04-18-13 | Blog Post
This month there are nine updates within the Microsoft security bulletin. Two are due to remote code execution vulnerabilities, while many of the important-rated patches are due to weaknesses that could allow an elevation of privilege.
The first critical update was a cumulative update for Internet Explorer, resolving two reported vulnerabilities that would have allowed remote code execution. In order for an attacker to exploit this, a user would simply have to view a specially crafted webpage while using Internet Explorer. This update affects Internet Explorer 6 through 10. A full list of the affected softwares and their severity rating can be found on the bulletin.
The other critical update is for another remote code execution vulnerability, this time involving Windows Remote Desktop Client. If a user views a specially crafted web page, the attacker has the opportunity to gain the same rights as the user. For both of these updates Microsoft reminded readers that setting up accounts with only as many user rights as necessary can help lower the effects to these types of attacks, as the attacker doesn’t get as many freedoms as if everyone on the system had administrator level access.
Rated ‘important’, there was a vulnerability for SharePoint servers that could allow information disclosure. In order to exploit this vulnerability, an attacker would have to know the address or location of a specific SharePoint list, and gained access to where the list was maintained. The attacker would also need to get past the authentication requests posed by the site. In order to resolve this issue, the default access controls applied to these lists were altered. This affects supported editions of SharePoint Server 2013.
There was also an important vulnerability patched for Active Directory, where If the attacker sent a specially crafted query to the Lightweight Directory Access Protocol (LDAP) services, it would result in a denial of service. This was due to the way the service was handling LDAP queries, and will require a restart with the patch.
The rest of the updates were for elevation of privilege vulnerabilities. Of note, there was a patch for three vulnerabilities in Microsoft Windows that would allow the elevation of privilege given they have the ability to physically access the computer. After the updates were published by Microsoft and they started being implemented, it was found that this patch was causing system areas. This was caused by the update’s incompatibility with certain third-party software. It was suggested that if the patch was installed, to uninstall. Microsoft also pulled the update from their site in order to get it fixed and republished.
