MS13-009 |
Cumulative update for MSIE fixing in addition to prior updates a bunch of use after free vulnerabilities that allow random code execution and a character encoding problem that allows an infoleak.
(Replaces MS12-077 and MS13-008.) |
IE
CVE-2013-0015
CVE-2013-0018
CVE-2013-0019
CVE-2013-0020
CVE-2013-0021
CVE-2013-0022
CVE-2013-0023
CVE-2013-0024
CVE-2013-0025
CVE-2013-0026
CVE-2013-0027
CVE-2013-0028
CVE-2013-0029 |
KB 2792100 |
No. |
Severity:Critical
Exploitability: 1 |
Critical |
Important |
MS13-010 |
A memory corruption problem in VML allows for random code execution.
(Replaces MS11-052) |
VML
CVE-2013-0030 |
KB 2797052 |
Microsoft claims it is used in targeted attacks. |
Severity:Critical
Exploitability: 1 |
PATCH NOW |
Important |
MS13-011 |
An input validation in DirectShow (DirectX) vulnerability allows random code execution in Direct Show.
(Replaces MS10-033) |
DirectX
CVE-2013-0077 |
KB 2780091 |
No publicly know exploits, but the vulnerability was publicly discussed. |
Severity:Critical
Exploitability: 1 |
Critical |
Important |
MS13-012 |
Multiple vulnerabilities in the WebReady Document Viewing service allow random code execution with the rights of the localservice account (a low privileged account) or a DoS when a users uses OWA (Outlook Web Access) to access specific content.
(Replaces MS12-080) |
Exchange
CVE-2013-0393
CVE-2013-0418 |
KB 2809279 |
No publicly know exploits, but the vulnerability was publicly discussed. |
Severity:Critical
Exploitability: 2 |
N/A |
Critical |
MS13-013 |
Multiple vulnerabilities in the Oracle Outside In libraries allow random code execution with the rights of a user account. Attackers need to be able to get the content onto the system in order to get it indexed by the FAST Search Server.
(Replaces MS12-067) |
SharePoint
CVE-2012-3214
CVE-2012-3217 |
KB 2553234 |
No publicly know exploits, but the vulnerability was publicly discussed. |
Severity:Important
Exploitability: 1 |
N/A |
Critical |
MS13-014 |
A NULL dereference vulnerability in the Microsoft implementation of NFS (Network File System) allows a DoS condition. |
NFS
CVE-2013-1281 |
KB 2790978 |
No. |
Severity:Important
Exploitability: 3 |
N/A |
Important |
MS13-015 |
A privilege escalation in XAML browser apps (XBAP) within IE or .NET applications in bypassing CAS (Code Access Security) restrictions.
(Replaces MS12-038 ) |
.NET
CVE-2013-0073 |
KB 2800277 |
No. |
Severity:Important
Exploitability: 1 |
Important |
Important |
MS13-016 |
Multiple race conditions in win32k.sys kernel-mode driver allow privilege escalation.
(Replaces MS12-078 and MS13-005 ) |
Windows kernel, prior to Windows 8, RT and server 2012
CVE-2013-1248
CVE-2013-1249
CVE-2013-1250
CVE-2013-1251
CVE-2013-1252
CVE-2013-1253
CVE-2013-1254
CVE-2013-1255
CVE-2013-1256
CVE-2013-1257
CVE-2013-1258
CVE-2013-1259
CVE-2013-1260
CVE-2013-1261
CVE-2013-1262
CVE-2013-1263
CVE-2013-1264
CVE-2013-1265
CVE-2013-1266
CVE-2013-1267
CVE-2013-1268
CVE-2013-1269
CVE-2013-1270
CVE-2013-1271
CVE-2013-1272
CVE-2013-1273
CVE-2013-1274
CVE-2013-1275
CVE-2013-1276
CVE-2013-1277 |
KB 2778344 |
No. |
Severity:Important
Exploitability: 2 |
Important |
Less Urgent |
MS13-017 |
Multiple vulnerabilities allow privilege escalation and users to run arbitrary code in kernel mode.
(Replaces MS12-068) |
Windows kernel
CVE-2013-1278
CVE-2013-1279
CVE-2013-1280 |
KB 2799494 |
No. |
Severity:Important
Exploitability: 1 |
Important |
Less Urgent |
MS13-018 |
A vulnerability in how the Windows TCP/IP stack handles a connection termination sequence "TCP FIN WAIT" allows a DoS condition. |
Windows TCP/IP
CVE-2013-0075 |
KB 2790655 |
No. |
Severity:Important
Exploitability: 3 |
Important |
Important |
MS13-019 |
A privilege escalation vulnerability exists in the Windows CSRSS (Client/Server Runtime Subsystem). It allows arbitrary code execution with the privileges of local system for authenticated users.
(Replaces MS11-063) |
CSRSS
CVE-2013-0075 |
KB 2790113 |
No publicly know exploits, but the vulnerability was publicly discussed. |
Severity:Important
Exploitability: 2 |
Important |
Important |
MS13-020 |
An input validation vulnerability in OLE being used by WordPad or Microsoft Office in XP SP3 allows random code execution with the rights of the logged-on user.
(Replaces MS11-038 ) |
OLE
CVE-2013-1313 |
KB 2802968 |
No. |
Severity:Critical
Exploitability: 1 |
Critical |
Important |