|
|
|
Severity Rating: Important
Revision Note: V1.2 (June 18, 2013): Bulletin revised to announce a detection change in the security update for 2839229 to address the known issue documented in Microsoft Knowledge Base Article 2839229. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves one privately reported vulnerability in Windows Kernel. The vulnerability could allow information disclosure if an attacker logs on to a system and runs a specially crafted application or convinces a local, logged-in user to run a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise an affected system.
|
|
|
Full View / NID: 45377 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.1 (June 12, 2013): Updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes".
Summary: This security update resolves one privately reported vulnerability in Windows Kernel. The vulnerability could allow information disclosure if an attacker logs on to a system and runs a specially crafted application or convinces a local, logged-in user to run a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise an affected system.
|
|
|
Full View / NID: 45338 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V1.0 (June 11, 2013): Bulletin published.
Summary: This security update resolves nineteen privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
|
|
Full View / NID: 45329 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (June 11, 2013): Bulletin published.
Summary: This security update resolves one privately reported vulnerability in Windows Kernel. The vulnerability could allow information disclosure if an attacker logs on to a system and runs a specially crafted application or convinces a local, logged-in user to run a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise an affected system.
|
|
|
Full View / NID: 45328 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (June 11, 2013): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sends specially crafted packets to the server. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter.
|
|
|
Full View / NID: 45327 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (June 11, 2013) Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege when an authenticated attacker deletes a printer connection. An attacker must have valid logon credentials and be able to log on to exploit this vulnerability.
|
|
|
Full View / NID: 45326 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (June 11, 2013): Bulletin published.
Summary: This security update resolves one privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Office document using an affected version of Microsoft Office software, or previews or opens a specially crafted email message in Outlook while using Microsoft Word as the email reader. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
|
|
Full View / NID: 45325 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.1 (May 29, 2013): Corrected update replacement entries in the Affected Software table for x64-based editions of Windows Server 2008 R2. This is a bulletin change only. There were no changes to detection logic or security update files.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a remote attacker sends a specially crafted session request to the Kerberos server.
|
|
|
Full View / NID: 45250 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V1.1 (May 29, 2013): Updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes".
Summary: This security update resolves one publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
|
|
Full View / NID: 45249 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.1 (May 29, 2013): Added a Non-Applicable Software table to identify platforms on which the .NET Framework is not installable.
Summary: This security update resolves one privately reported vulnerability and one publicly disclosed vulnerability in the .NET Framework. The more severe of the vulnerabilities could allow spoofing if a .NET application receives a specially crafted XML file. An attacker who successfully exploited the vulnerabilities could modify the contents of an XML file without invalidating the file's signature and could gain access to endpoint functions as if they were an authenticated user.
|
|
|
Full View / NID: 45248 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.1 (May 23, 2013): Revised bulletin to announce a detection change for the Microsoft Visio 2010 (2810068) update. This is a detection change only. There were no changes to the update files. Customers who have successfully installed the update do not need to take any action.
Summary: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow information disclosure if a user opens a specially crafted Visio file. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise an affected system.
|
|
|
Full View / NID: 45203 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V1.1 (May 22, 2013): Added a link to Microsoft Knowledge Base Article 2758857 under Known Issues in the Executive Summary.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user browses to a folder that contains a file or subfolder with a specially crafted name. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
|
|
Full View / NID: 45192 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V1.1 (May 22, 2013): Corrected the Common Vulnerabilities and Exposures number for CVE-2013-3140. This is an informational change only.
Summary: This security update resolves eleven privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
|
|
Full View / NID: 45191 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.1 (May 15, 2013): Corrected link to the download location in the Detection and Deployment Tools and Guidance section. This is an informational change only.
Summary: This security update resolves a privately reported vulnerability in Windows Writer. The vulnerability could allow information disclosure if a user opens Writer using a specially crafted URL. An attacker who successfully exploited the vulnerability could override Windows Writer proxy settings and overwrite files accessible to the user on the target system. In a web-based attack scenario, a website could contain a specially crafted link that is used to exploit this vulnerability. An attacker would have to convince users to visit the website and open the specially crafted link.
|
|
|
Full View / NID: 45109 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (May 14, 2013): Bulletin published.
Summary: This security update resolves eleven privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user open a specially crafted Publisher file with an affected version of Microsoft Publisher. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
|
|
Full View / NID: 45097 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (May 14, 2013): Bulletin published.
Summary: This security update resolves one privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted file or previews a specially crafted email message in an affected version of Microsoft Office software. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
|
|
Full View / NID: 45096 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (May 14, 2013): Bulletin published
Summary: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow information disclosure if a user opens a specially crafted Visio file. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise an affected system.
|
|
|
Full View / NID: 45095 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (May 14, 2013): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Windows Writer. The vulnerability could allow information disclosure if a user opens Writer using a specially crafted URL. An attacker who successfully exploited the vulnerability could override Windows Writer proxy settings and overwrite files accessible to the user on the target system. In a web-based attack scenario, a website could contain a specially crafted link that is used to exploit this vulnerability. An attacker would have to convince users to visit the website and open the specially crafted link.
|
|
|
Full View / NID: 45094 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Important
Revision Note: V1.0 (May 14, 2013): Bulletin published.
Summary: This security update resolves three reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs onto the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities.
|
|
|
Full View / NID: 45093 / Submitted by: The Zilla of Zuron
|
|
|
Severity Rating: Critical
Revision Note: V4.2 (April 26, 2013): Corrected update replacement. This is an informational change only. There were no changes to the security update files or detection logic.
Summary: This security update resolves a publicly disclosed vulnerability in Microsoft XML Core Services. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website.
|
|
|
Full View / NID: 44983 / Submitted by: The Zilla of Zuron
|
|
; void('');){kind=link}
