English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

February 2013 Microsoft Security Bulletins - Volume is High but a Handful are Critical

0.4
 

Today's February Microsoft Security Bulletin release patches a long list of vulnerabilities. However, only a subset of these vulnerabilities are critical. Four of them effect client side software and one effect server side - Internet Explorer, DirectShow media processing components (using web browsers or Office software as a vector of delivery), OLE automation components (APT related spearphish), and one effecting the specially licensed "Oracle Outside In" components hosted by Microsoft Exchange that could be used to attack OWA users. These critical vulnerabilities all potentially enable remote code execution, as does the Sharepoint server related Bulletin rated "important" this month. The other vulnerabilities enable Elevation of Privilege and Denial of Service attacks. Several of the vulnerabilities have been publicly disclosed, and at least one is known to be publicly exploited. A large number of the CVE being patched are in the kernel code, so this month most everyone should expect to manage a reboot.

The long list of CVE patched by MS-13-016 all address race conditions that were privately reported in win32k.sys, which all enable non-trivial EoP attacks. This lessens the severity of the issue, as evidenced by the recent RDP vulnerability that attracted so much attention at the end of this past year.

So, we should focus immediate efforts on the handful of critical RCE this month.


1 comments

mark117

2013 Mar 24, 01:58
1
 

updates

Hi
I updated with them all that i needed for my system,
good thing keeping your system up to date with the latest patches and fixes...
Thanks for the article too Kurt Baumgartner
Thank You
mark117

Reply    
If you would like to comment on this article you must first
login


Bookmark and Share
Share

Analysis

Blog

Alerts