http://technet.microsoft.com/security/bulletinWed, 15 May 2013 08:00:00 GMTumbracoMicrosoft Security Content: Comprehensive Editionen-UShttp://technet.microsoft.com/en-us/security/bulletin/ms13-0452013-05-15T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-045 Revision Note: V1.1 (May 15, 2013): Corrected link to the download location in the Detection and Deployment Tools and Guidance section. This is an informational change only.
Summary: This security update resolves a privately reported vulnerability in Windows Writer. The vulnerability could allow information disclosure if a user opens Writer using a specially crafted URL. An attacker who successfully exploited the vulnerability could override Windows Writer proxy settings and overwrite files accessible to the user on the target system. In a web-based attack scenario, a website could contain a specially crafted link that is used to exploit this vulnerability. An attacker would have to convince users to visit the website and open the specially crafted link.]]>http://technet.microsoft.com/en-us/security/advisory/28463382013-05-14T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/advisory/2846338 Summary: Microsoft is releasing this security advisory to help ensure customers are aware that an update to the Microsoft Malware Protection Engine also addresses a security vulnerability reported to Microsoft. The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take complete control of the system.]]>http://technet.microsoft.com/en-us/security/advisory/28201972013-05-14T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/advisory/2820197 Summary: Microsoft is releasing a new set of ActiveX kill bits with this advisory.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0462013-05-14T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-046 Revision Note: V1.0 (May 14, 2013): Bulletin published.
Summary: This security update resolves three reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs onto the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0442013-05-14T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-044 Revision Note: V1.0 (May 14, 2013): Bulletin published
Summary: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow information disclosure if a user opens a specially crafted Visio file. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise an affected system.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0432013-05-14T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-043 Revision Note: V1.0 (May 14, 2013): Bulletin published.
Summary: This security update resolves one privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted file or previews a specially crafted email message in an affected version of Microsoft Office software. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0422013-05-14T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-042 Revision Note: V1.0 (May 14, 2013): Bulletin published.
Summary: This security update resolves eleven privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user open a specially crafted Publisher file with an affected version of Microsoft Publisher. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0412013-05-14T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-041 Revision Note: V1.0 (May 14, 2013): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Lync. The vulnerability could allow remote code execution if an attacker shares a specially crafted program in a Lync or Communicator session and convinces a user to accept an invitation to launch the program content. In all cases, an attacker would have no way to force users to view or share the attacker-controlled file or program. Instead, an attacker would have to convince users to take action, typically by getting them to accept an invitation in Lync or Communicator to view or share the presentable content.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0402013-05-14T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-040 Revision Note: V1.0 (May 14, 2013): Bulletin published.
Summary: This security update resolves one privately reported vulnerability and one publicly disclosed vulnerability in the .NET Framework. The more severe of the vulnerabilities could allow spoofing if a .NET application receives a specially crafted XML file. An attacker who successfully exploited the vulnerabilities could modify the contents of an XML file without invalidating the file's signature and could gain access to endpoint functions as if they were an authenticated user.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0392013-05-14T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-039 Revision Note: (May 14, 2013): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sends a specially crafted HTTP packet to an affected Windows server or client.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0382013-05-14T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-038 Revision Note: V1.0 (May 14, 2013): Bulletin published.
Summary: This security update resolves one publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0372013-05-14T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-037 Revision Note: V1.0 (May 14, 2013): Bulletin published.
Summary: This security update resolves eleven privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-may2013-05-14T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-may Summary: This bulletin summary lists security bulletins released for May 2013.]]>http://technet.microsoft.com/en-us/security/advisory/28471402013-05-14T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/advisory/2847140 Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS13-038 to address this issue. For more information about this issue, including download links for an available security update, please review MS13-038. The vulnerability addressed is the Internet Explorer Use After Free Vulnerability - CVE-2013-1347.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0092013-05-14T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-009 Revision Note: V1.2 (May 14, 2013): Revised this bulletin to announce a detection change to correct an offering issue for Windows Server 2012 (Server Core installation). This is a detection change only. There were no changes to the security update files. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves thirteen privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.]]>http://technet.microsoft.com/en-us/security/advisory/27558012013-05-14T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/advisory/2755801 Summary: Microsoft is aware of vulnerabilities in Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows 8, Windows Server 2012, and Windows RT. Microsoft provides updates that address the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10.]]>http://technet.microsoft.com/en-us/security/bulletin/ms12-0432013-04-26T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms12-043 Revision Note: V4.2 (April 26, 2013): Corrected update replacement. This is an informational change only. There were no changes to the security update files or detection logic.
Summary: This security update resolves a publicly disclosed vulnerability in Microsoft XML Core Services. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0362013-04-24T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-036 Revision Note: V3.1 (April 24, 2013): Corrected KB article hyperlink and incorrect KB numbers for Windows 7 for x64-based Systems and Windows Server 2008 R2 for Itanium-based Systems in the Affected Software table. These are bulletin changes only.
Summary: This security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0312013-04-24T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-031 Revision Note: V1.1 (April 24, 2013): Corrected update replacement. This is an informational change only. There were no changes to the security update files or detection logic.
Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0282013-04-24T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-028 Revision Note: V1.1 (April 24, 2013): Added CVE-2013-1338 as a vulnerability addressed by this update. In addition, corrected update replacement and clarified why this update replaces MS13-010. These are informational changes only.
Summary: This security update resolves two privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-apr2013-04-24T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-apr Summary: This bulletin summary lists security bulletins released for April 2013.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0342013-04-16T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-034 Revision Note: V1.1 (April 16, 2013): Bulletin revised to announce a detection change in the 2781197 package to correct a reoffering issue. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves a privately reported vulnerability in the Microsoft Antimalware Client. The vulnerability could allow elevation of privilege due to the pathnames used by the Microsoft Antimalware Client. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0292013-04-10T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-029 Revision Note: V1.1 (April 10, 2013): Corrected the version number for Remote Desktop Connection Client on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 from 7.0 to 7.1. This is an informational change only. There were no changes to security update files.
Summary: This security update resolves a privately reported vulnerability in Windows Remote Desktop Client. The vulnerability could allow remote code execution if a user views a specially crafted webpage. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0352013-04-09T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-035 Revision Note: V1.0 (April 9, 2013): Bulletin published.
Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Office. The vulnerability could allow elevation of privilege if an attacker sends specially crafted content to a user.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0332013-04-09T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-033 Revision Note: V1.0 (April 9, 2013): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in all supported editions of Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0322013-04-09T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-032 Revision Note: V1.0 (April 9, 2013): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Active Directory. The vulnerability could allow denial of service if an attacker sends a specially crafted query to the Lightweight Directory Access Protocol (LDAP) service.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0302013-04-09T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-030 Revision Note: V1.0 (April 9, 2013): Bulletin published.
Summary: This security update resolves a publicly disclosed vulnerability in Microsoft SharePoint and Microsoft SharePoint Foundation. The vulnerability could allow information disclosure if an attacker determined the address or location of a specific SharePoint list and gained access to the SharePoint site where the list is maintained. The attacker would need to be able to satisfy the SharePoint site's authentication requests to exploit this vulnerability.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0222013-04-03T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-022 Revision Note: V1.2 (April 3, 2013): Updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes" and clarified that installing the update will upgrade previous versions of Silverlight to Silverlight version 5.1.20125.0.
Summary: This security update resolves a privately reported vulnerability in Microsoft Silverlight. The vulnerability could allow remote code execution if an attacker hosts a website that contains a specially crafted Silverlight application that could exploit this vulnerability and then convinces a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. Such websites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit a website. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or in an Instant Messenger message that takes them to the attacker's website. It could also be possible to display specially crafted web content by using banner advertisements or by using other methods to deliver web content to affected systems.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0072013-04-03T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-007 Revision Note: V1.1 (April 3, 2013): Added a mitigation to CVE-2013-0005 for systems running Windows Server 2012.
Summary: This security update resolves a privately reported vulnerability in the Open Data (OData) protocol. The vulnerability could allow denial of service if an unauthenticated attacker sends specially crafted HTTP requests to an affected site. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0272013-03-27T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-027 Revision Note: V1.1 (March 27, 2013): Revised bulletin to remove workaround steps for disabling USB mass storage devices because these steps are not necessary to block known attack vectors. Revised bulletin to remove workaround steps for disabling USB mass storage devices because these steps are not necessary to block known attack vectors. For more information, see Update FAQ.
Summary: This security update resolves three privately reported vulnerabilities in Microsoft Windows. These vulnerabilities could allow elevation of privilege if an attacker gains access to a system.]]>http://technet.microsoft.com/en-us/security/advisory/28196822013-03-26T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/advisory/2819682 Summary: Microsoft is announcing the availability of security updates for Windows Store applications running on Windows 8, Windows RT, and Windows Server 2012 (Windows Server 2012 Server Core installations are not affected). The updates address vulnerabilities that are detailed in the Knowledge Base articles associated with each update.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0262013-03-15T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-026 Revision Note: V1.1 (March 15, 2013): Corrected bulletin title and clarified affected version names in the vulnerability details and vulnerability FAQs.
Summary: This security update resolves one privately reported vulnerability in Microsoft Office for Mac. The vulnerability could allow information disclosure if a user opens a specially crafted email message.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0232013-03-15T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-023 Revision Note: V1.1 (March 15, 2013): Clarified language in the vulnerability FAQ, How could an attacker exploit the vulnerability?
Summary: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-mar2013-03-15T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-mar Summary: This bulletin summary lists security bulletins released for March 2013.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0252013-03-12T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-025 Revision Note: V1.0 (March 12, 2013): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft OneNote. The vulnerability could allow information disclosure if an attacker convinces a user to open a specially crafted OneNote file.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0242013-03-12T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-024 Revision Note: V1.0 (March 12, 2013): Bulletin published.
Summary: This security update resolves four privately reported vulnerabilities in Microsoft SharePoint and Microsoft SharePoint Foundation. The most severe vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes the user to a targeted SharePoint site.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0212013-03-12T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-021 Revision Note: V1.0 (March 12, 2013): Bulletin published.
Summary: This security update resolves eight privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0032013-03-12T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-003 Revision Note: V2.0 (March 12, 2013): Rereleased this bulletin to announce availability of an update for Microsoft System Center Operations Manager 2007 Service Pack 1. No other update packages are affected by this rerelease.
Summary: This security update resolves two privately reported vulnerabilities in Microsoft System Center Operations Manager. The vulnerabilities could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the affected website.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-jan2013-03-12T07:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-jan Summary: This bulletin summary lists security bulletins released for January 2013.]]>http://technet.microsoft.com/en-us/security/bulletin/ms12-0342013-03-06T08:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms12-034 Revision Note: V1.6 (March 6, 2013): Corrected update replacement information for the KB2676562 update.
Summary: This security update resolves three publicly disclosed vulnerabilities and seven privately reported vulnerabilities in Microsoft Office, Microsoft Windows, the Microsoft .NET Framework, and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a malicious webpage that embeds TrueType font files. An attacker would have no way to force users to visit a malicious website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0202013-02-13T08:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-020 Revision Note: V1.1 (February 13, 2012): Clarified in the vulnerability FAQ what systems are primarily at risk for CVE-2013-1313. This is an informational change only.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows Object Linking and Embedding (OLE) Automation. The vulnerability could allow remote code execution if a user opens a specially crafted file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0122013-02-13T08:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-012 Revision Note: V1.1 (February 13, 2013): Clarified that Microsoft Exchange Server 2010 Service Pack 3 is not affected by the vulnerabilities described in this bulletin. This is an informational change only.
Summary: This security update resolves publicly disclosed vulnerabilities in Microsoft Exchange Server. The most severe vulnerability is in Microsoft Exchange Server WebReady Document Viewing, and could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA). The transcoding service in Exchange that is used for WebReady Document Viewing is running in the LocalService account. The LocalService account has minimum privileges on the local computer and presents anonymous credentials on the network.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-feb2013-02-13T08:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-feb Summary: This bulletin summary lists security bulletins released for February 2013.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0192013-02-12T08:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-019 Revision Note: V1.0 (February 12, 2013): Bulletin published.
Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0182013-02-12T08:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-018 Revision Note: V1.1 (February 12, 2013): Added a link to Microsoft Knowledge Base Article 2790655 under Known Issues
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an unauthenticated attacker sends a specially crafted connection termination packet to the server.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0172013-02-12T08:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-017 Revision Note: V1.1 (February 12, 2013): Added a link to Microsoft Knowledge Base Article 2799494 under Known Issues in the Executive Summary.
Summary: This security update resolves three privately reported vulnerabilities in all supported releases of Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0162013-02-12T08:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-016 Revision Note: V1.1 (February 12, 2013): Added a link to Microsoft Knowledge Base Article 2778344 under Known Issues in the Executive Summary.
Summary: This security update resolves 30 privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0152013-02-12T08:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-015 Revision Note: V1.0 (February 12, 2013): Bulletin published.
Summary: This security update resolves one privately reported vulnerability in the .NET Framework. The vulnerability could allow elevation of privilege if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). The vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0142013-02-12T08:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-014 Revision Note: V1.0 (February 12, 2013) Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker attempts a file operation on a read only share. An attacker who exploited this vulnerability could cause the affected system to stop responding and restart. The vulnerability only affects Windows servers with the NFS role enabled.]]>http://technet.microsoft.com/en-us/security/bulletin/ms13-0132013-02-12T08:00:00.0000000Zhttp://technet.microsoft.com/en-us/security/bulletin/ms13-013 Revision Note: V1.0 (February 12, 2013): Bulletin published.
Summary: This security update resolves publicly disclosed vulnerabilities in Microsoft FAST Search Server 2010 for SharePoint. The vulnerabilities could allow remote code execution in the security context of a user account with a restricted token. FAST Search Server for SharePoint is only affected by this issue when Advanced Filter Pack is enabled. By default, Advanced Filter Pack is disabled.]]>