March 2013 - Microsoft Releases 7 Security Advisories

  Severity: CRITICAL
  Advisory Date: MAR 12, 2013

  DESCRIPTION

Microsoft addresses the following vulnerabilities in its March batch of patches:

  • (MS13-021) Cumulative Security Update for Internet Explorer (2809289)
    Risk Rating: Critical

    This patch addresses several vulnerabilities found in Internet Explorer. The said vulnerabilities when exploited could allow remote code execution via a specially crafted webpage thus compromising the security of the affected systems. Read more here.

  • (MS13-022) Vulnerability in Silverlight Could Allow Remote Code Execution (2814124)
    Risk Rating: Critical

    This patch addresses a vulnerability found in Microsoft Silverlight. It can allow remote code execution when exploited via a specially crafted Silverlight application hosted on websites. Read more here.

  • (MS13-023) Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2801261)
    Risk Rating: Critical

    This patch addresses a vulnerability found in Microsoft Office. It can be exploited once a user opens a specially crafted Visio file thus resulting to remote code execution, compromising the security of the systems. Read more here.

  • (MS13-024) Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2780176)
    Risk Rating: Critical

    This patch addresses vulnerabilities found in Microsoft SharePoint and Microsoft SharePoint Foundation. When exploited via a malicious URL pointing to a SharePoint site, it can allow elevation of privilege. Read more here.

  • (MS13-025) Vulnerability in Microsoft OneNote Could Allow Information Disclosure (2816264)
    Risk Rating: Important

    This patch addresses a vulnerability existing in Microsoft OneNote. A remote attacker can abused this vulnerability when they lure users into opening a specially crafted OneNote file thus leading to information disclosure. Read more here.

  • (MS13-026) Vulnerability in Office Outlook for Mac Could Allow Information Disclosure (2813682)
    Risk Rating: Important

    This patch addresses a vulnerability existing Microsoft Office for Mac. When exploited via a specially crafted email message it can allow information disclosure. Read more here.

  • (MS13-027) Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2807986)
    Risk Rating: Important

    This patch addresses the vulnerabilities found in Microsoft Windows. These vulnerabilities when exploited can allow elevation of privilege once attacker gains access to an affected system thus compromising its security. Read more here.

  TREND MICRO PROTECTION INFORMATION

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.

MS Bulletin ID Vulnerability ID DPI Rule Number DPI Rule Name Release Date IDF Compatibility
MS13-021 CVE-2013-0087 1005411 Microsoft Internet Explorer OnResize Use After Free Vulnerability (CVE-2013-0087) 12-Mar-13 YES
CVE-2013-0088 1005413 Microsoft Internet Explorer 'saveHistory' Use After Free Vulnerability 12-Mar-13 YES
CVE-2013-0089 1005413 Microsoft Internet Explorer 'saveHistory' Use After Free Vulnerability 12-Mar-13 YES
CVE-2013-0090 1005415 Microsoft Internet Explorer CCaret Use After Free Vulnerability (CVE-2013-0090) 12-Mar-13 YES
CVE-2013-0091 1005416 Internet Explorer CElement Use After Free Vulnerability (CVE-2013-0091) 12-Mar-13 YES
CVE-2013-0092 1005414 Internet Explorer GetMarkupPtr Use After Free Vulnerability (CVE-2013-0092) 12-Mar-13 YES
CVE-2013-0093 1005412 Internet Explorer onBeforeCopy Use After Free Vulnerability (CVE-2013-0093) 12-Mar-13 YES
CVE-2013-0094 1005418 Microsoft Internet Explorer 'removeChild' Use After Free Vulnerability (CVE-2013-0094) 12-Mar-13 YES
CVE-2013-1288 1005421 Internet Explorer CTreeNode Use After Free Vulnerability (CVE-2013-1288) 12-Mar-13 YES
MS13-022 CVE-2013-0074 1005013 Identified Suspicious Upload Of Microsoft .Net Executable 12-Jun-12 YES
MS13-023 CVE-2013-0079 1005419 Microsoft Visio Viewer Tree Object Type Confusion Vulnerability (CVE-2013-0079) 12-Mar-13 YES
MS13-024 CVE-2013-0080 1000552 Generic Cross Site Scripting(XSS) Prevention 18-Jul-06 YES
CVE-2013-0083 1000552 Generic Cross Site Scripting(XSS) Prevention 18-Jul-06 YES
CVE-2013-0084 1005417 Microsoft SharePoint Directory Traversal Vulnerability (CVE-2013-0084) 12-Mar-13 YES
MS13-025 CVE-2013-0086 1005420 Microsoft OneNote Buffer Size Validation Vulnerability (CVE-2013-0086) 12-Mar-13 YES