Microsoft Security Bulletins: Patch Tuesday, January 2013

Microsoft has released Security Bulletins for January 2013. This is the first “Patch Tuesday” of 2013 and as we do every month, bringing you details of the security bulletins that get released, along with details of how you should deploy the security bulletins. For Patch Tuesday of January 2013, Microsoft has released seven security bulletins. Out of the seven bulletins, two are rated critical, the maximum severity rating, the rest five bulletins are rated as important, which is the next highest possible severity rating. Six of the seven security bulletins fix issues in Windows operating system, two security bulletins fix issues in the .Net Framework and Microsoft Server Software, and the one left fixes issues in Microsoft Office and Developer Tools.

The January 2013 Security Bulletins

MS13-001Vulnerability in Windows Print Spooler Components Could Allow Remote Code Execution (2769369)

This security update resolves one privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a print server received a specially crafted print job. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems connected directly to the Internet have a minimal number of ports exposed.

MS13-002Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (2756145)

This security update resolves two privately reported vulnerabilities in Microsoft XML Core Services. The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes the user to the attacker’s website.

MS13-003 – Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege (2748552)

This security update resolves two privately reported vulnerabilities in Microsoft System Center Operations Manager. The vulnerabilities could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the affected website.

MS13-004Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2769324)

This security update resolves four privately reported vulnerabilities in the .NET Framework. The most severe of these vulnerabilities could allow elevation of privilege if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). The vulnerabilities could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS13-005Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778930)

This security update resolves one privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application.

MS13-006Vulnerability in Microsoft Windows Could Allow Security Feature Bypass (2785220)

This security update resolves a privately reported vulnerability in the implementation of SSL and TLS in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker intercepts encrypted web traffic handshakes.

MS13-007Vulnerability in Open Data Protocol Could Allow Denial of Service (2769327)

This security update resolves a privately reported vulnerability in the Open Data (OData) protocol. The vulnerability could allow denial of service if an unauthenticated attacker sends specially crafted HTTP requests to an affected site. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

Deployment guide and severity index of January 2013 Patch Tuesday updates

Bulletin Deployment Guide: January 2013
Severity Index: January 2013

How to apply January 2013 Patch Tuesday updates?

You can download and install the new security updates issued every month on Patch Tuesday using a number of options. If Windows operating system is set to download and install updates automatically you do not have to bother about anything. Windows will automatically download the issued patches as install them on the next restart of the machine. You can also manually check for updates by opening Windows Update from the Control Panel.

Download All January 2013 Patch Tuesday Updates for Windows

If your Windows operating system is facing problem downloading updates, you can manually download the updates from Microsoft Download Center.

You can also download the January 2013 Security Release ISO DVD, which you can use to deploy the updates on multiple machines. The Security Release ISO image for January 2013 DVD comprises of only Windows updates and doesn’t come with security patches for any other Microsoft product. It does support the majority of Windows versions, including Windows XP, Windows 7, Windows Vista, Windows Server 2008 and Windows 8. Fixes for the tablet-oriented Windows RT are also available.

You can click here (direct download link) to download the Security Release ISO Image for January 2013 from Microsoft for free.

Source: Microsoft Security TechCenter

You may also like...