Blog

Home > Microsoft Security > March 2013 Microsoft Security Bulletin Release

March 2013 Microsoft Security Bulletin Release

Contents

Review the whole column for each bulletin identifier that is listed to verify the updates that you have to install, based on the programs or components that you have installed on Windows Server Update Services By using Windows Server Update Services (WSUS), administrators can quickly and reliably deploy the latest critical updates and security updates for Microsoft Windows 2000 operating systems and Other Information Microsoft Windows Malicious Software Removal Tool For the bulletin release that occurs on the second Tuesday of each month, Microsoft has released an updated version of the Microsoft Windows Microsoft Security Bulletin Summary for January 2013 Published: January 08, 2013 | Updated: March 12, 2013 Version: 4.0 This bulletin summary lists security bulletins released for January 2013. http://getbetabox.com/microsoft-security/microsoft-security-bulletin-march-2011.html

With System Center Configuration Manager, IT administrators can deliver updates of Microsoft products to a variety of devices including desktops, laptops, servers, and mobile devices. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. Review the whole column for each bulletin identifier that is listed to verify the updates that you have to install, based on the programs or components that you have installed on Microsoft Communications Platforms and Software Skype for Business 2016 Bulletin Identifier MS16-039 Aggregate Severity Rating Critical Skype for Business 2016 (32-bit editions) Skype for Business 2016 (32-bit editions)(3114960)(Critical) Skype for Business https://technet.microsoft.com/en-us/library/security/ms13-mar.aspx

Microsoft Security Bulletin May 2016

MS15-024 Malformed PNG Parsing Information Disclosure Vulnerability CVE-2015-0080 3 - Exploitation Unlikely 3 - Exploitation Unlikely Not Applicable This is an information disclosure vulnerability. Security Strategies and Community Update Management Strategies Security Guidance for Update Management provides additional information about Microsoft’s best-practice recommendations for applying security updates. Security Strategies and Community Update Management Strategies Security Guidance for Update Management provides additional information about Microsoft’s best-practice recommendations for applying security updates. You can obtain the security updates offered this month on Windows Update, from Download Center on Security and Critical Releases ISO CD Image files.

Critical Remote Code ExecutionMay require restartMicrosoft Windows, Microsoft Office, Microsoft Developer Tools,  Microsoft Server Software MS13-003 Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege (2748552)  This security update resolves two privately In all cases, however, an attacker would have no way to force users to visit a website. For more information, see Microsoft Knowledge Base Article 913086. Microsoft Security Patches Bulletin IDBulletin Title and Executive SummaryMaximum Severity Rating and Vulnerability ImpactRestart RequirementAffected Software MS13-021 Cumulative Security Update for Internet Explorer (2809289)   This security update resolves eight privately reported vulnerabilities and

This bulletin spans more than one software category.   Microsoft Developer Tools and Software Microsoft Visual Studio Team Foundation Server Bulletin Identifier MS13-002 Aggregate Severity Rating Critical Microsoft Expression Web Service Microsoft Security Bulletin April 2016 Additional details about the update are available in the below-linked MSRC Blog post. The vulnerabilities could allow remote code execution if a user opens a specially crafted .pdf file. https://technet.microsoft.com/en-us/security/bulletins.aspx Other Information Microsoft Windows Malicious Software Removal Tool For the bulletin release that occurs on the second Tuesday of each month, Microsoft has released an updated version of the Microsoft Windows

Displays all new, revised, and rereleased updates for Microsoft products other than Microsoft Windows. Microsoft Security Bulletin July 2016 Microsoft Baseline Security Analyzer The Microsoft Baseline Security Analyzer (MBSA) allows administrators to scan local and remote systems for missing security updates as well as common security misconfigurations. Security solutions for IT professionals: TechNet Security Troubleshooting and Support Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center Local support according to IT Pro Security Community Learn to improve security and optimize your IT infrastructure, and participate with other IT Pros on security topics in IT Pro Security Community.

Microsoft Security Bulletin April 2016

For information about these and other tools that are available, see Security Tools for IT Pros.  Acknowledgments Microsoft recognizes the efforts of those in the security community who help us protect Important Elevation of Privilege Requires restart --------- Microsoft Windows MS15-134 Security Update for Windows Media Center to Address Remote Code Execution (3108669) This security update resolves vulnerabilities in Microsoft Windows. Microsoft Security Bulletin May 2016 Note System Management Server 2003 is out of mainstream support as of January 12, 2010. Microsoft Patch Tuesday June 2016 Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion

Bulletin ID Bulletin Title and Executive Summary Maximum Severity Ratingand Vulnerability Impact Restart Requirement KnownIssues Affected Software MS16-037 Cumulative Security Update for Internet Explorer (3148531)This security update resolves vulnerabilities in Internet Explorer. this contact form Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Review each of the assessments below, in accordance with your specific configuration, to prioritize your deployment of this month's updates. Show: Inherited Protected Print Export (0) Print Export (0) Share IN THIS ARTICLE Is this page helpful? Microsoft Security Bulletin June 2016

The vulnerability could allow denial of service if an attacker creates multiple Remote Desktop Protocol (RDP) sessions that fail to properly free objects in memory. MS15-026 ExchangeDLP Cross Site Scripting Vulnerability CVE-2015-1629 2 - Exploitation Less Likely 4 - Not Affected Not Applicable This is an elevation of privilege vulnerability. The Software Update Management in System Center Configuration Manager is built on Microsoft Windows Software Update Services (WSUS), a time-tested update infrastructure that is familiar to IT administrators worldwide. http://getbetabox.com/microsoft-security/microsoft-security-bulletin-march-2009.html The vulnerability could allow denial of service if an attacker sends a specially crafted HTTP packet to a target system.

An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Microsoft Patch Tuesday December 2016 Yes No Additional feedback? 1500 characters remaining Submit Skip this Thank you! V2.0 (March 10, 2016): Bulletin Summary revised to document the out-of-band release of MS16-036.

The remaining bulletins are for Office products and other Microsoft software.Windows XP: 1 critical, 1 importantWindows Vista: 1 critical, 1 importantWindows 7:  1 critical, 1 importantWindows 8:  1 critical, 1 importantWindows

Security Strategies and Community Update Management Strategies Security Guidance for Update Management provides additional information about Microsoft’s best-practice recommendations for applying security updates. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have to convince a user to click the link, typically by way of an enticement in an email or Instant Messenger message. Microsoft Patch Tuesday November 2016 The vulnerability could allow remote code execution if a user visits a specially crafted website.

MS15-018 Internet Explorer Memory Corruption Vulnerability CVE-2015-0099 4 - Not Affected 1 - Exploitation More Likely Not Applicable (None) MS15-018 Internet Explorer Memory Corruption Vulnerability CVE-2015-0100 4 - Not Affected 1 The most severe vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes the user to a targeted SharePoint site. The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack. http://getbetabox.com/microsoft-security/download-antivirus-microsoft-security-essentials-2013-64-bit.html You can find them most easily by doing a keyword search for "security update".

For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications. For more information, see Microsoft Knowledge Base Article 913086. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included. Executive Summaries The following table summarizes the security bulletins for this month in order of severity.

You should review each software program or component listed to see whether any security updates pertain to your installation. ReplyLeave a Reply Click here to cancel reply.CommentYour NameYour E-mail (will not be published) Notify me of followup comments via e-mail. The more severe of the vulnerabilities could allow remote code execution if an attacker either convinces a user to open a specially crafted document, or to visit a webpage that contains Security Strategies and Community Update Management Strategies Security Guidance for Update Management provides additional information about Microsoft’s best-practice recommendations for applying security updates.

Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or in an Instant Messenger message that Use this table to learn about the likelihood of code execution and denial of service exploits within 30 days of security bulletin release, for each of the security updates that you The bulletins rated Important address issues in Microsoft Windows and Office. After this date, this webcast is available on-demand.

This guidance contains recommendations and information that can help IT professionals understand how to use various tools for detection and deployment of security updates. Added a Known Issues reference to the Executive Summaries table for MS16-042. Administrators can use the inventory capabilities of SMS in these cases to target updates to specific systems. For more information, see Microsoft Knowledge Base Article 961747.

An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Microsoft Customer Support Microsoft Community Forums United States (English) Sign in Security TechCenter Home Security Updates Tools Learn Library Support We’re sorry. Please see the section, Other Information. Microsoft also provides information to help customers prioritize monthly security updates with any non-security updates that are being released on the same day as the monthly security updates.

V1.1 (January 8, 2013): For MS13-002, added Server Core installation entries to Affected Software for Microsoft XML Core Services 4.0 when installed on Windows Server 2008 for 32-bit Systems Service Pack Such websites could contain specially crafted content that could exploit this vulnerability. CVE ID                     Vulnerability Title Exploitability Assessment forLatest Software Release Exploitability Assessment forOlder Software Release Denial of ServiceExploitability Assessment MS15-124: Cumulative Security Update for Internet Explorer (3116180) CVE-2015-6083 Internet Explorer Memory Corruption Vulnerability 1 - Exploitation More Likely 1 - Exploitation More Likely Not Applicable For more information about what these ratings mean, and how they are determined, please see Microsoft Exploitability Index.