Microsoft has released seven security bulletins for January 2013. Two outline patches for critical vulnerabilities in XML Core Services and Windows print spooler components. In total, the seven updates address security holes in Windows, Office, Developer Tools, Server Software and the .NET Framework.
--Here is Microsoft's official breakdown of today's bulletins.
Qualys CTO Wolfgang Kandek said MS13-002 is the most important in the lineup. "It addresses a vulnerability in the MSXML library, which is an integral part of many Microsoft software packages," he wrote. "It is affecting every Windows version from XP to RT, plus all Office versions and a number of other packages, such a Sharepoint and Groove. The most likely attack vector is a malicious webpage. But an email with Office document attachment can also be a viable alternative for attackers. Patch this one as quickly as possible."
Here is Microsoft's summary of MS13-002:
This security update resolves two privately reported vulnerabilities in Microsoft XML Core Services. The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes the user to the attacker's website.
The other critical update, MS13-001, addresses vulnerabilities in Windows print spooler components:
This security update resolves one privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a print server received a specially crafted print job. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems connected directly to the Internet have a minimal number of ports exposed.
Of the "important" bulletins, Kandek's says:
• MS13-004 addresses several .NET issues, but attacks are limited to the Intranet context and cannot be initiated from the Internet lowering the risk of this bulletin.
• MS13-005 fixes a flaw in the win32k.sys kernel module that weakens the AppContainer sandbox in Windows 8. By itself it is not a critical flaw, but could be used in conjunction with other vulnerabilities to attack a Windows 8 system.
• MS13-006 prevents a protocol attack on SSL v3 that can happen when a Microsoft browser communicates with a third-party web server. An attacker that controls a network device in between the browser and server could downgrade communication to SSL v2. The attacker could then exploit any of the common flaws in SSLv2, ultimately eavesdropping on the communication.