To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in Information: - 1 (877) Pin: 3959

Review of April 2013 Bulletin Release Information - Nine New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software Removal Tool Resources Questions and Answers: Please Submit Now - Submit Questions via Twitter #MSFTSecWebcast

Severity & Exploitability Index Exploitability Index 1 RISK 2 3 DP Severity Critical IMPACT Important Moderate Low MS13-028MS13-029MS13-030MS13-031MS13-032MS13-033MS13-034MS13-035MS Internet Explorer SharePoint Remote Desktop Client Kernel Kernel-Mode Driver CSRSS Antimalware Client Active Directory HTML Sanitization

Bulletin Deployment Priority

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE Critical22Remote Code ExecutionCooperatively Disclosed CVE Critical22Remote Code ExecutionCooperatively Disclosed Affected Products IE6 – IE10 on all supported versions of Windows Client IE6 – IE10 on all supported versions of Windows Server Affected ComponentsInternet Explorer Deployment Priority1 Main TargetWorkstations Possible Attack Vectors An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. (All CVEs) The attacker could take advantage of compromised websites and websites that accept or host user- provided content or advertisements. (All CVEs) Impact of AttackAn attacker could gain the same user rights as the current user. (All CVEs) Mitigating Factors An attacker cannot force users to view the attacker-controlled content. (All CVEs) By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML messages in the Restricted sites zone. (All CVEs) By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012 runs in a restricted mode that is known as Enhanced Security Configuration. (All CVEs) Additional InformationInstallations using Server Core are not affected. MS13-028: Cumulative Security Update for Internet Explorer ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE CriticalNA1Remote Code ExecutionCooperatively Disclosed Affected Products Remote Desktop Connection 6.1 Client and Remote Desktop Connection 7.0 Client on all supported versions of Windows Client (except Windows 8 & Windows RT) Remote Desktop Connection 6.1 Client and Remote Desktop Connection 7.0 Client on all supported versions of Windows Server (except Windows Server 2012) Affected ComponentsWindows Remote Desktop Client Deployment Priority1 Main TargetWorkstations Possible Attack Vectors An attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. The attacker could take advantage of compromised websites and websites that accept or host user- provided content or advertisements. Impact of AttackAn attacker could gain the same user rights as the current user. Mitigating Factors An attacker cannot force users to view the attacker-controlled content. By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012 runs in a restricted mode that is known as Enhanced Security Configuration. (All CVEs) Additional InformationInstallations using Server Core are not affected. MS13-029: Vulnerability in Remote Desktop Client Could Allow Remote Code Execution ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE Important3NAInformation DisclosurePublicly Disclosed Affected ProductsAll supported editions of Microsoft SharePoint Server 2013 Affected ComponentsMicrosoft SharePoint Server Deployment Priority3 Main TargetSystems that are running an affected version of SharePoint Server Possible Attack Vectors An attacker would need to know the address or location of a specific SharePoint list to access the list's items. In order to gain access to the SharePoint site where the list is maintained, the attacker would need to be able to satisfy the SharePoint site's authentication requests. Impact of Attack An attacker could gain access to list items in a SharePoint list that the list owner did not intend for the attacker to be able to access. Mitigating Factors An attacker must have valid Active Directory credentials before validation as a SharePoint user, and subsequent access to other users' files could be possible. The "Everyone" group used in assigning sharing permissions in Windows does not include "Anonymous users." Additional InformationThis update requires prior installation of the Project Server 2013 cumulative update ( ). MS13-030: Vulnerability in SharePoint Could Allow Information Disclosure ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE Important2NAElevation of PrivilegeCooperatively Disclosed CVE Important22Elevation of PrivilegeCooperatively Disclosed Affected ProductsAll supported versions of Windows Client and Windows Server Affected ComponentsWindows Kernel Deployment Priority2 Main TargetWorkstations Possible Attack Vectors To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application designed to elevate privileges. (All CVEs) Impact of AttackAn attacker could gain elevated privileges and read arbitrary amounts of kernel memory. (All CVEs) Mitigating Factors An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. (All CVEs) Additional InformationInstallations using Server Core are affected. MS13-031: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE Important33Denial of ServiceCooperatively Disclosed Affected Products Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services on all supported versions of Windows Server (excluding Itanium-based systems) Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services on all supported versions of Windows Client (except Windows RT) Affected ComponentsActive Directory Deployment Priority2 Main TargetServers Possible Attack Vectors An attacker could exploit this vulnerability by sending a specially crafted query to the Lightweight Directory Access Protocol (LDAP) service. Impact of Attack An attacker could cause the Lightweight Directory Access Protocol (LDAP) service to become non- responsive. Mitigating Factors An attacker must have valid logon credentials to exploit this vulnerability. The vulnerability could not be exploited remotely by anonymous users. However, the affected component is available remotely to users who have standard user accounts. In certain configurations, anonymous users could authenticate as the Guest account. Additional InformationInstallations using Server Core are affected. MS13-032: Vulnerability in Active Directory Could Lead to Denial of Service ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE ImportantNA3Elevation of PrivilegeCooperatively Disclosed Affected Products Windows XP Professional x64 Edition and all supported editions of Windows Server 2003 Windows XP SP3 and all supported editions of Windows Vista and Windows Server 2008 Affected ComponentsWindows Client/Server Run-time Subsystem (CSRSS) Deployment Priority3 Main TargetWorkstations Possible Attack Vectors To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take complete control over an affected system. Impact of Attack On Windows XP Professional x64 Edition and Windows Server 2003, an attacker who successfully exploited this vulnerability could run arbitrary code in the context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. On Windows XP, Windows Vista, and Windows Server 2008, an attacker who successfully exploited this vulnerability could cause the system to become unresponsive until restarted. Mitigating FactorsAn attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. Additional InformationWindows Server 2008 installations using Server Core are affected. MS13-033: Vulnerability in Windows Client/Server Run- time Subsystem (CSRSS) Could Allow Elevation of Privilege ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE Important1NAElevation of PrivilegeCooperatively Disclosed Affected ProductsAll supported versions of Windows Defender for Windows 8 and Windows RT Affected ComponentsMicrosoft Antimalware Client Deployment Priority2 Main TargetWindows 8 workstations Possible Attack Vectors To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability. Impact of Attack An attacker could execute arbitrary code in the security context of the LocalSystem account and take complete control of the system. Mitigating Factors An attacker must have valid logon credentials to exploit this vulnerability. The vulnerability could not be exploited by anonymous users. Additional Information This update includes other functionality changes as described in Microsoft Knowledge Base Article Microsoft Knowledge Base Article MS13-034: Vulnerability in Microsoft Antimalware Client Could Allow Elevation of Privilege ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE ImportantNA3Elevation of PrivilegeCooperatively Disclosed Affected Products All supported editions of Microsoft SharePoint Server 2010, Microsoft Groove Server 2010, Microsoft SharePoint Foundation 2010, and Microsoft Office Web Apps 2010 Affected ComponentsHTML Sanitization Deployment Priority3 Main TargetSystems where users connect to a SharePoint Server Possible Attack Vectors An attacker would have to convince a user to view specially crafted SharePoint content, which then runs a script in the context of the user. Compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. Impact of Attack An attacker could read content that the attacker is not authorized to read or use the victim's identity to take actions on the targeted site or application. Mitigating FactorsMicrosoft has not identified any mitigating factors for this vulnerability. Additional Information For supported editions of Microsoft SharePoint Server 2010, in addition to the security update packages for Microsoft SharePoint 2010 ( and ), customers also need to install the security update for Microsoft SharePoint Foundation 2010 ( ) to be protected from the vulnerability described in this bulletin. Severity ratings do not apply to this update for all editions of InfoPath 2010 because the known attack vectors for the vulnerability are blocked. MS13-035: Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE Important33Elevation of PrivilegeCooperatively Disclosed CVE Important11Elevation of PrivilegeCooperatively Disclosed CVE ModerateDenial of ServiceCooperatively Disclosed CVE ModerateElevation of PrivilegePublicly Disclosed Affected ProductsAll supported versions of Windows Client and Windows Server Affected ComponentsKernel-Mode Driver Deployment Priority2 Main TargetWorkstations Possible Attack Vectors An attacker would first have to log on to the system, and then could run a specially crafted application designed to increase privileges. (CVE , CVE ) In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. (CVE ) In a file sharing attack scenario, an attacker could provide a specially crafted document that is designed to exploit this vulnerability, and then convince a user to open the document. (CVE ) In a local attack scenario, an attacker could run a specially crafted application. However, the attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability in this scenario. (CVE ) To exploit this vulnerability an attacker would have to mount a specially crafted NTFS volume. (CVE ) MS13-036: Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE Important33Elevation of PrivilegeCooperatively Disclosed CVE Important11Elevation of PrivilegeCooperatively Disclosed CVE ModerateDenial of ServiceCooperatively Disclosed CVE ModerateElevation of PrivilegePublicly Disclosed Impact of Attack An attacker could gain elevated privileges and read arbitrary amounts of kernel memory. (CVE , CVE ) An attacker could cause the system to stop responding and restart. (CVE ) An attacker could run arbitrary code in kernel mode. (CVE ) Mitigating Factors An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. (CVE , CVE ) An attacker would have no way to force users to visit specially crafted websites. (CVE ) The malicious file could be sent as an attachment, but the attacker would have to convince the user to open the attachment in order to exploit the vulnerability. (CVE ) By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML messages in the Restricted sites zone. (CVE ) An attacker must have admin privileges to mount a specially crafted NTFS volume, or have physical access to the system and insert a USB flash drive containing a specially crafted NTFS volume, to exploit this vulnerability. (CVE ) Additional InformationInstallations using Server Core are affected. MS13-036: Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege ( ) cont…

Microsoft Security Advisory ( ): Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 - On April 9, 2013, Microsoft released an update ( ) for all supported editions of Windows 8, Windows Server 2012 and Windows RT. The update addresses the vulnerabilities described in Adobe Security Bulletin APSB

Detection & Deployment 1.The MBSA does not support detection on Windows 8, Windows RT, and Windows Server Windows RT systems only support detection and deployment from Windows Update, Microsoft Update and the Windows Store.

Other Update Information 1.This update can be uninstalled in all supported editions of InfoPath 2010.

During this release, Microsoft will increase/add detection capability for the following families in the MSRT: - Win32/Babonock: A trojan that collects information about your computer, which it then sends to a remote server.Win32/Babonock - Win32/Redyms: A trojan that redirects search engine results. It may pose as a fake Adobe Flash installer. It has been known to be distributed by the Blackhole exploit kit.Win32/Redyms - Win32/Vesenlosow: A worm that can spread itself from one computer to another. Worms may spread themselves via a variety of different channels in order to compromise new computers. Commonly, worms may spread directly by copying themselves to removable or network drives, or by attempting to exploit particular vulnerabilities on targeted computers.Win32/Vesenlosow Available as a priority update through Windows Update or Microsoft Update Offered through WSUS 3.0 or as a download at:

Submit text questions using the “Ask” button. Don’t forget to fill out the survey. A recording of this webcast will be available within 48 hours on the MSRC blog. Register for next month’s webcast at: