To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in Information: - 1 (877) Pin: 3959

Review of May 2013 Bulletin Release Information - Ten New Security Bulletins - Two New Security Advisories ⁻ One Updated Security Advisory ⁻ Microsoft Windows Malicious Software Removal Tool Resources Questions and Answers: Please Submit Now - Submit Questions via Twitter #MSFTSecWebcast

Severity & Exploitability Index Exploitability Index 1 RISK 2 3 DP Severity Critical IMPACT Important Moderate Low MS13-037MS13-038MS MS13-040MS13-041MS13-042MS MS13-044MS13-045MS Internet Explorer Lync Visio Publisher Word HTTP.sys.NET Framework Windows Essentials Kernel-Mode Drivers

Bulletin Deployment Priority

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE Critical NA2 Remote Code Execution Cooperatively Disclosed CVE NA2 CVE CVE CVE CVE CVE NA1 CVE CVE CVE CVE ImportantNA3Information Disclosure Cooperatively Disclosed Affected ProductsIE6 – IE10 on all supported versions of Windows Client IE6 – IE10 on all supported versions of Windows Server Affected ComponentsInternet Explorer Deployment Priority1 Main TargetWorkstations Possible Attack Vectors An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. (All CVEs) The attacker could take advantage of compromised websites and websites that accept or host user-provided content or advertisements. (All CVEs) Impact of Attack An attacker could read the contents of JSON data files. (CVE ) An attacker could gain the same user rights as the current user. (Remaining CVEs) Mitigating Factors An attacker cannot force users to view the attacker-controlled content. (All CVEs) By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML messages in the Restricted sites zone. (All CVEs except CVE ) By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012 runs in a restricted mode that is known as Enhanced Security Configuration. (All CVEs) Additional InformationInstallations using Server Core not affected. (All CVEs) MS13-037: Cumulative Security Update for Internet Explorer ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE CriticalNA1Remote Code ExecutionPublicly Disclosed Affected ProductsIE8 on all supported versions of Windows ClientIE8 on all supported versions of Windows Servers Affected ComponentsInternet Explorer Deployment Priority1 Main TargetWorkstations Possible Attack Vectors An attacker could host a specially crafted website that is designed to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. Impact of Attack The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. Mitigating Factors By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that mitigates this vulnerability. Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML messages in the Restricted sites zone, which disables script and ActiveX controls and helps reduce the risk. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. MS13-038: Vulnerability in Internet Explorer Could Allow Remote Code Execution ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE Important3NADenial of ServiceCooperatively Disclosed Affected Products All supported editions of Windows 8 and Windows Server 2012 Affected Components HTTP.sys Deployment Priority 1 Main Target Windows 2012 Servers in an internet-facing deployment Possible Attack Vectors In an HTTP attack scenario, an attacker could send a specially crafted HTTP packet to a Windows 2012 Server. Impact of Attack An attacker who successfully exploited this vulnerability could cause a system to stop responding. Mitigating Factors By default, IIS is not enabled on any Windows operating system. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems connected directly to the Internet have a minimal number of ports exposed. Additional Information Update for Windows RT is available via Windows Update. MS13-039: Vulnerability in HTTP.sys Could Allow Denial of Service ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE Important SpoofingCooperatively Disclosed CVE NASecurity BypassPublicly Disclosed Affected Products.NET Framework 2.0 SP2,.NET Framework 3.5,.NET Framework 3.5.1,.NET Framework 4, and.NET Framework 4.5 on all supported versions of Windows Client and Windows Server. Affected Components.NET Framework Deployment Priority3 Main TargetWorkstations and Servers that run.NET and/or WCF Possible Attack Vectors In a.NET application attack scenario, an attacker could modify the contents of an XML file without invalidating the signature associated with the file. (CVE ) In a.NET application attack scenario, an attacker could send specially crafted queries to a WCF endpoint. (CVE ) Impact of Attack An attacker who successfully exploited this vulnerability could modify the contents of an XML file without invalidating the signature associated with the file. (CVE ) An attacker could gain access to the endpoint functions as if they were an authenticated user. (CVE ) Mitigating Factors Microsoft has not identified any mitigating factors for this vulnerability. (CVE ) By default the WCF authentication mode is set to "Windows" in the userNamePasswordValidationMode property, which is not vulnerable. (CVE ) Additional Information.NET Framework 4 and.NET Framework 4 Client Profile affected. MS13-040: Vulnerabilities in.NET Framework Could Allow Spoofing ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE Important22Remote Code ExecutionCooperatively Disclosed Affected Products Microsoft Communicator 2007 R2, Microsoft Lync 2010, Microsoft Lync 2010 Attendee, and Microsoft Lync Server 2013 Affected ComponentsLync Deployment Priority2 Main TargetWorkstations Possible Attack Vectors The vulnerability could allow remote code execution if an attacker shares specially crafted content, such as a file or program, as a presentation in Lync or Communicator and then convinces a user to accept an invitation to view or share the presentable content. Impact of Attack An attacker could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Mitigating Factors An attacker would have no way to force users to view or share the attacker-controlled file or program. Additional Information Applying the Lync Server 2013 security update ( ) also installs the February 2013 cumulative updates for Lync Server MS13-041: Vulnerability in Lync Could Allow Remote Code Execution ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE Important 1 Remote Code ExecutionCooperatively Disclosed CVE CVE CVE CVE CVE NA CVE CVE CVE CVE CVE Affected ProductsMicrosoft Publisher 2003, Microsoft Publisher 2007, and Microsoft Publisher 2010 Affected ComponentsPublisher Deployment Priority2 Main TargetWorkstations Possible Attack Vectors In a web-based attack scenario, an attacker could host a website that contains a webpage that is used to exploit these vulnerabilities. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit these vulnerabilities. Impact of Attack An attacker who successfully exploited these vulnerabilities could run arbitrary code as the current user. Mitigating Factors Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. These vulnerabilities cannot be exploited automatically through . MS13-042: Vulnerability in Microsoft Publisher Could Allow Remote Code Execution ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE ImportantNA2Remote Code ExecutionCooperatively Disclosed Affected Products Microsoft Word 2003 and Microsoft Word Viewer Affected ComponentsWord Deployment Priority2 Main TargetWorkstations Possible Attack Vectors An attacker could host a website that contains a specially crafted Office file that is used to attempt to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. Impact of Attack An attacker who successfully exploited this vulnerability could gain the same user rights as the current user and run arbitrary code in the context of the current user. Mitigating Factors An attacker would have no way to force users to visit these websites. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Additional Information Outlook is not directly affected because the vulnerability exists in Microsoft Word. If Word is the selected reader, then an attacker could leverage Outlook for the attack vector to exploit the vulnerability MS13-043: Vulnerability in Microsoft Word Could Allow Remote Code Execution ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE ImportantNA3Information DisclosureCooperatively Disclosed Affected Products Microsoft Visio 2003, Microsoft Visio 2007, and Microsoft Visio 2010 Affected ComponentsVisio Deployment Priority3 Main TargetWorkstations Possible Attack Vectors An attacker could host a website that contains a specially crafted Visio file that is used to attempt to exploit this vulnerability. Compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. Impact of Attack An attacker who successfully exploited this vulnerability could read data from a file located on the target system. Mitigating Factors An attacker would have no way to force users to visit a specially crafted website. The vulnerability cannot be exploited automatically through . MS13-044: Vulnerability in Microsoft Visio Could Allow Information Disclosure ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE Important33Information DisclosureCooperatively Disclosed Affected ProductsWindows Essentials 2011 and Windows Essentials 2012 on all supported versions of Windows Client. Affected ComponentsWriter Deployment Priority3 Main TargetSystems with Windows Writer Possible Attack Vectors An attacker would have to host a website and convince a user to click on a specially crafted URL in order to exploit this vulnerability. Impact of Attack An attacker who successfully exploited the vulnerability could override Windows Writer proxy settings and overwrite files accessible to the user on the target system. Mitigating Factors An attacker would have no way to force users to visit these websites. Additional Information There is no update available for Windows Essentials This update is available through the Windows Essentials page. MS13-045: Vulnerability in Windows Essentials Could Allow Information Disclosure ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE Important 22 Elevation of PrivilegeCooperatively Disclosed CVE NA 1 CVE Affected Products Windows XP, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT Affected ComponentsKernel-Mode Driver Deployment Priority2 Main TargetWorkstations and Terminal Servers Possible Attack Vectors To exploit this vulnerability, an attacker would first have to log on to the system then run a specially crafted application designed to increase privileges. (All CVEs) Impact of Attack An elevation of privilege vulnerability exists when the Microsoft DirectX graphics kernel subsystem (dxgkrnl.sys) improperly handles objects in memory. (CVE ) An attacker could gain elevated privileges and cause system instability. (CVE ) An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE ) Mitigating Factors An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. (All CVEs) Additional Information This update is available via Windows Update. For some products, this update is for DiD only. For more information, please refer to the update. MS13-046: Vulnerability in Kernel-Mode Drivers Could Allow Elevation of Privilege ( )

Microsoft Security Advisory ( ): Update Rollup for ActiveX Kill Bits - Microsoft is releasing a new set of ActiveX kill bits with this advisory. Microsoft Security Advisory ( ): Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution - This advisory addresses a security vulnerability that only affects x64-based versions of the Malware Protection Engine.

Microsoft Security Advisory ( ): Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 ⁻ On May 14, 2013, Microsoft released an update ( ) for all supported editions of Windows 8, Windows Server 2012, and Windows RT. The update addresses the vulnerabilities described in Adobe Security bulletin APSB13-14.

Detection & Deployment 1.The MBSA does not support detection on Windows 8, Windows RT, and Windows Server Windows RT systems only support detection and deployment from Windows Update, Microsoft Update and the Windows Store.

Other Update Information

During this release Microsoft will increase detection capability for the following families in the MSRT: ₋WIN32/Fakdef: A family of trojans that displays fake warnings of "malicious programs and viruses", and tells you that they need to pay money to register the software to remove these non-existent threats. WIN32/Fakdef ₋WIN32/Vicenor: A family of trojans that launch a Bitcoin mining utility on your computer. WIN32/Vicenor ₋WIN32/Kexqoud: A family of trojans that use your computer without your consent to generate digital currency, also known as Bitcoins. WIN32/Kexqoud Available as a priority update through Windows Update or Microsoft Update. Offered through WSUS 3.0 or as a download at:

Submit text questions using the “Ask” button. Don’t forget to fill out the survey. A recording of this webcast will be available within 48 hours on the MSRC blog. Register for next month’s webcast at: