Dell SonicWALL has analysed and addressed Microsoft’s security advisories for the month of April, 2013. A list of issues reported, along with Dell SonicWALL coverage information follows:

MS13-028 Cumulative Security Update for Internet Explorer (2817183)

• CVE-2013-1303 Internet Explorer Use After Free Vulnerability
  There are no known exploits in the wild.
• CVE-2013-1304 Internet Explorer Use After Free Vulnerability
  There are no known exploits in the wild.

MS13-029 Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2828223)

• CVE-2013-1296 RDP ActiveX Control Remote Code Execution Vulnerability
  IPS: 9810 “Microsoft RDP ActiveX AdvancedSettings Attribute Setting”
  IPS: 9811 “Microsoft RDP ActiveX TransportSettings Attribute Setting”

MS13-030 Vulnerability in SharePoint Could Allow Information Disclosure (2827663)

• CVE-2013-1290 Incorrect Access Rights Information Disclosure Vulnerability
  This is a configuration issue; attack is not distinguishable.

MS13-031 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2813170)

• CVE-2013-1284 Kernel Race Condition Vulnerability
  This is a local vulnerability. Detection of attack over the wire is not feasible.
• CVE-2013-1294 Kernel Race Condition Vulnerability
  This is a local vulnerability. Detection of attack over the wire is not feasible.

MS13-032 Vulnerability in Active Directory Could Lead to Denial of Service (2830914)

• CVE-2013-1282 Memory Consumption Vulnerability
  There are no known exploits in the wild.

MS13-033 Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2820917)

• CVE-2013-1295 CSRSS Memory Corruption Vulnerability
  This is a local vulnerability. Detection of attack over the wire is not feasible.

MS13-034 Vulnerability in Microsoft Antimalware Client Could Allow Elevation of Privilege (2823482)

• CVE-2013-0078 Microsoft Antimalware Improper Pathname Vulnerability
  This is a local vulnerability. Detection of attack over the wire is not feasible.

MS13-035 Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2821818)

• CVE-2013-1289 HTML Sanitization Vulnerability

IPS: 9817 “HTML Sanitization Vulnerability”

MS13-036 Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege (2829996)

• CVE-2013-1283 Win32k Race Condition Vulnerability
  This is a local vulnerability. Detection of attack over the wire is not feasible.
• CVE-2013-1291 OpenType Font Parsing Vulnerability
  There are no known exploits in the wild.
• CVE-2013-1292 Win32k Race Condition Vulnerability
  This is a local vulnerability. Detection of attack over the wire is not feasible.
• CVE-2013-1293 NTFS NULL Pointer Dereference Vulnerability
  This is a local vulnerability. Detection of attack over the wire is not feasible.