Skip to main content
MSRC

2013

Assessing risk for the February 2013 security updates

Tuesday, February 12, 2013

Today we released twelve security bulletins addressing 57 CVE’s. Five of the bulletins have a maximum severity rating of Critical, and seven have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability rating Likely first 30 days impact Platform mitigations and key notes MS13-010(VML) Victim browses to a malicious webpage.

Read More

Baseball, Bulletins and the February 2013 Release

Tuesday, February 12, 2013

Before we discuss this month’s release, I wanted to briefly touch on the big event happening this week. No, I’m not talking about the romantically-themed holiday on Thursday. I’m talking about the start of spring training and the return of baseball. There are a few things I am very passionate about and those who know me, know how much I love baseball.

Read More

EMET 3.0 support is now available for enterprise customers

Tuesday, February 12, 2013

We are pleased to announce that as of today customers with access to Microsoft Services Premier and Professional Support can receive EMET related technical assistance. This is an important step for us to better support professional and enterprise customers and answer questions related to EMET deployment, configuration, and troubleshooting. The support will be fee based.

Read More

MS13-018: Hard to let go

Tuesday, February 12, 2013

MS13-018 addresses a potential denial-of-service condition in the Windows TCP/IP stack. This vulnerability could be leveraged by an attacker in certain circumstances to exhaust a server’s non paged pool, preventing it from making new TCP connections. The vulnerability is as follows: A Windows victim machine has a TCP/IP connection in an ESTABLISHED state to a remote attacker machine, and the Windows victim machine (not the attacker machine) sends a FIN packet to the remote attacker machine to initiate the connection teardown sequence, as outlined in RFC 793.

Read More

Advance Notification Service for the February 2013 Security Bulletin Release

Thursday, February 07, 2013

We’re kicking off the February 2013 Security Bulletin Release with Advance Notification of 12 bulletins for release Tuesday, February 12. This release brings five Critical and seven Important-class bulletins, which address 57 unique vulnerabilities. The Critical-rated bulletins address issues in Microsoft Windows, Internet Explorer and Exchange Software. The Important-rated bulletins address issues in Microsoft Windows, Office, .

Read More

Security Advisory 2755801 revised to address Adobe Flash Player issues (Feb. 7, 2013)

Thursday, February 07, 2013

Today we revised Security Advisory 2755801 to address issues in Adobe Flash Player in Internet Explorer 10 on Windows 8, this revision was released in conjunction with Adobe’s update process. Customers who have automatic updates enabled will not need to take any action because protections will be downloaded and installed automatically.

Read More