Deb Shinder gathers the information you need to make the right deploy decision when applying Microsoft's April 2013 patches in your organization.
They say April showers bring May flowers and on the Microsoft security front, "shower" is an apt description. This month's patch load is more than a light sprinkling but less than a deluge; the company today released nine new security bulletins. Only two are rated as critical, with the rest marked important. Most affect Windows, with one that impacts IE, a couple which hit Office and Microsoft server software, and one that's aimed at Microsoft security software.
In recent months we've seen a large number of non-security updates, but that's scaled back considerably this time.
This blog post is also available in the PDF format in a TechRepublic Download. Falling behind on your patch deployments, catch up with previously published Microsoft Patch Tuesday blog posts.
Whereas in March, Microsoft Office was the primary focus of the patches, with only two that affected Windows itself, this month that situation has been reversed. As with last month, though, we start out with a critical cumulative patch for IE.
MS13-028/KB2817183 - Cumulative Security Update for Internet Explorer
(IE 6, 7, 8, 9 and 10). This update addresses two vulnerabilities in IE that relate to the way IE handles objects in memory. An exploit could allow an attacker to remotely execute code on the computer, but only if the user visits a specially crafted web page. It's rated critical on client operating systems and moderate on servers. All supported operating systems with graphical interface and IE installed are affected. Server Core installations are not affected. This update will require you to restart the system after installation.
MS13-029/KB2828223 - Vulnerability in Remote Desktop Client Could Allow Remote Code Execution
(Remote Desktop Connection client versions 6.1 and 7.0) This update addresses one vulnerability in the Windows RDP client (RDC) that pertains to the way RDC handles objects in memory, that could allow remote code execution if the user visits a specially crafted web page. It is rated critical for RDC running on client operating systems and moderate running on servers. RDC version 8 (on Windows 7 SP1, Windows 8, Windows RT and Server 2012) is not affected, nor is RDC 6.1 when running on Windows Server 2003 SP2 on Itanium systems. Server Core installations don't run the RDC client and thus are not affected. This update may require you to restart the system after installation.
MS013-030/KB2827663 - Vulnerability in SharePoint Could Allow Information Disclosure
(SharePoint Server 2013). This update addresses a vulnerability in SharePoint Server 2013 pertaining to the default access controls, which has been publicly disclosed. If an attacker is able to get access to the SharePoint site where a specific SharePoint list is maintained, (which would require the attacker to be able to authenticate to the SharePoint site), it could result in the disclosure of information. Only SharePoint 2013 is affected; other versions of SharePoint Server, SharePoint Portal Server and SharePoint Services are not affected. This update may require you to restart the system after installation.
MS013-031/K2813170 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
(All supported versions of Windows XP, Vista, 7, 8, and RT, and all supported versions of Windows Server 2003, 2008/2008 R2, and 2012, including Server Core installations). This update addresses two vulnerabilities in the way the Windows kernel handles objects in memory, which could allow an attacker to gain elevated privileges by logging on locally with valid logon credentials and running a specially crafted application. This update may require you to restart the system after installation.
MS013-032/KB2830914 - Vulnerability in Active Directory Could Lead to Denial of Service
(Active Directory, ADAM, Active Directory LDS, Active Directory Services). This update addresses a vulnerability in the Windows Active Directory service that an attacker could exploit, by sending a specially crafted query to LDAP, resulting in a denial of service attack. This affects all supported Windows client and server operating systems except Windows Server 2008/2008 R2 for Itanium-based systems and Windows RT). This update requires you to restart the system after installation.
MS013-033/KB2820917 - Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege
(Windows XP, Vista, Server 2003 and 2008). This update addresses a vulnerability in the way the CSRSS handles objects in memory, which affects the currently supported versions of the Windows operating system prior to Windows 7/Server 2003 R2. Windows 7 and 8 and Server 2003, 2008/2008 R2 and 2012 are not affected, nor is Windows RT. Server Core installations are not affected. The vulnerability can be used by an attacker to gain elevated privileges if the attacker is able to log on locally with valid logon credentials. This update requires you to restart the system after installation.
MS013-034/KB2823482 - Vulnerability in Microsoft Antimalware Client Could Allow Elevation of Privilege
(Windows Defender for Windows 8 and RT). This update addresses a vulnerability in the Microsoft Antimalware Client pertaining to the pathnames used by the Antimalware Client. An attacker who has valid logon credentials can gain elevated privileges and run code, install programs, view/change/delete data, create new accounts and otherwise fully control the system. Windows Defender for Windows XP, Vista and 7, and for Windows Server 2003 and 2008/2008 R2 are not affected. This update requires you to restart the system after installation.
MS013-035/KB2821818 - Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege
(Microsoft InfoPath 2010 SP1, SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, Microsoft Office Web Apps 2010 Service SP1). This update addresses a vulnerability in the listed versions of Microsoft Office and Server software that could be used by an attacker to gain elevated privileges by sending a specially crafted Office file to a user. This update may require you to restart the system after installation.
MS013-036/KB2829996 - Vulnerabilities in Kernel-Mode Driver Could Allow Elevation of Privilege
(All supported versions of Windows XP, Vista, 7, 8 and RT, and all supported versions of Windows Server 2003, 2008/2008 R2, and 2012, including Server Core installations). This update addresses four different vulnerabilities in the way the Windows kernel-mode driver handles objects in memory, one of which has been publicly disclosed. An attacker could gain elevated privileges by logging on locally with valid credentials and run a specially crafted application. This update requires you to restart the system after installation.
There were only six non-security updates released today, including the regular monthly update for the Malicious Software Removal Tool (MSRT).
KB2533552 - Update to prevent "0xC0000034" error
(Windows 7 SP1, Windows Server 2008 R2 SP1). This update fixes an issue pertaining to a stop error message after a restart, after installation of Windows 7 SP1 or Windows 2008 R2 SP1.
KB2799926 - USB storage device can't be mounted or recognized
(Windows 7, Windows Server 2008 R2). This update fixes a problem where the computer won't recognize or mount a USB drive with BitLocker drive encryption enabled due to a dirty shutdown, power failure or hard restart.
KB2800033 - Can't restore Windows (Windows 8, Windows RT, Server 2012). This update addresses a problem caused by a corrupted SYSTEM registry key in an offline image, which causes you to be unable to restore the OS using the "Refresh your PC" option in the Windows Recovery Environment.
KB2822241 - Windows 8 and Server 2012 Cumulative Update
(All editions of Windows 8, Windows Server 2012). This update fixes a number of performance and reliability issues that were addressed by fifteen separate updates issued previously, along with fixes for three new issues: one pertaining to quality degradation when streaming video to Xbox 360 consoles, one pertaining to a stop error when downloading Windows Store apps, and one pertaining to failure of multi-scan JPEG file decoding.
KB283180 - Update for Windows Management Framework 3.0
(Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2008 SP2). This update fixes a number of reliability and serviceability issues in WMF 3.0 on the listed operating systems.
KB890830 - Windows Malicious Software Removal Tool April 2013
(Windows XP, Vista, 7 and 8, Windows Server 2003, 2008, 2008 R2, 2012, Internet Explorer). This is the regular monthly update of malware definitions for the MSRT.
Updates since the last Patch Tuesday
There have been only a couple of new or changed non-security updates released since March 12:
KB2607607 - Language Packs for Windows RT
(Windows RT). New language packs for Windows RT include 27 languages.
KB2718695 - Internet Explorer 10 for Windows 7 and Windows Server 2008
(Windows 7 SP1, Windows Server 2008). Internet Explorer 10, the latest version of Microsoft's web browser that comes with Windows 8 and Server 2012, was released for Windows 7 and Server 2008. It provides a faster, more reliable and more security browsing experience.