The Latest in IT Security

February 2013 Patch Tuesday: 12 Security Bulletins for 57 Vulnerabilities

13
Feb
2013

This February, Microsoft released 12 security bulletins addressing 57 vulnerabilities. Out of the security updates, 5 are tagged Critical and the rest rated as Important.

One of the notable advisories for this round is (MS13-009) Cumulative Security Update for Internet Explorer (2792100), which covers the vulnerabilities in Internet Explorer. Accordingly, these vulnerabilities,  affecting all versions of IE, (which include the latest version: IE 10 on Windows 8 and Windows RT) could lead to remote code execution. Another notable Critical-rate updates are (MS13-011) and (MS13-012), which affect Microsoft Exchange and Microsoft Windows and can also lead to remote code execution thus compromising the security of the system.

Users should immediately apply patches, whenever possible, for these vulnerabilities. Trend Micro Deep Security and Office Scan with Intrusion Defense Firewall (IDF) plugin users are protected from any attacks that may leverage these vulnerabilities. For more information on the bulletins and their IDF rules, visit the Threat Encyclopedia Page.

Update as of February 12, 10:06 PM, PST

Trend Micro Deep Security has released the following DPI rules to address the vulnerabilities in Internet Explorer included in MS13-09:

  • 1005364 Internet Explorer Shift JIS Character Encoding Vulnerability (CVE-2013-0015)
  • 1005365 Microsoft Internet Explorer SetCapture Use After Free Vulnerability (CVE-2013-0018)
  • 1005366 Microsoft Internet Explorer COMWindowProxy Use After Free Vulnerability (CVE-2013-0019)
  • 1005367 Microsoft Internet Explorer CMarkup Use After Free Vulnerability (CVE-2013-0020)
  • 1005368 Microsoft Internet Explorer vtable Use After Free Vulnerability (CVE-2013-0021)
  • 1005369 Microsoft Internet Explorer LsGetTrailInfo Use After Free Vulnerability (CVE-2013-0022)
  • 1005370 Internet Explorer CDispNode Use After Free Vulnerability (CVE-2013-0023)
  • 1005371 Internet Explorer pasteHTML Use After Free Vulnerability (CVE-2013-0024)
  • 1005372 Internet Explorer SLayoutRun Use After Free Vulnerability (CVE-2013-0025)
  • 1005373 Internet Explorer InsertElement Use After Free Vulnerability (CVE-2013-0026)
  • 1005374 Internet Explorer CPasteCommand Use After Free Vulnerability (CVE-2013-0027)
  • 1005375 Internet Explorer CObjectElement Use After Free Vulnerability (CVE-2013-0028)
  • 1005376 Internet Explorer CHTML Use After Free Vulnerability (CVE-2013-0029)

Users are also encouraged to apply the following DPI rules:

Microsoft Bulletin Identifier Rule Name
MS13-010 CVE-2013-0030 VML Memory Corruption Vulnerability (CVE-2013-0030)
MS13-015 1005384 Identified Download Of XBAP File Over HTTP
MS13-020 1005382 Microsoft Office Common Controls Remote Code Execution Vulnerability (CVE-2013-1313)
MS13-020 1005381 Common Controls Remote Code Execution Vulnerability (CVE-2013-1313)
MS13-020 CVE-2013-1313 Restrict Microsoft Windows TabStrip ActiveX Control**

 

Leave a reply


Categories

THURSDAY, MARCH 28, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments