Internet Security Systems - AlertCon(TM)

February 2013 Super Tuesday Update

Posted by YongChuan Koh on February 12, 2013 at 3:42 PM EST.

The Microsoft security update for Feb is huge; there are five 'Critical' and seven 'Important' bulletins covering 57 CVEs. Among these, KB2792100 (Critical, Internet Explorer) addresses 13 CVEs and KB2778344 (Important, Windows Kernel-Mode Drivers) addresses 30 CVEs. It seems that these two components remains an attractive target for attackers. There are 2 bulletins for IE; one for DOM parsing and the other in VML.

Here is a summary of the critical updates, which I feel should be applied to affected systems immediately.

  • MS13-009 (KB2792100) Cumulative Security Update for Internet Explorer
    The majority of the 13 CVEs covered in this bulletin are use-after-free vulnerabilities leading to remote code execution, and affects IE 6-10. This update should be applied to all systems immediately. As a 2nd-line of defense, users are also encouraged to use browsers with sandboxing-capabilities to limit the impact.

  • MS13-010 (KB2797052) Vulnerability in Vector Markup Language Could Allow Remote Code Execution
    The single vulnerability in this bulletin exists in the way IE handles VML objects, leading to memory corruption. This affects IE6-10. Users have to be persuaded to visit a malicious webpage. This update should be applied to all systems immediately.

  • MS13-011 (KB2780091) Vulnerability in Media Decompression Could Allow Remote Code Execution
    This bulletin addresses a single publicly reported vulnerability in the decompression of media content in Microsoft DirectShow. The media content could either be a crafted media file (eg: .MPG) or streaming content. Attackers could also embed such malicious files in Office documents and web pages to reach more victims. This update should be applied immediately.

  • MS13-012 (KB2809279) Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution
    This bulletin addresses two publicly disclosed vulnerabilities, with the more severe allowing remote code execution in Microsoft Exchange Server. These vulnerabilities are due to the Outlook Web App's (OWA) WebReady Document Viewing feature, which uses Oracle's Outside-In technology, to render some types of file formats. This update should be applied immediately.

  • MS13-020 (KB2802968) Vulnerability in OLE Automation Could Allow Remote Code Execution
    This bulletin addresses a single privately reported vulnerability in OLE Automation affecting only Windows XP SP3. However this can be embedded in Office documents, wordpad documents and web pages. So users should still be cautious and apply this update immediately.

Comments or opinions expressed on this Weblog are the opinions of the authors alone. They are not necessarily reviewed in advance by anyone but the individual authors, and neither IBM Internet Security Systems nor any other party necessarily agrees with them. The views expressed by outside contributors and links to outside websites do not represent the views of IBM Internet Security Systems, its management or employees. All content on this Weblog has been made available on an “as-is” basis, and IBM Internet Security Systems shall not be liable for any direct or indirect damages arising out of use of this Weblog.