Microsoft Security Bulletins For March 2013 Released

bulletin deployment priority march 2013 guide

Mar 12, 2013

Updated • Apr 9, 2013

Yes it is this day of the month ago. Microsoft has just released this month collection of updates and patches for its products. A total of seven security bulletins have been released this month that resolve security related issues in programs such as Microsoft Office, Windows, Internet Explorer and Microsoft Server Software.

Four of the seven bulletins have received a maximum severity rating of critical, the highest rating available for vulnerabilities, while the remaining three received one of important, the second highest rating available. What this means is that at least one affected product has received the rating, while other products may have received the same, a lower, or no rating at all if they are not affected by the vulnerability.

Operating system distribution

Here is the list of bulletins by operating system. First the desktop systems and then the server operating systems. Note that only two of the bulletins affect the Windows operating system or products that run on it. The remaining bulletins are for Office products and other Microsoft software.

Windows XP: 1 critical, 1 important
Windows Vista: 1 critical, 1 important
Windows 7:Â 1 critical, 1 important
Windows 8:Â 1 critical, 1 important
Windows RT: 1 critical
Windows Server 2003: 1 important, 1 moderate
Windows Server 2008: 1 important, 1 moderate
Windows server 2008 R2: 1 important, 1 moderate
Windows Server 2012: 1 important, 1 moderate

Deployment Guide

The Bulletin Deployment Priority table provides guidance to system administrators in regards to the order in which bulletins should be installed on affected computer systems. Microsoft suggests to start with MS13-021, MS13-022 and MS13-027 first and in that order, then with MS13-023 and MS13-024, before deploying MS13-025 and MS13-026. It goes without saying that these bulletins only need to be deployed on systems the products run on.

The March 2013 bulletins

MS13-021 - Cumulative Security Update for Internet Explorer (2809289) - This security update resolves eight privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS13-022 - Vulnerability in Silverlight Could Allow Remote Code Execution (2814124) - This security update resolves a privately reported vulnerability in Microsoft Silverlight. The vulnerability could allow remote code execution if an attacker hosts a website that contains a specially crafted Silverlight application that could exploit this vulnerability and then convinces a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. Such websites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit a website. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or in an Instant Messenger message that takes them to the attacker's website. It could also be possible to display specially crafted web content by using banner advertisements or by using other methods to deliver web content to affected systems.
MS13-023 - Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2801261) - This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS13-024 - Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2780176) - This security update resolves four privately reported vulnerabilities in Microsoft SharePoint and Microsoft SharePoint Foundation. The most severe vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes the user to a targeted SharePoint site.
MS13-025 - Vulnerability in Microsoft OneNote Could Allow Information Disclosure (2816264) - This security update resolves a privately reported vulnerability in Microsoft OneNote. The vulnerability could allow information disclosure if an attacker convinces a user to open a specially crafted OneNote file.
MS13-026 - Vulnerability in Office Outlook for Mac Could Allow Information Disclosure (2813682) - This security update resolves one privately reported vulnerability in Microsoft Office for Mac. The vulnerability could allow information disclosure if a user opens a specially crafted email message.
MS13-027 - Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2807986) - This security update resolves three privately reported vulnerabilities in Microsoft Windows. These vulnerabilities could allow elevation of privilege if an attacker gains access to a system.

Non-Security related updates

In addition to security related updates, Microsoft has also made available non-security related updates this month:

Internet Explorer 10 for Windows 7 and Windows Server 2008 R2 (KB2718695)
Update for Windows 7 and Windows Server 2008 R2 (KB2775511)
Update for Windows 8 (KB2781197)
Update for Windows 8 and Windows Server 2012 (KB2790907)
Dynamic Update for Windows 8 and Windows Server 2012 (KB2791338)
Update Rollup for Microsoft Windows MultiPoint Server 2012 (KB2791647)
Update for Windows 7 and Windows Server 2008 R2 (KB2791765)
Update for Windows Server 2008 R2 x64 Edition (KB2806748)
Update for Windows 8, Windows RT, and Windows Server 2012 (KB2811660)
Update for Windows 8, Windows RT, and Windows Server 2012 (KB2812822)
Update for Internet Explorer Flash Player for Windows 8, Server 2012 and Windows RT (KB2824670)
Windows Malicious Software Removal Tool - March 2013 (KB890830)/Windows Malicious Software Removal Tool - March 2013 (KB890830) - Internet Explorer Version
Platform Update for Windows 7 and Windows Server 2008 R2 (KB2670838)
Internet Explorer 10 for Windows 7 and Windows Server 2008 R2 (KB2718695)

How to download and install the March 2013 updates

The recommended way to install these updates for home users is to use Windows Update. You can run a manual check for updates via the start menu. If you are using Windows 8, do the following instead:

On Windows 8 you tap on the Windows key to get to the start screen interface, enter Windows update, select Settings on the Charms Bar, and then Check for updates in the results listing.

Here you can click on check for updates to run a manual update check. Windows should pick up the new updates right away so that you can download and install them to your system.

The updates are also available on Microsoft's Download Center where they can be downloaded as individual updates to the local system. That's useful if they need to be deployed on a company network for example, or if you want greater control over the updating process itself.

Comments

Some Dude said on March 19, 2023 at 11:42 am


Are these articles AI generated?

Now the duplicates are more obvious.
1. boris said on March 19, 2023 at 11:48 pm
  
  
  This is below AI generated crap. It is copy of Microsoft Help website article without any relevant supporting text. Anyway you can find this information on many pages.
Paul(us) said on March 20, 2023 at 1:32 am


Yes, but why post the exact same article under a different title twice on the same day (19 march 2023), by two different writers?
1.) Excel Keyboard Shortcuts by Trevor Monteiro.
2.) 70+ Excel Keyboard Shortcuts for Windows by Priyanka Monteiro

Why oh why?
1. Clairvaux said on September 6, 2023 at 11:30 am
  
  
  Yeah. Tell me more about “Priyanka Monteiro”. I’m dying to know. Indian-Portuguese bot ?
John G. said on August 18, 2023 at 4:36 pm


Probably they will announce that the taskbar will be placed at top, right or left, at your will.

Special event by they is a special crap for us.
yanta said on August 18, 2023 at 11:59 pm


If it’s Microsoft, don’t buy it.
Better brands at better prices elsewhere.
John G. said on August 20, 2023 at 4:22 am


All new articles have zero count comments. :S
Anonymous said on September 5, 2023 at 7:48 am


WTF? So, If I add one photo to 5 albums, will it count 5x on my storage?
It does not make any sense… on google photos, we can add photo to multiple albums, and it does not generate any additional space usage

I have O365 until end of this year, mostly for onedrive and probably will jump into google one
St Albans Digital Printing Inc said on September 5, 2023 at 11:53 am


Photo storage must be kept free because customers chose gadgets just for photos and photos only.
Anonymous said on September 5, 2023 at 12:47 pm


What a nonsense. Does it mean that albums are de facto folders with copies of our pictures?
1. GG said on September 6, 2023 at 8:24 am
  
  
  Sounds exactly like the poor coding Microsoft is known for in non-critical areas i.e. non Windows Core/Office Core.
  
  I imagine a manager gave an employee the task to create the album feature with hardly any time so they just copied the folder feature with some cosmetic changes.
  
  And now that they discovered what poor management results in do they go back and do the album feature properly?
  
  Nope, just charge the customer twice.
  
  Sounds like a go-getter that needs to be promoted for increasing sales and managing underlings “efficiently”, said the next layer of middle management.
d3x said on September 5, 2023 at 7:33 pm


When will those comments get fixed? Was every editor here replaced by AI and no one even works on this site?
Scroogled said on September 5, 2023 at 10:47 pm


Instead of a software company, Microsoft is now a fraud company.
ard said on September 7, 2023 at 4:59 pm


For me this is proof that Microsoft has a back-door option into all accounts in their cloud.
quote “…… as the MSA key allowed the hacker group access to virtually any cloud account at Microsoft…..”
unquote

so this MSA key which is available to MS officers can give access to all accounts in MS cloud.This is the backdoor that MS has into the cloud accounts. Lucky I never got any relevant files of mine in their (MS) cloud.
Andy Prough said on September 7, 2023 at 6:52 pm


>”Now You: what is your theory?”

That someone handed an employee a briefcase full of cash and the employee allowed them access to all their accounts and systems.

Anything that requires 5-10 different coincidences to happen is highly unlikely. Occam’s razor.
TelV said on September 8, 2023 at 12:04 pm


Good reason to never login to your precious machine with a Microsoft a/c a.k.a. as the cloud.
Anonymous said on September 18, 2023 at 1:23 pm


The GAFAM are always very careless about our software automatically sending to them telemetry and crash dumps in our backs. It’s a reminder not to send them anything when it’s possible to opt out, and not to opt in, considering what they may contain. And there is irony in this carelessness biting them back, even if in that case they show that they are much more cautious when it’s their own data that is at stake.