Microsoft

It's Microsoft Patch Tuesday: February 2013

Deb Shinder gathers the information you need to make the right deploy decision when applying Microsoft's February 2013 patches in your organization.

February is the month of hearts and flowers, but most IT admins don't have "a whole lotta love" for the patching process - especially when there is a big slate of critical and important updates that need to be applied ASAP because of vulnerabilities that can allow remote code execution and elevation of privilege.

We had a couple of moderate Patch Tuesdays (seven security updates each) to end the old year and begin the new one. However, this month brings us eleven - just in time to threaten some admins with the prospect of working overtime and missing that special Valentine's Day dinner. Let's hope there are a lot of forgiving spouses and significant others out there.

This blog post is also available in the PDF format in a TechRepublic Download. Falling behind on your patch deployments, catch up with previously published Microsoft Patch Tuesday blog posts.

Security Patches

Most of this month's updates affect various versions of Windows itself, with a few impacting IE, Office, the .NET Framework, and Microsoft Server software.

MS13-009/KB 2792100 - Cumulative Security Update for Internet Explorer. (Supported versions of Windows XP, Vista, 7, 8 and RT, and Windows Server 2003, 2008/2008 R2 and 2012). This update addresses a whopping thirteen vulnerabilities in Internet Explorer 6, 7, 8, 9 and 10 that could allow an attacker to remotely execute code if a user visits a malicious web page. It's rated critical for IE running on Windows client operating systems and moderate for IE running on Windows server operating systems. Server core installations are not affected, but the IE 10 preview release for Windows 7 is. This update requires you to restart the system.

MS13-010/KB 2797052 - Vulnerability in Vector Markup Language Could Allow Remote Code Execution. (Supported versions of Windows XP, Vista, 7, 8 and RT, and Windows Server 2003, 2008/2008 R2 and 2012). This update addresses one vulnerability in the Vector Markup Language (VML) that could allow an attacker to remotely execute code if a user visits a malicious web page. It's rated critical for IE running on both Windows client and server operating systems. Server core installations are not affected, but the IE 10 preview release for Windows 7 is. This update requires you to restart the system.

MS13-011/KB 2780091 - Vulnerability in Media Decompression Could Allow Remote Code Execution. (Supported versions of Windows XP, Vista, Server 2003 and Server 2008). This update addresses one vulnerability that could allow an attacker to remotely execute code if the user opens a malicious media file, or an Office document that contains a malicious embedded media file. It can also be exploited by streaming malicious media content. It's rated critical for both Windows client and server operating systems. Windows 7, 8, and RT clients and Windows Server 2008/2008 R2 and 2012 (including Server core installations) are not affected. This update may require you to restart the system.

MS13-012/KB 2809279 - Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution. (Supported versions of Exchange Server 2007 and 2010). This update addresses multiple vulnerabilities in Microsoft Exchange Server that could allow an attacker to remotely execute code if a user previews a malicious file in Outlook Web Access (OWA). It's rated critical for both affected versions of Exchange. Exchange Server 2003 SP3 is not affected. This update may require you to restart the system.

MS13-013/KB 2784242 - Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution. (Microsoft FAST Search Server 2010 for SharePoint SP 1). This update addresses a vulnerability in Microsoft FAST Search Server 2010 for SharePoint that could allow an attacker to remotely execute code when a user account with a restricted token is logged in. It's rated important. The vulnerability is in the Oracle Outside libraries and the Advanced Filter Pack is the affected feature. FAST Search Server 2010 for Internal Applications, for Internet Business and for SharePoint Internet Sites are not affected. This update may require you to restart the system.

MS13-014/KB 2790978 - Vulnerability in NFS Server Could Allow Denial of Service. (Windows Server 2008 R2 and Windows Server 2012, including Server Core installations with NFS role enabled). This update addresses a vulnerability in the listed versions of Windows Server that could allow an attacker to launch a denial of service (DoS) attack by attempting a file operation on a read-only share. It's rated Important but does not affect Windows client operating systems or Windows Server 2003 and 2008 systems, nor does it affect any server on which the NFS role is disabled. This update may require you to restart the system.

MS13-015/KB 2800277 - Vulnerability in .NET Framework Could Allow Elevation of Privilege. (Supported versions of Windows XP, Vista, 7, 8, and Windows Server 2003, 2008/2008 R2 and 2012). This update addresses a vulnerability in the .NET Framework supported versions 2, 3.5, 3.5.1, 4, and 4.5 on the listed operating systems, which could allow an attacker to elevate privileges when a user visits a malicious webpage with a web browser that can run XAML Browser Applications, or possibly to bypass Code Access Security restrictions. It's rated Important. It does not affect supported .NET Framework versions 1.0 SP3, 1.1 SP1, 3.0 SP2, or 3.5 SP1. It also does not affect .NET Framework 4.5 on Windows RT. This update may require you to restart the system.

MS13-016/KB 2778344 - Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege. (Supported versions of Windows XP, Vista, 7, 8 and RT, and Windows Server 2003, 2008/2008 R2 and 2012, including Server Core installations). This update addresses an incredible thirty vulnerabilities in all supported versions of Windows that could allow attackers to elevate privileges by logging onto the system and running a malicious application, due to the way the kernel-mode driver handles objects in memory. It's rated Important, and there is no version of the Windows operating system that is not affected. This update requires you to restart the system.

MS13-017/KB 2799494 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege. (Supported versions of Windows XP, Vista, 7, 8 and RT, and Windows Server 2003, 2008/2008 R2 and 2012, including Server Core installations). This update is similar to the preceding one but addresses three vulnerabilities in the kernel itself that could allow an attacker to elevate privileges by logging onto the system and running a malicious application, due to the way the kernel handles objects in memory. It's rated Important, and there is no version of the Windows operating system that is not affected. This update requires you to restart the system.

MS13-018/KB 2790655 - Vulnerability in TCP/IP Could Allow Denial of Service. (Supported versions of Windows Vista, 7, 8 and RT, and Windows Server 2008/2008 R2 and 2012, including Server Core installations). This update addresses a vulnerability in the listed versions of the Windows operating system that could allow an unauthenticated attacker to create a denial of service (DoS) attack by sending a special connection termination packet. This is made possible by the way the TCP/IP stack in those versions of the OS handles connection termination sequences. It's rated important for affected versions of Windows Server and Moderate for affected versions of the Windows client operating system. Supported versions of Windows XP and Server 2003 are not affected. This update requires you to restart the system.

MS13-019/KB 2790113 - Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege. (Windows 7 for 32 bit and 64 bit systems, with and without SP1; all editions of Windows Server 2008 R2, including Server Core installation). This update addresses a vulnerability in the listed versions of the Windows operating system that could allow an attacker with valid logon credentials to elevate privileges by logging onto the system locally and running a malicious application, due to the way the Windows CSRSS handles objects in memory. Windows XP, Vista, Windows 8, and Windows RT are not affected, nor are Windows Server 2003, 2008, and 2012. This update requires you to restart the system.

MS13-020/KB 2802968 - Vulnerability in OLE Automation Could Allow Remote Code Execution. (Windows XP SP3). This update addresses a vulnerability in Object Linking and Embedding (OLE) Automation that could allow an attacker to remotely execute code if a user opens a malicious file. It's rated critical and only affects Windows XP. Windows Vista, 7, 8, RT and Windows Server (including 2003) are not affected. This update requires you to restart the system.

Other Updates/Releases

After all those security updates, the good news is that this is a fairly light month for non-security updates, with only five updates aside from the regular monthly update for the Malicious Software Removal Tool (MSRT) - down from twelve in January and eighteen in December.

KB2607607 - Language Packs for Windows RT. This update adds support for several eastern European languages. There's no need to install it unless you need to use one of the following languages on your Surface RT or other Windows RT-based devices: Slovak, Bulgarian, Slovenian, Croatian, Estonian, Serbian, Kazakh, Lithuanian, Latvian.

KB2808380 - Update for Windows RT. This non-security update is designed to resolve an issue in Windows RT whereby the Windows Update service freezes after the RT device enters the "connected standby" state, after which you cannot download Windows Store apps or related updates.

KB2608659 - Update for Windows Server 2008 R2 x64 Edition. This is an update rollup for the SIS (Single Insurance Storage) component in Windows Storage Server 2008 R2 that fixes four issues regarding file corruption and loss of data.

KB2793210 - Update for Windows 8 and Windows Server 2012. This is a compatibility update that improves the user experience by reducing the problem of applications that don't install or work correctly on Windows 8 and Server 2012.

KB2795944 - Update for Windows 8, Windows RT, and Windows Server 2012. This is a cumulative update for February 2013 that contains multiple performance and reliability improvements and resolves issues with redundant security confirmations, failure to wake from sleep, and crashes and freezes.

KB890830 - Windows Malicious Software Removal Tool - February 2013 (including Internet Explorer Version). As always, Microsoft has updated the malware definitions for the MSRT for Windows XP, Vista, Windows 7, Windows 8, Windows Server 2003, 2008 and 2008 R2. You should run the updated tool each month.

Updates since the last Patch Tuesday

There were quite a few out-of-band patches released between the January and February Patch Tuesdays:

*** KB2755801 - Update for Internet Explorer Flash Player for Windows 8. (Windows RT, Windows 8, Windows 8 Pro, Windows 8 Enterprise). On February 7, Microsoft released this update for Windows RT, Windows 8 and Server 2012 that (despite its classification as a non-security update) addresses a vulnerability in Flash Player for Windows 8 that could allow an attacker to gain control over a computer. Note that a restart may be required after installation.

Microsoft released five non-security updates on January 22

KB2607607 - Language Packs for Windows RT. (Windows RT). This was another update to add various languages to Windows RT, and need not be installed unless you need to use one or more of those languages on your device: Romanian, Basque, Galician, Hungarian, Turkish, Thai, Ukrainian, Greek, Catalan, Czech.

KB2793214 - Dynamic Update for Windows 8 and Windows Server 2012. (Windows 8, Windows 8 Pro, Windows 8 Enterprise and all editions of Windows Server 2012). This is a compatibility update for the legacy upgrade experience that will improve the process of upgrading to the latest version of Windows 8. It may cause a change in behavior of certain antivirus products including Norton, F-Secure and Panda.

KB2793216 - Dynamic Update for Windows 8 and Windows Server 2012. (Windows 8, Windows 8 Pro, Windows 8 Enterprise and all editions of Windows Server 2012). This compatibility update improves the web and media upgrade experience when upgrading to the latest version of Windows 8. It may cause a change in behavior of certain antivirus products including Norton, F-Secure and Panda.

KB2794119 - Update for Windows 8, Windows Server 2012, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, and Windows XP. (Windows XP, Windows Vista, Windows 7, Windows 7 Embedded, all editions of Windows 8, Windows Server 2003, 2008 / 2008 R2, 2012). This update contains time zone (Daylight Saving Time) changes in Libya and Israel. There is no need to apply it unless you will be using those time zones. This update may cause issues with Microsoft Outlook. See the prerequisites for installation on your operating system.

KB2803748 - Update for Windows Server 2012. (All editions of Windows Server 2012). This update fixes a problem whereby the Failover Cluster Management snap-in crashes after you install update 2750149 on a Windows Server 2012-based failover cluster.

On January 14, Microsoft released one security update

MS13-008/KB2799329 - Security Update for Internet Explorer. (Internet Explorer 6, 7 and 8). This is an update for the listed versions of IE running on Windows XP, Vista, Windows 7, and Windows Server 2003, 2008 and 2008 R2. It addresses one vulnerability that could allow an attacker to execute code remotely if the user goes to a malicious web page. It is rated critical on Windows client operating systems and moderate on Windows servers. IE 9 and 10 are not affected.

About

Debra Littlejohn Shinder, MCSE, MVP is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. Deb is a tech editor, developmental editor, and contributor to over 20 add...

10 comments
therealkorelian
therealkorelian

I am super gun shy at installing any updates as I do this remotely for our office ( I work offsite). I am looking at the updates currently available for the machines for example, KB890830, KB2799494, KB2790655, KB2790113, KB2778344, KB2789642, KB2789643, KB2789645... I haven't really approved any of them.. even though I've created a restore point on the first of 4 machines I need to deploy these things to I haven't deployed them because i'm scared it'll screw something up... any advice?

dentalcrafters
dentalcrafters

Had 10 workstations lose network connection, restarting them brought it back although two I had to release and renew then disable the network card then shut down again before they regained connectivity. Windows 7 machines had to restore and turn off the auto update. Everything is back up and running for now....

wydmex
wydmex

Actually Debra it's not a particularly light month for non-security updates; MS012-009 (KB2792100) if you'll notice also contains 15 Non-security-related fixes for Internet Explorer, many of which are for IE10! ;-)

nicholas.rose
nicholas.rose

I downloaded and installed them last night. One of them caused my Windows 7 box to crash, followed by a recovery screen, followed by some 9700 processes running very fast followed by a reboot. Eventually recovered and worked ok. Come on Microsoft, you can do better than that!

steve
steve

One of the patches caused existing shares not to work and could not navigate to other network computers. Able to surf and ping but no responses. Not sure which one, i just removed them all and worked, multiple machines experienced this issue.

Mark W. Kaelin
Mark W. Kaelin

Are the Microsoft patches giving you trouble this month? Maybe your peers can help - describe the problems you are having.

Gisabun
Gisabun

Installed the Win 7 updates on my host and a VM. No issues. I guess it depends on what you have installed. [Some people had blamed MS when Win XP SP3 would not install but it was later learned that many of those failed installed was because remnants of malware were still on the system. Still blame MS?]

Mewens
Mewens

We are having similar problems and can't find any information. Were you able to find a fix?

steve
steve

Having similar problem for some machines (all XP not on Windows 7 though) can ping, but can't connect to shares or in our case Internet either. Everything running very slowly as well. Can't find out where it is yet and don't have time to research it properly yet. Need ot get it all working again and then maybe look at it. This is the second time (August 2012) that MS updates have caused a major problem. Just can not trust them anymore so will have to implement an agressive change control which is difficult in such a small department. We are not all big corporate IT departments.

Gisabun
Gisabun

If you don't "trust" Microsoft, delay deploying/installing them for a few days. Check Microsoft's forums and see if there are any issues during those days. Can't trust Microsoft after two goofs? And this after how many successful updates? [Boy if you were using an iPhone, you would of dumped it by now!]

Editor's Picks