Home > Microsoft Security > Ms13-002: Vulnerabilities In Microsoft Xml Core Services Could Allow Remote Code Execution (2756145)

Ms13-002: Vulnerabilities In Microsoft Xml Core Services Could Allow Remote Code Execution (2756145)

Contents

Restart Options /norestart Does not restart when installation has completed / forcerestart Restarts the computer after installation and force other applications to close at shutdown without saving open files first. / HotPatchingNot applicable. For more detailed information, see Microsoft Knowledge Base Article 910723: Summary list of monthly detection and deployment guidance articles. Customers who have not enabled automatic updating need to check for updates from Microsoft Update and install this update manually. have a peek here

Microsoft received information about this vulnerability through coordinated vulnerability disclosure. This includes all supported editions of Microsoft Office 2003, Microsoft Office 2007; Microsoft Office 2010 (except x64-based editions); Microsoft SQL Server 2000 Analysis Services, Microsoft SQL Server 2000 (except Itanium-based editions), For more information about the impact of file block setting in Microsoft Office software, see Microsoft Knowledge Base Article 922850. I am running Windows Server 2008 R2.

Ms13-002: Vulnerabilities In Microsoft Xml Core Services Could Allow Remote Code Execution (2756145)

For more information about Configuration Manager 2007 Software Update Management, visit System Center Configuration Manager 2007. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. File Information See Microsoft Knowledge Base Article 2621440 and Microsoft Knowledge Base Article 2667402 Registry Key Verification Note A registry key does not exist to validate the presence of this update.

What does the update do? The update addresses the vulnerability by disabling the vulnerable version of the Windows common controls. Click Trust Center, and then click Trust Center Settings. Click ActiveX Settings in the left-hand pane, and then select Disable all controls without notifications. Ms13-002: Msxml Xslt Vulnerability Because of the vulnerability, in specific situations the specially crafted script is not properly sanitized, which subsequently could lead to an attacker-supplied script being run in the security context of a

For SMS 2003, the SMS 2003 Inventory Tool for Microsoft Updates (ITMU) can be used by SMS to detect security updates that are offered by Microsoft Update and that are supported Ms12-043 Superseded Verifying that the Update Has Been Applied Microsoft Baseline Security Analyzer To verify that a security update has been applied to an affected system, you may be able to use the Deployment Information Installing the Update When you install this security update, the installer checks whether one or more of the files that are being updated on your system have previously been For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking

For more information about the supported installation switches, see Microsoft Knowledge Base Article 262841. Kb2719985 For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information. In the All or part of the file name box, type a file name from the appropriate file information table, and then click Search. Do I need to install both updates?

Ms12-043 Superseded

For more information about the installer, see Microsoft Knowledge Base Article 832475. read this post here For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871. Ms13-002: Vulnerabilities In Microsoft Xml Core Services Could Allow Remote Code Execution (2756145) For more information about SMS scanning tools, see SMS 2003 Software Update Scanning Tools. Kb2719615 The updates are only available on Windows Update.

For Microsoft Windows, Microsoft Office, and Microsoft Silverlight, apply the required updates according to MS12-034. navigate here Affected Software Microsoft Office Suites and Software Office SoftwareMaximum Security ImpactAggregate Severity RatingUpdates Replaced Microsoft Office Suites and Components Microsoft Office 2003 Service Pack 3 (Windows common controls)(KB2597112)Remote Code ExecutionCriticalNone Microsoft File Version Verification Because there are several editions of Microsoft Windows, the following steps may be different on your system. You can find them most easily by doing a keyword search for "security update." For customers of Microsoft Office for Mac, Microsoft AutoUpdate for Mac can help keep your Microsoft software Kb2721691

For information about how to disable Remote Desktop by using Group Policy, see Microsoft Knowledge Base Article 306300. FAQ for TrueType Font Parsing Vulnerability - CVE-2011-3402 What is the scope of the vulnerability? This is a remote code execution vulnerability. For more information about the product lifecycle, see the Microsoft Support Lifecycle website. Check This Out The .NET Framework 4 Client Profile is a subset of the .NET Framework 4 profile that is optimized for client applications.

For more information see the TechNet Update Management Center. Ms12-045 The updates are only available on Windows Update. When the file appears under Programs, right-click the file name and click Properties.

For more information about the SMS 2003 ITMU, see SMS 2003 Inventory Tool for Microsoft Updates.

Security updates may not contain all variations of these files. Vulnerability Severity Rating and Maximum Security Impact by Affected Software Affected SoftwareDirectPlay Heap Overflow Vulnerability - CVE-2012-1537Aggregate Severity Rating Windows XP Windows XP Service Pack 3 Remote Code Execution Important Important Windows The .NET Framework version 4 redistributable packages are available in two profiles: .NET Framework 4 and .NET Framework 4 Client Profile. .NET Framework 4 Client Profile is a subset of .NET Ms13-002 Superseded If a restart is required at the end of Setup, a dialog box will be presented to the user with a timer warning that the computer will restart in 30 seconds.

The Windows Installer Documentation also provides more information about the parameters supported by Windows Installer. Otherwise, the installer copies the RTMGDR, SP1GDR, or SP2GDR files to your system. System Center Configuration Manager uses WSUS 3.0 for detection of updates. http://homecomputermarket.com/microsoft-security/msrc-microsoft.html For more information about this behavior, see Microsoft Knowledge Base Article 824994.

For more information about the supported installation switches, see Microsoft Knowledge Base Article 262841. What causes the vulnerability? The vulnerability is caused when specially crafted True Type Font (TTF) files are incorrectly handled. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.