Microsoft Security Bulletins For April 2013 overview

Microsoft a couple of minutes ago has released security patches for several of its products as part of this month's patch day. A total of nine security bulletins affecting one or multiple Microsoft products have been released. Products affected by security issues are Microsoft Windows, Internet Explorer, Microsoft Office, Microsoft Security Software and Microsoft Server Software.
When we look at the maximum severity rating, we see that there are two bulletins with the highest severity rating of critical while the remaining seven are all listed as important. What this means is that there is at least one product affected by the highest severity rating while others may have received the same, a lower rating, or no rating at all if they are not affected by the vulnerability.
Operating system distribution
As always, we being by looking at at the list of security bulletins sorted by operating systems. First, the Windows desktop operating systems starting with Windows XP and then the server operating systems starting with Windows Server 2003. Windows XP is most severely affected this month while Windows 8 is the least affected (not counting Windows RT ). As far as server operating systems go we conclude that the bulletins are most severe on the older systems while less severe on newer versions.
- Windows XP: 2 critical, 3 important, 1 low
- Windows Vista: 2 critical, 2 important, 1 moderate, 1 low
- Windows 7:Â 2 critical, 2 important, 1 low
- Windows 8:Â 1 critical, 2 important, 1 low
- Windows RT: 1 critical, 2 important
- Windows Server 2003: 4 important, 2 moderate
- Windows Server 2008: 3 important, 3 moderate
- Windows server 2008 R2: 3 important, 2 moderate
- Windows Server 2012: 3 important, 1 moderate
Deployment Guide
You can use the deployment priority guide to determine the order in which the security patches should be installed on affected systems. This is helpful for system administrators and network admins who need to patch multiple PCs running a Microsoft product. It may also be helpful for end users who test patches thoroughly before they are installed on productive systems.
Microsoft suggests to start deploying the two critical updates first, MS13-028 and MS13-029, then the following group of four important updates, MS13-036, MS13-031, MS13-034 and MS13-032, before the remaining three important updates are deployed (MS13-033, MS13-036 and MS13-030).
The April 2013 Security Bulletins in detail
- MS13-028 - Cumulative Security Update for Internet Explorer (2817183) - This security update resolves two privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
- MS13-029 - Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2828223) -
This security update resolves a privately reported vulnerability in Windows Remote Desktop Client. The vulnerability could allow remote code execution if a user views a specially crafted webpage. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. - MS13-030 - Vulnerability in SharePoint Could Allow Information Disclosure (2827663) - This security update resolves a publicly disclosed vulnerability in Microsoft SharePoint Server. The vulnerability could allow information disclosure if an attacker determined the address or location of a specific SharePoint list and gained access to the SharePoint site where the list is maintained. The attacker would need to be able to satisfy the SharePoint site's authentication requests to exploit this vulnerability.
- MS13-031 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2813170) - This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities.
- MS13-032 - Vulnerability in Active Directory Could Lead to Denial of Service (2830914) - This security update resolves a privately reported vulnerability in Active Directory. The vulnerability could allow denial of service if an attacker sends a specially crafted query to the Lightweight Directory Access Protocol (LDAP) service.
- MS13-033 - Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2820917) - This security update resolves a privately reported vulnerability in all supported editions of Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
- MS13-034 - Vulnerability in Microsoft Antimalware Client Could Allow Elevation of Privilege (2823482) - This security update resolves a privately reported vulnerability in the Microsoft Antimalware Client. The vulnerability could allow elevation of privilege due to the pathnames used by the Microsoft Antimalware Client. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.
- MS13-035 - Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2821818) - This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow elevation of privilege if an attacker sends specially crafted content to a user.
- MS13-036 - Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege (2829996) - This security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the most severe vulnerabilities.
Non-security related updates
Microsoft has released the following non-security updates for various products as well. Consult the list below to find out more about those updates:
- Update for Windows Embedded Standard 7 (KB2533552)
- Update for Windows 7 and Windows Server 2008 R2 (KB2799926)
- Update for Windows 8, Windows RT, and Windows Server 2012 (KB2800033)
- Update for Windows 8, Windows RT, and Windows Server 2012 (KB2822241)
- Update for Windows 7, Windows Server 2008 R2, and Windows Server 2008 (KB2823180)
- Windows Malicious Software Removal Tool - April 2013 (KB890830)/Windows Malicious Software Removal Tool - April 2013 (KB890830) - Internet Explorer Version
- Language Packs for Windows RT (KB260760)
- Internet Explorer 10 for Windows 7 and Windows Server 2008 R2 (KB2718695)
- Windows 7 Service Pack 1 (KB976932)
How to download and install the April 2013 security updates
Windows updates can be installed using the operating system's automatic update feature which is the most comfortable way and the preferred option for the majority of home users.
On Windows 8 you tap on the Windows key to get to the start screen interface, enter Windows update, select Settings on the Charms Bar, and then Check for updates in the results listing.
Here you can click on check for updates to run a manual update check. Windows should pick up the new updates right away so that you can download and install them to your system.
Updates are also available on Microsoft's Download Center where they can be downloaded as standalone updates or in form of a monthly security ISO that contains all security patches of a particular month.
Advertisement
Are these articles AI generated?
Now the duplicates are more obvious.
This is below AI generated crap. It is copy of Microsoft Help website article without any relevant supporting text. Anyway you can find this information on many pages.
Yes, but why post the exact same article under a different title twice on the same day (19 march 2023), by two different writers?
1.) Excel Keyboard Shortcuts by Trevor Monteiro.
2.) 70+ Excel Keyboard Shortcuts for Windows by Priyanka Monteiro
Why oh why?
Yeah. Tell me more about “Priyanka Monteiro”. I’m dying to know. Indian-Portuguese bot ?
Probably they will announce that the taskbar will be placed at top, right or left, at your will.
Special event by they is a special crap for us.
If it’s Microsoft, don’t buy it.
Better brands at better prices elsewhere.
All new articles have zero count comments. :S
WTF? So, If I add one photo to 5 albums, will it count 5x on my storage?
It does not make any sense… on google photos, we can add photo to multiple albums, and it does not generate any additional space usage
I have O365 until end of this year, mostly for onedrive and probably will jump into google one
Photo storage must be kept free because customers chose gadgets just for photos and photos only.
What a nonsense. Does it mean that albums are de facto folders with copies of our pictures?
Sounds exactly like the poor coding Microsoft is known for in non-critical areas i.e. non Windows Core/Office Core.
I imagine a manager gave an employee the task to create the album feature with hardly any time so they just copied the folder feature with some cosmetic changes.
And now that they discovered what poor management results in do they go back and do the album feature properly?
Nope, just charge the customer twice.
Sounds like a go-getter that needs to be promoted for increasing sales and managing underlings “efficiently”, said the next layer of middle management.
When will those comments get fixed? Was every editor here replaced by AI and no one even works on this site?
Instead of a software company, Microsoft is now a fraud company.
For me this is proof that Microsoft has a back-door option into all accounts in their cloud.
quote “…… as the MSA key allowed the hacker group access to virtually any cloud account at Microsoft…..”
unquote
so this MSA key which is available to MS officers can give access to all accounts in MS cloud.This is the backdoor that MS has into the cloud accounts. Lucky I never got any relevant files of mine in their (MS) cloud.
>”Now You: what is your theory?”
That someone handed an employee a briefcase full of cash and the employee allowed them access to all their accounts and systems.
Anything that requires 5-10 different coincidences to happen is highly unlikely. Occam’s razor.
Good reason to never login to your precious machine with a Microsoft a/c a.k.a. as the cloud.
The GAFAM are always very careless about our software automatically sending to them telemetry and crash dumps in our backs. It’s a reminder not to send them anything when it’s possible to opt out, and not to opt in, considering what they may contain. And there is irony in this carelessness biting them back, even if in that case they show that they are much more cautious when it’s their own data that is at stake.