March 2013 - Microsoft Releases 7 Security Advisories
DESCRIPTION
Microsoft addresses the following vulnerabilities in its March batch of patches:
- (MS13-021) Cumulative Security Update for Internet Explorer (2809289)
Risk Rating: Critical
This patch addresses several vulnerabilities found in Internet Explorer. The said vulnerabilities when exploited could allow remote code execution via a specially crafted webpage thus compromising the security of the affected systems. Read more here.
- (MS13-022) Vulnerability in Silverlight Could Allow Remote Code Execution (2814124)
Risk Rating: Critical
This patch addresses a vulnerability found in Microsoft Silverlight. It can allow remote code execution when exploited via a specially crafted Silverlight application hosted on websites. Read more here.
- (MS13-023) Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2801261)
Risk Rating: Critical
This patch addresses a vulnerability found in Microsoft Office. It can be exploited once a user opens a specially crafted Visio file thus resulting to remote code execution, compromising the security of the systems. Read more here.
- (MS13-024) Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2780176)
Risk Rating: Critical
This patch addresses vulnerabilities found in Microsoft SharePoint and Microsoft SharePoint Foundation. When exploited via a malicious URL pointing to a SharePoint site, it can allow elevation of privilege. Read more here.
- (MS13-025) Vulnerability in Microsoft OneNote Could Allow Information Disclosure (2816264)
Risk Rating: Important
This patch addresses a vulnerability existing in Microsoft OneNote. A remote attacker can abused this vulnerability when they lure users into opening a specially crafted OneNote file thus leading to information disclosure. Read more here.
- (MS13-026) Vulnerability in Office Outlook for Mac Could Allow Information Disclosure (2813682)
Risk Rating: Important
This patch addresses a vulnerability existing Microsoft Office for Mac. When exploited via a specially crafted email message it can allow information disclosure. Read more here.
- (MS13-027) Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2807986)
Risk Rating: Important
This patch addresses the vulnerabilities found in Microsoft Windows. These vulnerabilities when exploited can allow elevation of privilege once attacker gains access to an affected system thus compromising its security. Read more here.
TREND MICRO PROTECTION INFORMATION
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.
| MS Bulletin ID | Vulnerability ID | DPI Rule Number | DPI Rule Name | Release Date | IDF Compatibility |
| MS13-021 | CVE-2013-0087 | 1005411 | Microsoft Internet Explorer OnResize Use After Free Vulnerability (CVE-2013-0087) | 12-Mar-13 | YES |
| CVE-2013-0088 | 1005413 | Microsoft Internet Explorer 'saveHistory' Use After Free Vulnerability | 12-Mar-13 | YES | |
| CVE-2013-0089 | 1005413 | Microsoft Internet Explorer 'saveHistory' Use After Free Vulnerability | 12-Mar-13 | YES | |
| CVE-2013-0090 | 1005415 | Microsoft Internet Explorer CCaret Use After Free Vulnerability (CVE-2013-0090) | 12-Mar-13 | YES | |
| CVE-2013-0091 | 1005416 | Internet Explorer CElement Use After Free Vulnerability (CVE-2013-0091) | 12-Mar-13 | YES | |
| CVE-2013-0092 | 1005414 | Internet Explorer GetMarkupPtr Use After Free Vulnerability (CVE-2013-0092) | 12-Mar-13 | YES | |
| CVE-2013-0093 | 1005412 | Internet Explorer onBeforeCopy Use After Free Vulnerability (CVE-2013-0093) | 12-Mar-13 | YES | |
| CVE-2013-0094 | 1005418 | Microsoft Internet Explorer 'removeChild' Use After Free Vulnerability (CVE-2013-0094) | 12-Mar-13 | YES | |
| CVE-2013-1288 | 1005421 | Internet Explorer CTreeNode Use After Free Vulnerability (CVE-2013-1288) | 12-Mar-13 | YES | |
| MS13-022 | CVE-2013-0074 | 1005013 | Identified Suspicious Upload Of Microsoft .Net Executable | 12-Jun-12 | YES |
| MS13-023 | CVE-2013-0079 | 1005419 | Microsoft Visio Viewer Tree Object Type Confusion Vulnerability (CVE-2013-0079) | 12-Mar-13 | YES |
| MS13-024 | CVE-2013-0080 | 1000552 | Generic Cross Site Scripting(XSS) Prevention | 18-Jul-06 | YES |
| CVE-2013-0083 | 1000552 | Generic Cross Site Scripting(XSS) Prevention | 18-Jul-06 | YES | |
| CVE-2013-0084 | 1005417 | Microsoft SharePoint Directory Traversal Vulnerability (CVE-2013-0084) | 12-Mar-13 | YES | |
| MS13-025 | CVE-2013-0086 | 1005420 | Microsoft OneNote Buffer Size Validation Vulnerability (CVE-2013-0086) | 12-Mar-13 | YES |