Patch Tuesday Wednesday (Mar-2013)

This month Microsoft have released seven (7) security bulletins of which four (4) have a maximum rating of Critical, and three (3) have a maximum rating of Important.

We’re releasing 7 bulletins, four Critical-class and three Important-class, addressing 20 vulnerabilities in Microsoft Windows, Office, Internet Explorer, Server Tools, and Silverlight. For those who need to prioritize deployment, we recommend focusing on MS13-021, MS13-022 and MS13-027 first. [1]

Bulletin	KB number	Description	Severity	Impact	Software
MS13-021	2809289	Cumulative Security Update for Internet Explorer	Remote Code Execution	Critical	Microsoft Windows, Internet Explorer
MS13-022	2814124	Vulnerability in Silverlight Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Silverlight
MS13-023	2801261	Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Office
MS13-024	2780176	Vulnerabilities in SharePoint Could Allow Elevation of Privilege	Elevation of Privilege	Critical	Microsoft Office, Microsoft Server Software
MS13-025	2816264	Vulnerability in Microsoft OneNote Could Allow Information Disclosure	Information Disclosure	Important	Microsoft Office
MS13-026	2813682	Vulnerability in Office Outlook for Mac Could Allow Information Disclosure	Information Disclosure	Important	Microsoft Office
MS13-027	2807986	Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege	Elevation of Privilege	Important	Microsoft Windows

PATCH NOW:
* MS13-021
* MS13-022
* MS13-027

LINKS:
[1.] Evolving Response and the March 2013 Bulletin Release (2013-Mar-12) [MS: MSRC]
[2.] Microsoft March 2013 Black Tuesday Overview (2013-Mar-12) [SANS]
[3.] Microsoft Security Bulletin Summary for March 2013 (2013-Mar-12) [MS]
[4.] Microsoft security updates for March 2013 (2013-Mar-12) [MS]

Firefox 19.0.2

Firefox v.19.0.2 was offered to release channel users on March 07, 2013

Fixed in Firefox 19.0.2 [4]
MFSA 2013-29 Use-after-free in HTML Editor

Fixed in Firefox 19
MFSA 2013-28 Use-after-free, out of bounds read, and buffer overflow issues found using Address
MFSA 2013-27 Phishing on HTTPS connection through malicious proxy
MFSA 2013-26 Use-after-free in nsImageLoadingContent
MFSA 2013-25 Privacy leak in JavaScript Workers
MFSA 2013-24 Web content bypass of COW and SOW security wrappers
MFSA 2013-23 Wrapped WebIDL objects can be wrapped again
MFSA 2013-22 Out-of-bounds read in image rendering
MFSA 2013-21 Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)

Vulnerability ratings: 1 Critical
Evaluation: 19.0.2 is a security-driven release, it is time to update again.

LINKS:
[1] Firefox Updated: Firefox 19.0.2 (2013-Mar-07) [Mozilla]
[2] Firefox features [Mozilla]
[3] Mozilla Firefox 19.0.2 Release Notes (2013-Mar-07) [Mozilla]
[4] Security Advisories for Firefox [Mozilla]

Patch Tuesday, a Heads Up. (Mar-2013)

Next scheduled release: March 12th, 2012
The heads up for this month is; On Tuesday 12th March (US time; Wednesday 13th March AU time) Microsoft expect to release seven (7) new security bulletins. Four (4) bulletins carry a maximum aggregate rating of Critical, and three (3) are rated Important.

Today we’re providing advance notification for the release of seven bulletins, four Critical and three Important, for March 2013. The Critical bulletins address vulnerabilities in Microsoft Silverlight, Internet Explorer, Office and Microsoft Server Software. The three Important-rated bulletins will address issues in Microsoft Windows and Office. [1]

LINKS:
[1] Advance Notification Service for March 2013 Security Bulletin Release (2013-Mar-07) [MSRC]

iOS 6.1.2

iOS 6.1.2
Fixes an Exchange calendar bug that could result in increased network activity and reduced battery life.

Apple has released iOS 6.1.2 which is a small (12.8 MB) update. This update appears to be dedicated to fixing a bug on exchange calendars (iPhone and iPad) which leads to failure of attempts to accept or decline Exchange calendar meeting requests. This results in a continuous loop being set up, with the consequence that the accept/decline is not recorded, a heavy load is placed on the servers, and the device’s battery runs down rather rapidly.

VERDICT: Update now

LINKS:
[1] iOS 6.1.2 Software Update (2013-Feb-19) [Apple]

Adobe Patches (Feb-2013)

Adobe has released two patches for this month’s ‘Patch Tuesday’ with one patch for the Adobe Flash Player and one for Adobe Shockwave Player.

Bulletin	Description	Severity	Impact	Software
APSB13-05	Security updates available for Adobe Flash Player	Remote Code Execution	Critical	Adobe Flash Player
APSB13-06	Security updates available for Adobe Shockwave Player	Remote Code Execution	Critical	Adobe Shockwave Player

APSB13-04 was released 07-Feb-2013 and also dealt with a critical issue in Adobe Flash Player.

LINKS:
[1.] Adobe Security Bulletins Posted (2013-Feb-12) [Adobe PSIRT Blog]
[2.] Adobe – Security bulletins and advisories (2013-Feb-12) [Adobe]
[3] Adobe Feb 2013 Black Tuesday patches (2013-Feb-12) [SANS]

Patch Tuesday Wednesday (Feb-2013)

This month Microsoft have released twelve (12) security bulletins of which five (5) have a maximum rating of Critical, and seven (7) have a maximum rating of Important.

We’re releasing 12 bulletins, five Critical-class and seven Important-class, addressing 57 vulnerabilities in Microsoft Windows, Office, Internet Explorer, Exchange and .NET Framework. For those who need to prioritize deployment, we recommend focusing on MS13-009, MS13-010 and MS13-020 first. [1]

Bulletin	KB number	Description	Severity	Impact	Software
MS13-009	2792100	Cumulative Security Update for Internet Explorer	Remote Code Execution	Critical	Microsoft Windows, Internet Explorer
MS13-010	2797052	Vulnerability in Vector Markup Language Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Windows, Internet Explorer
MS13-011	2780091	Vulnerability in Media Decompression Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Windows
MS13-012	2809279	Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Server Software
MS13-013	2784242	Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution	Remote Code Execution	Important	Microsoft Office, Microsoft Server Software
MS13-014	2790978	Vulnerability in NFS Server Could Allow Denial of Service	Denial of Service	Important	Microsoft Windows
MS13-015	2800277	Vulnerability in .NET Framework Could Allow Elevation of Privilege	Elevation of Privilege	Important	Microsoft Windows, Microsoft .NET Framework
MS13-016	2778344	Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege	Elevation of Privilege	Important	Microsoft Windows
MS13-018	2799494	Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege/td>	Elevation of Privilege	Important	Microsoft Windows
MS13-018	2790655	Vulnerability in TCP/IP Could Allow Denial of Service	Denial of Service	Important	Microsoft Windows
MS13-019	2790113	Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege	Elevation of Privilege	Important	Microsoft Windows
MS13-020	2802968	Vulnerability in OLE Automation Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Windows

PATCH NOW:
* MS13-009 (Microsoft Internet Explorer)
* MS13-010 (Vector Markup Language)
* MS13-020 (Microsoft Windows)

LINKS:
[1.] Baseball, Bulletins and the February 2013 Release (2013-Feb-12) [MS: MSRC]
[2.] Microsoft February 2013 Black Tuesday Update – Overview (2013-Feb-12) [SANS]
[3.] Microsoft Security Bulletin Summary for February 2013 (2013-Feb-12) [MS]
[4.] Microsoft security updates for February 2013 (2013-Feb-12) [MS]

Patch Tuesday, a Heads Up. (Feb-2013)

Next scheduled release: February 12th, 2012
The heads up for this month is; On Tuesday 12th February (US time; Wednesday 13th February AU time) Microsoft expect to release twelve (12) new security bulletins, addressing 57 unique vulnerabilities. Five (5) bulletins carry a maximum aggregate rating of Critical, and seven (7) are rated Important.

We’re kicking off the February 2013 Security Bulletin Release with Advance Notification of 12 bulletins for release Tuesday, February 12. This release brings five Critical and seven Important-class bulletins, which address 57 unique vulnerabilities. The Critical-rated bulletins address issues in Microsoft Windows, Internet Explorer and Exchange Software. The Important-rated bulletins address issues in Microsoft Windows, Office, .NET Framework, and Microsoft Server Software. [1]

LINKS:
[1] Advance Notification Service for the February 2013 Security Bulletin Release (2013-Feb-07) [MSRC]
[2] Microsoft Security Bulletin Summary for February 2013 (2013-Feb-07) [MS Technet]

Adobe Patches (Dec-2012)

Adobe has released two patches for this month’s ‘Patch Tuesday’ with one patch for the Adobe Flash Player and One for Coldfusion 10 and earlier.

Bulletin	Description	Severity	Impact	Software
APSB12-26	Security update: Hotfix available for ColdFusion 10 and earlier	Sandbox Permissions Violation	Important	Adobe Flash Player
APSB12-27	Security updates available for Adobe Flash Player	Remote Code Execution	Critical	Adobe Flash Player

LINKS:
[1.] Adobe Security Bulletins Posted (2012-Dec-11) [Adobe PSIRT Blog]
[2.] Adobe – Security bulletins and advisories (2012-Dec-11) [Adobe]

Patch Tuesday Wednesday (Dec-2012)

This month Microsoft have released seven (7) security bulletins of which five (5) have a maximum rating of Critical, and two (2) have a maximum rating of Important.

Now, on to the news of the day; today we’re releasing seven bulletins, five Critical-class and two Important-class, addressing 12 vulnerabilities in Microsoft Windows, Internet Explorer (IE), Word and Windows Server. [1]

Bulletin	KB number	Description	Severity	Impact	Software
MS12-077	2761465	Cumulative Security Update for Internet Explorer	Remote Code Execution	Critical	Microsoft Windows, Internet Explorer
MS12-078	2783534	Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Windows
MS12-079	2780642	Vulnerability in Microsoft Word Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Office
MS12-080	2784126	Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Server Software
MS12-081	2758857	Vulnerability in Windows File Handling Component Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Windows
MS12-082	2770660	Vulnerability in DirectPlay Could Allow Remote Code Execution	Remote Code Execution	Important	Microsoft Windows
MS12-083	2765809	Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass	Security Feature Bypass	Important	Microsoft Windows

PATCH NOW:
* MS12-077 (Internet Explorer)
* MS12-079 (Microsoft Word)

LINKS:
[1.] It’s That Time of Year, For the December 2012 Bulletin Release (2012-Dec-11) [MS: MSRC]
[2.] Microsoft December 2012 Black Tuesday Update – Overview (2012-Dec-11) [SANS]
[3.] Microsoft Security Bulletin Summary for December 2012 (2012-Dec-11) [MS]
[4.] Microsoft security updates for December 2012 (2012-Dec-11) [MS]

Firefox 17.0.1

Firefox v.17.0.1 was offered to release channel users on November 30, 2012

Firefox 17.0 is a bit of a dog; slow response, stalling when closing windows and other browsing tragedies. Anyone else feeling the pain?

—
  (@visibleprocrast) November 29, 2012

Fixed in Firefox 17.0.1 [4]
No security updates, performance update only

LINKS:
[1] Firefox Updated: Firefox 17.0.1 (2012-Nov-30) [Mozilla]
[2] Firefox features [Mozilla]
[3] Mozilla Firefox 17.0.1 Release Notes (2012-Nov-30) [Mozilla]
[4] Security Advisories for Firefox [Mozilla]