Search, View and Navigation
Main Menu
Mailing List
[SingCERT] Microsoft Security Bulletin Summary for April 2013
[ Summary ]
Microsoft has released 9 security bulletins for the month of April 2013 to address vulnerabilities in Microsoft Windows, Office, Internet Explorer, Server Software, and Security Software.
These vulnerabilities could allow remote code execution, elevation of privilege, denial of service, or information disclosure.
MS13-028 and MS13-029 are rated Critical as successfully exploitation of these vulnerabilities will allow remote code execution.
For MS13-028, a remote user can create specially crafted HTML that, when loaded by the target user, will trigger a use-after-free memory error and execute arbitrary code on the target user's system. The code will run with the privileges of the target user.
For MS13-029, a remote user can create specially crafted HTML that, when loaded by the target user, will exploit an object memory access flaw in an ActiveX control to execute arbitrary code on the target user's system. The code will run with the privileges of the target user.
· MS13-028 Cumulative Security Update for Internet Explorer (2817183)
· MS13-029 Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2828223)
· MS13-030 Vulnerability in SharePoint Could Allow Information Disclosure (2827663)
· MS13-031 Vulnerability in Active Directory Could Lead to Denial of Service (2830914)
· MS13-032 Vulnerability in Active Directory Could Lead to Denial of Service (2830914)
· MS13-033 Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2820917)
· MS13-034 Vulnerability in Microsoft Antimalware Client Could Allow Elevation of Privilege (2823482)
· MS13-035 Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2821818)
· MS13-036 Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege (2829996)
Read more: [SingCERT] Microsoft Security Bulletin Summary for April 2013
[SingCERT] Adobe Flash Player Updates
[ Summary ]
Adobe has released security updates for Adobe Flash Player to address a vulnerability that could cause a crash and potentially allow an attacker to take control of the affected system.
A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user.
An integer overflow may occur [CVE-2013-0646].
A use-after-free may occur [CVE-2013-0650].
A memory corruption error may occur [CVE-2013-1371].
A heap buffer overflow may occur [CVE-2013-1375].
[SingCERT] Microsoft Security Bulletin Summary for March 2013
Last Updated on Wednesday, 13 March 2013 16:08
[ Summary ]
Microsoft has released 7 security bulletins for the month of March 2013 to address vulnerabilities in Microsoft Windows Silverlight, Visio Viewer 2010, Microsoft SharePoint, Microsoft OneNote, Office Outlook for Mac, Kernel-Mode Drivers, and cumulative security updates for Internet Explorer.
These vulnerabilities could allow an attacker to execute arbitrary code remotely, operate with elevated privileges, or disclose sensitive information.
MS13-021, MS13-022, MS13-023, MS13-024 are rated Critical as successfully exploitation of these vulnerabilities will allow remote code execution. MS13-021 – Internet Explorer CTreeNode Use After Free Vulnerability [CVE-2013-1288] has been publicly disclosed.
- MS13-021 Cumulative Security Update for Internet Explorer (2809289)
- MS13-022 Vulnerability in Silverlight Could Allow Remote Code Execution (2814124)
- MS13-023 Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2801261)
- MS13-024 Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2780176)
- MS13-025 Vulnerability in Microsoft OneNote Could Allow Information Disclosure (2816264)
- MS13-026 Vulnerability in Office Outlook for Mac Could Allow Information Disclosure (2813682)
- MS13-027 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2807986)
Read more: [SingCERT] Microsoft Security Bulletin Summary for March 2013
More Articles...
Page 2 of 6