Search, View and Navigation
Mailing List
[SingCERT] Microsoft Security Bulletin Summary for January 2013
Last Updated on Wednesday, 09 January 2013 14:56
[ Summary ]
Microsoft has released 7 security bulletins for the month of January 2013 to address vulnerabilities in Microsoft Windows, Office, Developers Tools, Server Software, and .NET Framework.
MS13-001 and MS13-002 are rated Critical and MS13-003, MS13-004, MS13-005, MS13-006 and MS13-007 are rated Important as successful exploitation of these vulnerabilities will allow remote code execution, elevation of privilege, security features bypass, or cause denial-of-service conditions.
- MS13-001 Vulnerability in Windows Print Spooler Components Could Allow Remote Code Execution (2769369) - Critical
- MS13-002 Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (2756145) - Critical
- MS13-003 Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege (2748552) - Important
- MS13-004 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2769324) - Important
- MS13-005 Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778930) - Important
- MS13-006 Vulnerability in Microsoft Windows Could Allow Security Feature Bypass (2785220) - Important
- MS13-007 Vulnerability in Open Data Protocol Could Allow Denial of Service (2769327) - Important
Read more: [SingCERT] Microsoft Security Bulletin Summary for January 2013
[SingCERT] Vulnerabilities in Joomla - Joomla JCE and TinyMCE
Last Updated on Wednesday, 09 January 2013 14:28
[ Background ]
Several cases of defacement have been reported and SingCERT is informed that vulnerabilities in Joomla JCE and TinyMCE are found to have caused the defacements.
Read more: [SingCERT] Vulnerabilities in Joomla - Joomla JCE and TinyMCE
[SingCERT] Microsoft Windows Includes Some Invalid TURKTRUST Certificates
[ Summary ]
A vulnerability was reported in Microsoft Windows. A remote user may be able to spoof sites.
The operating system includes some invalid certificates. The vulnerability is due to the invalid certificates and not the operating system itself.
TURKTRUST Inc. incorrectly created two subsidiary certificate authorities (CAs) ('*.EGO.GOV.TR' and 'e-islem.kktcmerkezbankasi.org') as end-entity certificates and without CRL or OCSP extensions. The '*.EGO.GOV.TR' subsidiary CA was then used to issue a fraudulent digital certificate for '*.google.com'.
A fraudulent digital certificate has been actively used in attacks against several Google web domains.
Windows Phone 8 is also affected.
Read more: [SingCERT] Microsoft Windows Includes Some Invalid TURKTRUST Certificates
More Articles...
Page 6 of 7