Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name TA13-100A First vendor Publication 2013-04-10
Vendor US-CERT Last vendor Modification 2013-04-10
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Select Microsoft software products contain multiple vulnerabilities.
Microsoft has released updates to address these vulnerabilities.

Description

The Microsoft Security Bulletin Summary for April 2013 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address these vulnerabilities.

Impact

A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.

Solution

Apply Updates

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for April 2013, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates.

Original Source

Url : http://www.us-cert.gov/cas/techalerts/TA13-100A.html

CWE : Common Weakness Enumeration

% Id Name
31 % CWE-362 Race Condition
23 % CWE-399 Resource Management Errors
15 % CWE-20 Improper Input Validation
8 % CWE-264 Permissions, Privileges, and Access Controls
8 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
8 % CWE-94 Failure to Control Generation of Code ('Code Injection')
8 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:15758
 
Oval ID: oval:org.mitre.oval:def:15758
Title: Vulnerability in SharePoint could allow information disclosure - MS13-030
Description: Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-1290
Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Product(s): Microsoft SharePoint Server 2013
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16257
 
Oval ID: oval:org.mitre.oval:def:16257
Title: Kernel Race Condition Vulnerability - CVE-2013-1294 (MS13-031)
Description: Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-1294
Version: 7
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16260
 
Oval ID: oval:org.mitre.oval:def:16260
Title: CSRSS Memory Corruption Vulnerability - MS13-033
Description: The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-1295
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16293
 
Oval ID: oval:org.mitre.oval:def:16293
Title: Elevation of privilege vulnerability in Windows Defender - MS13-034
Description: The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka "Microsoft Antimalware Improper Pathname Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0078
Version: 7
Platform(s): Microsoft Windows 8
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16455
 
Oval ID: oval:org.mitre.oval:def:16455
Title: Kernel Race Condition Vulnerability - CVE-2013-1284 (MS13-031)
Description: Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-1284
Version: 3
Platform(s): Microsoft Windows 8
Microsoft Windows Server 2012
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16463
 
Oval ID: oval:org.mitre.oval:def:16463
Title: Active Directory Buffer Overflow Vulnerability - MS13-032
Description: The LDAP service in Microsoft Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services allows remote attackers to cause a denial of service (memory consumption and service outage) via a crafted query, aka "Memory Consumption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-1282
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16515
 
Oval ID: oval:org.mitre.oval:def:16515
Title: Internet Explorer Use After Free Vulnerability - CVE-2013-1304 (MS13-028)
Description: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1303 and CVE-2013-1338.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1304
Version: 6
Platform(s): Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16563
 
Oval ID: oval:org.mitre.oval:def:16563
Title: Microsoft Windows Kernel-Mode Driver privilege elevation vulnerability (CVE-2013-1283) - MS13-036
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-1283
Version: 7
Platform(s): Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16575
 
Oval ID: oval:org.mitre.oval:def:16575
Title: Microsoft Windows Kernel-Mode Driver privilege elevation vulnerability (CVE-2013-1292) - MS13-036
Description: Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-1292
Version: 7
Platform(s): Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16598
 
Oval ID: oval:org.mitre.oval:def:16598
Title: Microsoft Windows Remote Desktop Client remote code execution vulnerability - MS13-029
Description: The Remote Desktop ActiveX control in mstscax.dll in Microsoft Remote Desktop Connection Client 6.1 and 7.0 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a web page that triggers access to a deleted object, and allows remote RDP servers to execute arbitrary code via unspecified vectors that trigger access to a deleted object, aka "RDP ActiveX Control Remote Code Execution Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-1296
Version: 10
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Remote Desktop Client
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16599
 
Oval ID: oval:org.mitre.oval:def:16599
Title: Vulnerability in HTML sanitization component could allow elevation of privilege - MS13-035
Description: Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-1289
Version: 10
Platform(s): Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft InfoPath 2010
Microsoft Office Web Apps 2010
Microsoft SharePoint Foundation 2010
Microsoft SharePoint Server 2010
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16621
 
Oval ID: oval:org.mitre.oval:def:16621
Title: Internet Explorer Use After Free Vulnerability - CVE-2013-1338 (MS13-028)
Description: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1303 and CVE-2013-1304.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1338
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft Internet Explorer 10
Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16662
 
Oval ID: oval:org.mitre.oval:def:16662
Title: Internet Explorer Use After Free Vulnerability - CVE-2013-1303 (MS13-028)
Description: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1304 and CVE-2013-1338.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1303
Version: 6
Platform(s): Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 1
Application 1
Application 1
Application 1
Application 2
Application 5
Application 1
Application 2
Application 1
Application 2
Application 1
Os 4
Os 2
Os 1
Os 1
Os 5
Os 1
Os 1
Os 2

Information Assurance Vulnerability Management (IAVM)

Date Description
2013-04-11 IAVM : 2013-A-0081 - Microsoft Active Directory Denial of Service Vulnerability
Severity : Category I - VMSKEY : V0037608
2013-04-11 IAVM : 2013-A-0080 - Microsoft Windows Kernel Privilege Escalation Vulnerability
Severity : Category II - VMSKEY : V0037609
2013-04-11 IAVM : 2013-A-0083 - Microsoft Office HTML Sanitization Privilege Escalation Vulnerability
Severity : Category II - VMSKEY : V0037613
2013-04-11 IAVM : 2013-B-0034 - Microsoft Windows Client/Server Run-time Subsystem Elevation of Privilege Vul...
Severity : Category II - VMSKEY : V0037616
2013-04-11 IAVM : 2013-A-0082 - Microsoft Windows Remote Desktop Client Remote Code Execution Vulnerability
Severity : Category II - VMSKEY : V0037618

Snort® IPS/IDS

Date Description
2016-04-05 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 38011 - Revision : 1 - Type : BROWSER-PLUGINS
2016-04-05 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 38010 - Revision : 1 - Type : BROWSER-PLUGINS
2016-04-05 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 38009 - Revision : 1 - Type : BROWSER-PLUGINS
2016-04-05 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 38008 - Revision : 1 - Type : BROWSER-PLUGINS
2016-04-05 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 38007 - Revision : 1 - Type : BROWSER-PLUGINS
2016-04-05 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 38006 - Revision : 1 - Type : BROWSER-PLUGINS
2016-04-05 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 38005 - Revision : 1 - Type : BROWSER-PLUGINS
2016-04-05 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 38004 - Revision : 1 - Type : BROWSER-PLUGINS
2016-04-05 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 38003 - Revision : 1 - Type : BROWSER-PLUGINS
2016-04-05 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 38002 - Revision : 1 - Type : BROWSER-PLUGINS
2016-04-05 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 38001 - Revision : 1 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Active Directory LDAP search denial of service attempt
RuleID : 27234 - Revision : 7 - Type : SERVER-OTHER
2014-01-10 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 26365 - Revision : 11 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 26364 - Revision : 11 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 26363 - Revision : 11 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 26362 - Revision : 11 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 26361 - Revision : 11 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 26360 - Revision : 11 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 26359 - Revision : 11 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 26358 - Revision : 11 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 26357 - Revision : 11 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 26356 - Revision : 11 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 26355 - Revision : 11 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer expression clause in style tag cross site scripti...
RuleID : 26354 - Revision : 6 - Type : BROWSER-IE

Nessus® Vulnerability Scanner

Date Description
2013-04-10 Name : The remote host is affected by multiple code execution vulnerabilities.
File : smb_nt_ms13-028.nasl - Type : ACT_GATHER_INFO
2013-04-10 Name : It is possible to execute arbitrary code on the remote host through the Remot...
File : smb_nt_ms13-029.nasl - Type : ACT_GATHER_INFO
2013-04-10 Name : The version of SharePoint running on the remote host has an information discl...
File : smb_nt_ms13-030.nasl - Type : ACT_GATHER_INFO
2013-04-10 Name : The Windows kernel on the remote host is affected by multiple vulnerabilities.
File : smb_nt_ms13-031.nasl - Type : ACT_GATHER_INFO
2013-04-10 Name : The installed version of Active Directory is affected by a denial of service ...
File : smb_nt_ms13-032.nasl - Type : ACT_GATHER_INFO
2013-04-10 Name : The remote Windows host has a privilege escalation vulnerability.
File : smb_nt_ms13-033.nasl - Type : ACT_GATHER_INFO
2013-04-10 Name : The Microsoft Antimalware Client on the remote host is affected by a privileg...
File : smb_nt_ms13-034.nasl - Type : ACT_GATHER_INFO
2013-04-10 Name : The remote host is affected by a cross-site scripting vulnerability.
File : smb_nt_ms13-035.nasl - Type : ACT_GATHER_INFO
2013-04-10 Name : The Windows kernel on the remote host is affected by multiple vulnerabilities.
File : smb_nt_ms13-036.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2013-10-11 13:31:26
  • Multiple Updates
2013-04-11 09:18:57
  • First insertion