Patch Analysis for May 2013

With just a few exceptions all patches are endpoint focused vulnerabilities.  Endpoint security is so critical today--there’s no way to be safe with just patching and AV.  Please check out our sponsor, Lumesion, whose end point security suite offers 10 different endpoint security technologies in a single agent and on one pane of glass.

Two critical bulletins for Internet Explorer have been released this May by Microsoft. Here is an overview: MS13-037 is a cumulative update for Internet Explorer; MS13-038 is also for Internet Explorer, exploit details are public and it’s already being used in attacks.

The other 8 bulletins are rated "important". Those using Server 2012 should give attention to bulletin MS13-039

MS13-040, the authentication bypass vulnerability has been publicly disclosed. Those with the affected version of .net--workstations and servers that run Windows WCF services are the most vulnerable.

Writers of malicious code are becoming more sophisticated with backing of increasing resources. Exploits may be used together. A system that is compromised might then be hit with a privilege elevation such as in MS13-046. Microsoft's EMET 4.0 (Enhanced Mitigation Experience Toolkit) was due to be released today but it has been delayed a couple of weeks. Tool kits like this should help to at least slow the bad guys down.

On MS13-041, Microsoft explains a victim would have to accept an incoming Lync chat invitation and then agree to view a shared program or shared content presented by the attacker. This puts systems with affected editions Lync or Communicator installed at risk.

MS13-042 reveals many vulnerabilities in Publisher. MS13-043 shows multiple vulnerabilities in Office Word and MS13-044 reports a vulnerability in Office Visio.

Windows Essentials is a free download that contains Writer. If you have Essentials 2011 has no patch but Essentials 2012 does (MS13-045) Upgrading to 2012 is the way to go. It seems this software would be installed mostly on workstations.

Unwanted and unknown applications can introduce malware, decrease PC performance, consume disk space, reduce network bandwidth and ultimately reduce IT and user productivity. With the free Application Scanner Tool from Lumension you can:

  • Discover all applications and executables in your endpoint environment
  • Validate the integrity of applications and files against known vendor provenance; and
  • Identify and report on systems at risk with the most unknown executables and the most prevalent applications and unknown executables in your organization

Click here to download it now »

Visit the Lumension Patch Tuesday Center

 

BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS13-045

2813707
Information disclosure

/ Writer
Workstations
No/NoNoImportant Essentials 2011
Essentials 2012
 Patch after testing
MS13-039

2829254
Denial of service

/ HTTP.sys
Servers
No/NoNoImportant Windows 8
Server 2012
Windows RT
Restart Req'dPatch after testing
MS13-037

2829530
Arbitrary code

/ Internet Explorer
Workstations
Terminal Servers
No/NoNoCritical XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Cumulative Update; Restart Req'dPatch after testing
MS13-042

2830397
Arbitrary code

/ Publisher
Workstations
Terminal Servers
No/NoNoImportant Office 2003
Office 2007
Office 2010
Multiple vulnerabilitiesPatch after testing
MS13-043

2830399
Arbitrary code

/ Office Word
Workstations
Terminal Servers
No/NoNoImportant Office 2003
Word Viewer
Multiple vulnerabilitiesPatch after testing
MS13-044

2834692
Information disclosure

/ Visio
Workstations
Terminal Servers
No/NoNoImportant Visio 2003
Visio 2007
Visio 2010
 Patch after testing
MS13-041

2834695
Arbitrary code

/ Lync
Workstations
Servers
No/NoNoImportant Lync 2010
Communicator 2007 R2
Check bulletin for affected systemsPatch after testing
MS13-040

2836440
Spoofing

/ .Net Framework
Workstations
Servers
Yes/NoNoImportant XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
 Patch after testing
MS13-046

2840221
Privilege elevation

/ Windows kernel mode drivers
Workstations
Terminal Servers
No/NoNoImportant XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
Multiple vulnerabilities; Restart Req'dPatch after testing
MS13-038

2847204
Arbitrary code

/ Internet Explorer
Workstations
Terminal Servers
Yes/YesYesCritical XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
 Apply Workaround; Patch after testing

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.