Posts

Microsoft Security Bulletin Coverage (Apr 9, 2013)

Dell SonicWALL has analysed and addressed Microsoft’s security advisories for the month of April, 2013. A list of issues reported, along with Dell SonicWALL coverage information follows:

MS13-028 Cumulative Security Update for Internet Explorer (2817183)

  • CVE-2013-1303 Internet Explorer Use After Free Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-1304 Internet Explorer Use After Free Vulnerability
    There are no known exploits in the wild.

MS13-029 Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2828223)

  • CVE-2013-1296 RDP ActiveX Control Remote Code Execution Vulnerability
    IPS: 9810 “Microsoft RDP ActiveX AdvancedSettings Attribute Setting”
    IPS: 9811 “Microsoft RDP ActiveX TransportSettings Attribute Setting”

MS13-030 Vulnerability in SharePoint Could Allow Information Disclosure (2827663)

  • CVE-2013-1290 Incorrect Access Rights Information Disclosure Vulnerability
    This is a configuration issue; attack is not distinguishable.

MS13-031 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2813170)

  • CVE-2013-1284 Kernel Race Condition Vulnerability
    This is a local vulnerability. Detection of attack over the wire is not feasible.
  • CVE-2013-1294 Kernel Race Condition Vulnerability
    This is a local vulnerability. Detection of attack over the wire is not feasible.

MS13-032 Vulnerability in Active Directory Could Lead to Denial of Service (2830914)

  • CVE-2013-1282 Memory Consumption Vulnerability
    There are no known exploits in the wild.

MS13-033 Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2820917)

  • CVE-2013-1295 CSRSS Memory Corruption Vulnerability
    This is a local vulnerability. Detection of attack over the wire is not feasible.

MS13-034 Vulnerability in Microsoft Antimalware Client Could Allow Elevation of Privilege (2823482)

  • CVE-2013-0078 Microsoft Antimalware Improper Pathname Vulnerability
    This is a local vulnerability. Detection of attack over the wire is not feasible.

MS13-035 Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2821818)

  • CVE-2013-1289 HTML Sanitization Vulnerability
  • IPS: 9817 “HTML Sanitization Vulnerability”

MS13-036 Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege (2829996)

  • CVE-2013-1283 Win32k Race Condition Vulnerability
    This is a local vulnerability. Detection of attack over the wire is not feasible.
  • CVE-2013-1291 OpenType Font Parsing Vulnerability
    There are no known exploits in the wild.
  • CVE-2013-1292 Win32k Race Condition Vulnerability
    This is a local vulnerability. Detection of attack over the wire is not feasible.
  • CVE-2013-1293 NTFS NULL Pointer Dereference Vulnerability
    This is a local vulnerability. Detection of attack over the wire is not feasible.