drjbhl
Ramblings of an old Doc
Patch Tuesday… what’s there?
Published on January 9, 2013 By DrJBHL In Personal Computing

 

Well, since the friendly Mayans decided to let us all live, MS has a big bundle this month.

Read about it here: 

http://www.techrepublic.com/blog/window-on-windows/its-microsoft-patch-tuesday-january-2013/7092?tag=nl.e064&s_cid=e064

or here:  http://technet.microsoft.com/en-us/security/bulletin/ms13-jan

Bulletin ID
Bulletin Title and Executive Summary
Maximum Severity Rating and Vulnerability Impact
Restart Requirement
Affected Software

MS13-001
Vulnerability in Windows Print Spooler Components Could Allow Remote Code Execution (2769369)

This security update resolves one privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a print server received a specially crafted print job. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems connected directly to the Internet have a minimal number of ports exposed.
Critical
Remote Code Execution
Requires restart
Microsoft Windows

MS13-002
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (2756145)
This security update resolves two privately reported vulnerabilities in Microsoft XML Core Services. The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes the user to the attacker's website.
Critical
Remote Code Execution
May require restart
Microsoft Windows, 
Microsoft Office, 
Microsoft Developer Tools, 
Microsoft Server Software

MS13-003
Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege (2748552)

This security update resolves two privately reported vulnerabilities in Microsoft System Center Operations Manager. The vulnerabilities could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the affected website.
Important
Elevation of Privilege
Does not require restart
Microsoft Server Software

MS13-004
Vulnerabilities in .NET Framework Could Allow Elevation of Privilege(2769324)

This security update resolves four privately reported vulnerabilities in the .NET Framework. The most severe of these vulnerabilities could allow elevation of privilege if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). The vulnerabilities could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Important
Elevation of Privilege
May require restart
Microsoft Windows,
Microsoft .NET Framework

MS13-005
Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778930)

This security update resolves one privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application.
Important
Elevation of Privilege
Requires restart
Microsoft Windows

MS13-006
Vulnerability in Microsoft Windows Could Allow Security Feature Bypass (2785220)

This security update resolves a privately reported vulnerability in the implementation of SSL and TLS in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker intercepts encrypted web traffic handshakes.
Important
Security Feature Bypass
Requires restart
Microsoft Windows

MS13-007
Vulnerability in Open Data Protocol Could Allow Denial of Service(2769327)

This security update resolves a privately reported vulnerability in the Open Data (OData) protocol. The vulnerability could allow denial of service if an unauthenticated attacker sends specially crafted HTTP requests to an affected site. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
Important
Denial of Service
May require restart
Microsoft Windows,
Microsoft .NET

As you can see, there well might be some restarts…


Popular Articles in this Category
Safe and free software download sites for windows
Keep an Eye Out!
A new and more functional PC Manager widget from MS
Popular Articles from DrJBHL
Safe and free software download sites for windows
A new and more functional PC Manager widget from MS
Comments
1
DaveRI
on Jan 09, 2013

Well, since the friendly Mayans decided to let us all live,

Ya I brought those down last night, took awhile but not too bad.

2
petrossa
on Jan 09, 2013

My pc went into permanent 'don't touch' mode, but after hard reboot it installed the files anyway. Not bad.

3
DrJBHL
on Jan 09, 2013

My older W7 HP x64 froze during download/installation. Did a hard reboot as well, but nothing installed. Went fine the second time.

4
Uvah
on Jan 09, 2013

I see MS-01 thru 07. Windows update is downloading 14 important ones.

5
ekimragz
on Jan 09, 2013

Too many happy endings!

 

6
Island Dog
on Jan 10, 2013

Just a note.  If you have a Surface there's also a firmware update available.

 

7
DrJBHL
on Jan 10, 2013

Correct, I.D.

I don't understand why technet didn't mention that.

Does the Surface or W8 RT have an automatic Windows Update program like Windows 7, etc.?

8
Island Dog
on Jan 10, 2013

Yep, same thing.

Meta
Views
» 12600
Comments
» 8
Category
» Personal Computing
Comment
Recent Article Comments
Let's see your political mem...
LightStar Design Windowblind...
Let's start a New Jammin Thr...
A day in the Life of Odditie...
Safe and free software downl...
Veterans Day
A new and more functional PC...
Post your joy
AI Art Thread: 2022
WD Black Internal and Extern...
Sponsored Links
Terms of Service Privacy Policy About Us Contact Us Stardock.com
© 2024 Stardock Corporation. All rights reserved.
JoeUser v1.0.0.0