-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2013-0004 Title: Microsoft Security Updates Version history: 9.01.2013 Initial publication CERT-EU has received notification from Microsoft on a number of new security updates which have been released on the 8 January 2013. This advisory is intended to help you plan for the deployment of these security updates more effectively. Please note that the list of affected software shown below is an abstract. The full list of affected components can be found at http://technet.microsoft.com/security/bulletin/MS13-jan. Microsof's security content posted to the web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft's web-based security content, the information in Microsoft's web-based security content is authoritative. ================================== NEW SECURITY BULLETINS ================================== Bulletin ID: MS13-001 Bulletin Title: Vulnerability in Windows Print Spooler Components Could Allow Remote Code Execution (2769369) Maximum Severity Rating: Critical Restart Requirement: Requires restart Affected Software: Windows 7 and Windows Server 2008 R2. ================================= Bulletin ID: MS13-002 Bulletin Title: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (2756145) Maximum Severity Rating: Critical Restart Requirement: May require restart Affected Software: Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Office 2003, Office 2007, Office Compatibility Pack, Word Viewer, Expression Web, Expression Web 2, SharePoint Server 2007, Groove Server 2007, and Groove 2007. ================================= Bulletin ID: MS13-003 Bulletin Title: Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege (2748552) Maximum Severity Rating: Important Restart Requirement: Does not require restart Affected Software: System Center Operations Manager 2007 ================================= Bulletin ID: MS13-004 Bulletin Title: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2769324) Maximum Severity Rating: Important Restart Requirement: May require restart Affected Software: Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT. ================================= Bulletin ID: MS13-005 Bulletin Title: Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778930) Maximum Severity Rating: Important Restart Requirement: Requires restart Affected Software: Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT. ================================= Bulletin ID: MS13-006 Bulletin Title: Vulnerability in Microsoft Windows Could Allow Security Feature Bypass (2785220) Maximum Severity Rating: Important Restart Requirement: Requires restart Affected Software: Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT. ================================= Bulletin ID: MS13-007 Bulletin Title: Vulnerability in Open Data Protocol Could Allow Denial of Service (2769327) Maximum Severity Rating: Important Restart Requirement: May require restart Affected Software: Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012. ================================== NEW SECURITY ADVISORIES ================================== Microsoft published two new security advisories on 8 January, 2013. Here is an overview of these new security advisories: Security Advisory 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 Affected Software: - - - Windows 8 for 32-bit Systems > Adobe Flash Player in Internet Explorer 10 - - - Windows 8 for 64-bit Systems > Adobe Flash Player in Internet Explorer 10 - - - Windows Server 2012 > Adobe Flash Player in Internet Explorer 10 - - - Windows RT > Adobe Flash Player in Internet Explorer 10 Executive Summary: - - - Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows 8, Windows Server 2012, and Windows RT. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10. More Information: http://technet.microsoft.com/security/advisory/2755801 ================================= Security Advisory 973811 - Extended Protection for Authentication Executive Summary: - - - Microsoft is announcing the availability of a new feature, Extended Protection for Authentication, on the Windows platform. This feature enhances the protection and handling of credentials when authenticating network connections using Integrated Windows Authentication (IWA). More Information: http://technet.microsoft.com/security/advisory/973811 Best Regards, CERT-EU (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJQ7XtyAAoJEPpzpNLI8SVoXg8P/0k0NhGqJOhd8gH3GADwes+J R5AVo7Ud0savK4+iiCrlxDDLr6snTvzx1zyNH0MfwihgkKs+j9qojQ/eStPOW5zX q3zD3nICoLb3Jr3k8sLQiKy4d/Pky5Bh+HRVjOVl7znnXg+1gBDQPPsodWw6uySm 2yIb/yTlHGP+FlHgL4fCFu1ue7nWQQ1FtWUwU/1nMCoK8aWcHrVh6aOa9HWK1hzH ou3tJft79V5tK/5Vjqe5NOWU/8Az+n2dEtF0779Y/MqnDiiYPdgQJJtvf2CquxeU fcTq/63OndI+Mui2x5D8R8sdGWfKl2/Km24jsbEP2GYB2w55Fj1+Tg9zPTL6BZJD +S7B0JSzDrQ83fkMd6p4wmKGWvG3jUB17XIFbzSnsHTaHpAvYVMiwMqe5yVRInpC WgGpgmnwxIiPRCVsGZJDDGC3EOqjB17xWblb4H+rwMarm7K6boP/cadajOvboG2s 6TQqLvxK4CxsxCDJaFtktZtrZifLGFWFnGMoaIugmumN4b/FPi/dK8EsElJRDWPo Y2LgMy1GpIw7tln1XqNMmNdyE2/iSGc4ZmoXISW7BPlGzvf09MqXuhrOzaTIHjaD +N50mZlHXaMvKhZfLUehidNnv7CW7Q77PYOWNQTpMmWM50oC5hliGicHlyu7efHr FdMABQZQmgaCI98JcW94 =3HQb -----END PGP SIGNATURE-----