Microsoft Security Bulletin Coverage

January 9, 2013

Dell SonicWALL has analyzed and addressed Microsoft's security advisories for the month of January, 2013. A list of issues reported, along with Dell SonicWALL coverage information follows:

MS13-001 Vulnerability in Windows Print Spooler Components Could Allow Remote Code Execution

  • CVE-2013-0011 Windows Print Spooler Components Vulnerability
    No known exploits exist in the wild.

MS13-002 Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution

  • CVE-2013-0006 MSXML Integer Truncation Vulnerability
    No feasible way to detect attacks without a large number of false positives.
  • CVE-2013-0007 MSXML XSLT Vulnerability
    No feasible way to detect attacks without a large number of false positives.

MS13-003 Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege

  • CVE-2013-0009 System Center Operations Manager Web Console XSS Vulnerability
    No feasible way to detect attacks without a large number of false positives.
  • CVE-2013-0010 System Center Operations Manager Web Console XSS Vulnerability
    IPS:9473 - Microsoft System Center Operations Manager XSS

MS13-004 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege

  • CVE-2013-0001 System Drawing Information Disclosure Vulnerability
    No known exploits exist in the wild.
  • CVE-2013-0002 WinForms Buffer Overflow Vulnerability
    No known exploits exist in the wild.
  • CVE-2013-0003 S.DS.P Buffer Overflow Vulnerability
    No known exploits exist in the wild.
  • CVE-2013-0004 Double Construction Vulnerability
    No known exploits exist in the wild.

MS13-005 Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege

  • CVE-2013-0008 Win32k Improper Message Handling Vulnerability
    This is a local EoP vulnerability; detection of attacks on the wire is not possible.

MS13-006 Vulnerability in Microsoft Windows Could Allow Security Feature Bypass

  • CVE-2013-0013 Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability
    IPS:9472 - SSL Version Rollback

MS13-007 Vulnerability in Open Data Protocol Could Allow Denial of Service

  • CVE-2013-0005 Replace Denial of Service Vulnerability
    IPS:9471 - Open Data Protocol DoS