Microsoft

It's Microsoft Patch Tuesday: April 2013

Deb Shinder gathers the information you need to make the right deploy decision when applying Microsoft's April 2013 patches in your organization.

They say April showers bring May flowers and on the Microsoft security front, "shower" is an apt description. This month's patch load is more than a light sprinkling but less than a deluge; the company today released nine new security bulletins. Only two are rated as critical, with the rest marked important. Most affect Windows, with one that impacts IE, a couple which hit Office and Microsoft server software, and one that's aimed at Microsoft security software.

In recent months we've seen a large number of non-security updates, but that's scaled back considerably this time.

This blog post is also available in the PDF format in a TechRepublic Download. Falling behind on your patch deployments, catch up with previously published Microsoft Patch Tuesday blog posts.

Security Patches

Whereas in March, Microsoft Office was the primary focus of the patches, with only two that affected Windows itself, this month that situation has been reversed. As with last month, though, we start out with a critical cumulative patch for IE.

MS13-028/KB2817183 - Cumulative Security Update for Internet Explorer

(IE 6, 7, 8, 9 and 10). This update addresses two vulnerabilities in IE that relate to the way IE handles objects in memory. An exploit could allow an attacker to remotely execute code on the computer, but only if the user visits a specially crafted web page. It's rated critical on client operating systems and moderate on servers. All supported operating systems with graphical interface and IE installed are affected. Server Core installations are not affected. This update will require you to restart the system after installation.

MS13-029/KB2828223 - Vulnerability in Remote Desktop Client Could Allow Remote Code Execution

(Remote Desktop Connection client versions 6.1 and 7.0) This update addresses one vulnerability in the Windows RDP client (RDC) that pertains to the way RDC handles objects in memory, that could allow remote code execution if the user visits a specially crafted web page. It is rated critical for RDC running on client operating systems and moderate running on servers. RDC version 8 (on Windows 7 SP1, Windows 8, Windows RT and Server 2012) is not affected, nor is RDC 6.1 when running on Windows Server 2003 SP2 on Itanium systems. Server Core installations don't run the RDC client and thus are not affected. This update may require you to restart the system after installation.

MS013-030/KB2827663 - Vulnerability in SharePoint Could Allow Information Disclosure

(SharePoint Server 2013). This update addresses a vulnerability in SharePoint Server 2013 pertaining to the default access controls, which has been publicly disclosed. If an attacker is able to get access to the SharePoint site where a specific SharePoint list is maintained, (which would require the attacker to be able to authenticate to the SharePoint site), it could result in the disclosure of information. Only SharePoint 2013 is affected; other versions of SharePoint Server, SharePoint Portal Server and SharePoint Services are not affected. This update may require you to restart the system after installation.

MS013-031/K2813170 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege

(All supported versions of Windows XP, Vista, 7, 8, and RT, and all supported versions of Windows Server 2003, 2008/2008 R2, and 2012, including Server Core installations). This update addresses two vulnerabilities in the way the Windows kernel handles objects in memory, which could allow an attacker to gain elevated privileges by logging on locally with valid logon credentials and running a specially crafted application. This update may require you to restart the system after installation.

MS013-032/KB2830914 - Vulnerability in Active Directory Could Lead to Denial of Service

(Active Directory, ADAM, Active Directory LDS, Active Directory Services). This update addresses a vulnerability in the Windows Active Directory service that an attacker could exploit, by sending a specially crafted query to LDAP, resulting in a denial of service attack. This affects all supported Windows client and server operating systems except Windows Server 2008/2008 R2 for Itanium-based systems and Windows RT). This update requires you to restart the system after installation.

MS013-033/KB2820917 - Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege

(Windows XP, Vista, Server 2003 and 2008). This update addresses a vulnerability in the way the CSRSS handles objects in memory, which affects the currently supported versions of the Windows operating system prior to Windows 7/Server 2003 R2. Windows 7 and 8 and Server 2003, 2008/2008 R2 and 2012 are not affected, nor is Windows RT. Server Core installations are not affected. The vulnerability can be used by an attacker to gain elevated privileges if the attacker is able to log on locally with valid logon credentials. This update requires you to restart the system after installation.

MS013-034/KB2823482 - Vulnerability in Microsoft Antimalware Client Could Allow Elevation of Privilege

(Windows Defender for Windows 8 and RT). This update addresses a vulnerability in the Microsoft Antimalware Client pertaining to the pathnames used by the Antimalware Client. An attacker who has valid logon credentials can gain elevated privileges and run code, install programs, view/change/delete data, create new accounts and otherwise fully control the system. Windows Defender for Windows XP, Vista and 7, and for Windows Server 2003 and 2008/2008 R2 are not affected. This update requires you to restart the system after installation.

MS013-035/KB2821818 - Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege

(Microsoft InfoPath 2010 SP1, SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, Microsoft Office Web Apps 2010 Service SP1). This update addresses a vulnerability in the listed versions of Microsoft Office and Server software that could be used by an attacker to gain elevated privileges by sending a specially crafted Office file to a user. This update may require you to restart the system after installation.

MS013-036/KB2829996 - Vulnerabilities in Kernel-Mode Driver Could Allow Elevation of Privilege

(All supported versions of Windows XP, Vista, 7, 8 and RT, and all supported versions of Windows Server 2003, 2008/2008 R2, and 2012, including Server Core installations). This update addresses four different vulnerabilities in the way the Windows kernel-mode driver handles objects in memory, one of which has been publicly disclosed. An attacker could gain elevated privileges by logging on locally with valid credentials and run a specially crafted application. This update requires you to restart the system after installation.

Other Updates/Releases

There were only six non-security updates released today, including the regular monthly update for the Malicious Software Removal Tool (MSRT).

KB2533552 - Update to prevent "0xC0000034" error

(Windows 7 SP1, Windows Server 2008 R2 SP1). This update fixes an issue pertaining to a stop error message after a restart, after installation of Windows 7 SP1 or Windows 2008 R2 SP1.

KB2799926 - USB storage device can't be mounted or recognized

(Windows 7, Windows Server 2008 R2). This update fixes a problem where the computer won't recognize or mount a USB drive with BitLocker drive encryption enabled due to a dirty shutdown, power failure or hard restart.

KB2800033 - Can't restore Windows (Windows 8, Windows RT, Server 2012). This update addresses a problem caused by a corrupted SYSTEM registry key in an offline image, which causes you to be unable to restore the OS using the "Refresh your PC" option in the Windows Recovery Environment.

KB2822241 - Windows 8 and Server 2012 Cumulative Update

(All editions of Windows 8, Windows Server 2012). This update fixes a number of performance and reliability issues that were addressed by fifteen separate updates issued previously, along with fixes for three new issues: one pertaining to quality degradation when streaming video to Xbox 360 consoles, one pertaining to a stop error when downloading Windows Store apps, and one pertaining to failure of multi-scan JPEG file decoding.

KB283180 - Update for Windows Management Framework 3.0

(Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2008 SP2). This update fixes a number of reliability and serviceability issues in WMF 3.0 on the listed operating systems.

KB890830 - Windows Malicious Software Removal Tool April 2013

(Windows XP, Vista, 7 and 8, Windows Server 2003, 2008, 2008 R2, 2012, Internet Explorer). This is the regular monthly update of malware definitions for the MSRT.

Updates since the last Patch Tuesday

There have been only a couple of new or changed non-security updates released since March 12:

KB2607607 - Language Packs for Windows RT

(Windows RT). New language packs for Windows RT include 27 languages.

KB2718695 - Internet Explorer 10 for Windows 7 and Windows Server 2008

(Windows 7 SP1, Windows Server 2008). Internet Explorer 10, the latest version of Microsoft's web browser that comes with Windows 8 and Server 2012, was released for Windows 7 and Server 2008. It provides a faster, more reliable and more security browsing experience.

About

Debra Littlejohn Shinder, MCSE, MVP is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. Deb is a tech editor, developmental editor, and contributor to over 20 add...

12 comments
George in Providence
George in Providence

Since applying the latest round of Microsoft patches on the 11th, every time my Win 7 Pro 64-bit workstations restart, they want to do a disk check, and the system log registers an error event ID 55, source NTFS, “The file system structure on the disk is corrupt and unuseable???” If the user allows the disk check to happen, it takes maybe five minutes, then the OS finishes loading and everything seems fine. If the user elects to skip the disk check, the same thing happens--OS loads, everything groovy. Either way, the next restart again calls for the disk check. I tried running a full chkdsk /R on one system, but that did not clear the need for a disk check either. This began with the first restart after installing the updates a couple days ago, and affects all or nearly all my Win 7 systems. Has anyone else seen this? Any ideas on which update caused it or how to get rid of this seemingly frivolous disk check on every boot?

dentalcrafters
dentalcrafters

It causes the continual rebooting issue and also conflicts with Kaspersky causing it to display a licensing issue. They have posted a blog post on the Microsoft Security Response Center and have removed the update from the list, they will be putting out a patch for thier patch......

perlman
perlman

Don't know if is worldwide, but Brasilian W7 32 not booting after April patches.

lwetzel
lwetzel

I noticed on my Surface Pro there was a firmware update also. I have had no problems on any of my machines.

gfo99
gfo99

IE 10 will not run, any suggestions?

wmstrome
wmstrome

After doing the Windows Update with these patches (Windows Vista), Windows could not start. I had to do a repair, which meant rolling the system back to the restore point prior to the update. I do not know which of the patches caused the problem.

Mark W. Kaelin
Mark W. Kaelin

Is the Microsoft patch giving you trouble this month? Maybe your peers can help - describe the problems you are having.

dentalcrafters
dentalcrafters

Did you try removing update 2823324? It really caused a lot of havoc in our network. Once I deleted it all was good.

Who Am I Really
Who Am I Really

that's what happens with bulk installing when one or more updates bombs the system you're stuck with starting the whole lot over again because you don't know which update(s) bombed the system change win update from automatic to: - download updates for me but let me choose whether to install them then install each update individually

George in Providence
George in Providence

Thanks for the suggestion--that was it. I did find that I had to allow the disk check to run one last time after uninstalling the bad update before the disk checks finally stopped.

Editor's Picks