Microsoft Patch Tuesday March 12 2013

Software giant Microsoft plans to ship seven bulletins in the March 2013 edition of Patch Tuesday. Four of the bulletins are receiving high-severity, critical ratings.

Three of the four critically rated bulletins that affect Microsoft Windows, Internet Explorer, Silverlight, Office, and Server Software could lead to remote code execution while the final critically rated bulletin could allow for privilege elevations. The less severe, important-rated bulletins affect Office, Server Software, and Windows and could lead to information disclosures and privilege escalations.

Qualsys Chief Technical Officer, Wolfgang Kandek told Threatpost in an email interview that he would prioritize the first bulletin on Patch Tuesday because it fixes a bug that could be exploited to perform a complete machine takeover in all versions of IE from 6-10.

Kandek also expressed concerns regarding the second bulletin, which will address critical vulnerabilities in Microsoft Silverlight on Windows and Mac OS X, because it is widely deployed on end-user machines to run media applications like Netflix.

The third bulletin will fix a vulnerability in Visio and the Microsoft Office Filter Pack. Kandek said he was puzzled by the fact that this fix recieved a critical rating, because exploitation would require that users open an infected file, and that he would be interested to see if this vulnerability’s attack vector ends up warranting the high-severity rating.

Lastly, Kandek noted that the fourth and final critically-rated bulletin arose from a problem in Sharepoint server.


Bulletin ID Maximum Severity Rating and Vulnerability Impact Restart Requirement Affected Software
Bulletin 1 Critical  Requires restart Microsoft Windows,
  Remote Code Execution   Internet Explorer
Bulletin 2 Critical  Does not require restart Microsoft Silverlight
  Remote Code Execution    
Bulletin 3 Critical  May require restart Microsoft Office
  Remote Code Execution    
Bulletin 4 Critical  May require restart Microsoft Office,
  Elevation of Privilege   Microsoft Server Software
Bulletin 5 Important  May require restart Microsoft Office
  Information Disclosure    
Bulletin 6 Important  Does not require restart Microsoft Office
  Information Disclosure    
Bulletin 7 Important  Requires restart Microsoft Windows
  Elevation of Privilege