|
|
|
Severity Rating: Important
Revision Note: V1.1 (May 15, 2013): Corrected link to the download location in the Detection and Deployment Tools and Guidance section. This is an informational change only.
Summary: This security update resolves a privately reported vulnerability in Windows Writer. The vulnerability could allow information disclosure if a user opens Writer using a specially crafted URL. An attacker who successfully exploited the vulnerability could override Windows Writer proxy settings and overwrite files accessible to the user on the target system. In a web-based attack scenario, a website could contain a specially crafted link that is used to exploit this vulnerability. An attacker would have to convince users to visit the website and open the specially crafted link.
|
|
|
Full View / NID: 45109 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (May 14, 2013): Bulletin published.
Summary: This security update resolves eleven privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user open a specially crafted Publisher file with an affected version of Microsoft Publisher. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
|
|
Full View / NID: 45097 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (May 14, 2013): Bulletin published.
Summary: This security update resolves one privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted file or previews a specially crafted email message in an affected version of Microsoft Office software. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
|
|
Full View / NID: 45096 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (May 14, 2013): Bulletin published
Summary: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow information disclosure if a user opens a specially crafted Visio file. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise an affected system.
|
|
|
Full View / NID: 45095 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (May 14, 2013): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Windows Writer. The vulnerability could allow information disclosure if a user opens Writer using a specially crafted URL. An attacker who successfully exploited the vulnerability could override Windows Writer proxy settings and overwrite files accessible to the user on the target system. In a web-based attack scenario, a website could contain a specially crafted link that is used to exploit this vulnerability. An attacker would have to convince users to visit the website and open the specially crafted link.
|
|
|
Full View / NID: 45094 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (May 14, 2013): Bulletin published.
Summary: This security update resolves three reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs onto the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities.
|
|
|
Full View / NID: 45093 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V4.2 (April 26, 2013): Corrected update replacement. This is an informational change only. There were no changes to the security update files or detection logic.
Summary: This security update resolves a publicly disclosed vulnerability in Microsoft XML Core Services. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website.
|
|
|
Full View / NID: 44983 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V1.1 (April 24, 2013): Added CVE-2013-1338 as a vulnerability addressed by this update. In addition, corrected update replacement and clarified why this update replaces MS13-010. These are informational changes only.
Summary: This security update resolves two privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
|
|
Full View / NID: 44976 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.1 (April 24, 2013): Corrected update replacement. This is an informational change only. There were no changes to the security update files or detection logic.
Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability.
|
|
|
Full View / NID: 44975 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V3.1 (April 24, 2013): Corrected KB article hyperlink and incorrect KB numbers for Windows 7 for x64-based Systems and Windows Server 2008 R2 for Itanium-based Systems in the Affected Software table. These are bulletin changes only.
Summary: This security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities.
|
|
|
Full View / NID: 44974 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V3.0 (April 23, 2013): Rereleased bulletin to replace the 2823324 update with the 2840149 update for NTFS.sys when installed on supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. See the Update FAQ for details.
Summary: This security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities.
|
|
|
Full View / NID: 44967 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V2.1 (April 17, 2013): Added FAQs to provide additional guidance for customers who are having difficulties restarting their systems after installing security update 2823324. See the Update FAQ for details.
Summary: This security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities.
|
|
|
Full View / NID: 44942 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.1 (April 16, 2013): Bulletin revised to announce a detection change in the 2781197 package to correct a reoffering issue. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves a privately reported vulnerability in the Microsoft Antimalware Client. The vulnerability could allow elevation of privilege due to the pathnames used by the Microsoft Antimalware Client. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.
|
|
|
Full View / NID: 44932 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V2.0 (April 11, 2013): Added links to Microsoft Knowledge Base Article 2823324 and Microsoft Knowledge Base Article 2839011 under Known Issues. Removed Download Center links for Microsoft security update 2823324. Microsoft recommends that customers uninstall this update See the Update FAQ for details.
Summary: This security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities.
|
|
|
Full View / NID: 44908 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V1.1 (April 10, 2013): Corrected the version number for Remote Desktop Connection Client on Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 from 7.0 to 7.1. This is an informational change only. There were no changes to security update files.
Summary: This security update resolves a privately reported vulnerability in Windows Remote Desktop Client. The vulnerability could allow remote code execution if a user views a specially crafted webpage. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
|
|
Full View / NID: 44901 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (April 9, 2013): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Active Directory. The vulnerability could allow denial of service if an attacker sends a specially crafted query to the Lightweight Directory Access Protocol (LDAP) service.
|
|
|
Full View / NID: 44894 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (April 9, 2013): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in all supported editions of Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
|
|
|
Full View / NID: 44893 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (April 9, 2013): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in the Microsoft Antimalware Client. The vulnerability could allow elevation of privilege due to the pathnames used by the Microsoft Antimalware Client. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.
|
|
|
Full View / NID: 44892 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (April 9, 2013): Bulletin published.
Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Office. The vulnerability could allow elevation of privilege if an attacker sends specially crafted content to a user.
|
|
|
Full View / NID: 44891 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (April 9, 2013): Bulletin published.
Summary: This security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerabilities.
|
|
|
Full View / NID: 44890 / Submitted by: The Zilla of Zuron
|
|
; void('');){kind=link}
