Spyware, Viruses, & Security forum

Alert

Microsoft Security Bulletin Summary for April 2013

by Carol~ Forum moderator / April 9, 2013 3:35 AM PDT
Microsoft Security Bulletin Summary for April 2013

Published: Tuesday, April 09, 2013

Microsoft released 9 new security updates today, as part of their routine monthly security update cycle. As indicated below, Two (2) are identified as critical and Seven (7) as Important. They address 14 vulnerabilities in Tools Microsoft Windows, Internet Explorer, Microsoft Antimalware Client, Office, and Server Software.

Microsoft also released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Critical: 2

MS13-028 - Cumulative Security Update for Internet Explorer (2817183)
MS13-029 - Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2828223)

Important: 7

MS13-030 - Vulnerability in SharePoint Could Allow Information Disclosure (2827663)
MS13-031 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2813170)
MS13-032 - Vulnerability in Active Directory Could Lead to Denial of Service (2830914)
MS13-033 - Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2820917)
MS13-034 - Vulnerability in Microsoft Antimalware Client Could Allow Elevation of Privilege (2823482)
MS13-035 - Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2821818)
MS13-036 - Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege (2829996)

Security Bulletin : http://technet.microsoft.com/en-us/security/bulletin/ms13-apr

* * * * * * * * * * * * * * * *

For those who need to prioritize deployment, Microsoft recommends focusing on MS13-028 and MS13-029 first.

MS13-028 (Microsoft Internet Explorer)
This security update resolves two issues in Internet Explorer, both of which could allow remote code execution if a customer views a specially crafted webpage using the browser. An attacker who successfully exploited these vulnerabilities could gain the same rights as the current user. Both of these issues were privately disclosed and we have not detected any attacks or customer impact.

MS13-029 (Windows Remote Desktop Client)
This security update resolves an issue in the Windows Remote Desktop Client ActiveX control. The vulnerability could allow remote code execution if an attacker convinces a customer to view a website containing specially crafted content that exploits the vulnerability. This issue was privately reported and we have not detected any attacks or customer impact.

A video summarizing today's releases can be found here:
http://blogs.technet.com/b/msrc/archive/2013/04/09/out-with-the-old-in-with-the-april-2013-security-updates.aspx
Post a reply
Discussion is locked
You are posting a reply to: Microsoft Security Bulletin Summary for April 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Microsoft Security Bulletin Summary for April 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Blue-Screen-after-applying-April 9 2013 update
by bus / April 10, 2013 8:39 PM PDT

This update caused a BSD on a Vista 32-bit computer. One of my vista computers did this BSD out of my group of three. The other 2 were fine. In my case the hard drive was no longer recognized "disk boot failure". The drive had to be removed and bench tested via another Vista computer. Drive was found to be functional by viewing and performing quick defrag all via USB cable system which allowed the drive to be accessed externally. Drive was placed back in computer and still got "disk boot failure". Managed to get safe mode via pounding on "F8" key while booting. After reboot into normal mode computer was stable but AV and Microsoft update were broken. Used a restore point that was earlier than this update and then had to reinstall AV. Did update package and KB2808735 failed. KB2808735 had to be downloaded manually before installed. It took 2 reboots and then having Microsoft update check for update manually before all updates were installed successfully. This process was done over a 6 hour period and maybe Microsoft did a fix in the background. Saw one post on net for win7 having this kind of issue with this update package.. Has anyone else had trouble with this update?

Collapse -
Thus far..
by Carol~ Forum moderator / April 11, 2013 12:37 AM PDT

bus..

Outside of the same post you (probably) saw, I'm only aware of two unconfirmed reports thus far. Both are in Brazil. And both Win7 users. There may be more. As stated, it's the only two that I'm aware of.

Give it a little time. I'm sure if it's problematic .. more will surface.

Carol

Collapse -
Are you using Kaspersky A/V?
by Carol~ Forum moderator / April 11, 2013 6:40 AM PDT
In reply to: Thus far..
Collapse -
I have Avast
by bus / April 11, 2013 10:59 AM PDT

But the Kaspersky link you gave tells about "Your license is not valid. Protection disabled." Which is what happened with Avast also. This tells me that my problems were most likely due to this update package. Too many dots are connecting for me not to believe this. Hope this info helps anyone else who is having problems with this update package. Thanks for the follow up.

Collapse -
KB2808735 ?
by michhala / April 13, 2013 8:16 AM PDT
In reply to: Thus far..

Hi Carol -- have not yet installed updates....I always wait to see reports here before so doing. KB2823324 is not on my Windows Update list. That said, is there any problem with KB2808735 ?

Miki
Windows 7 Home Premium 64-bit

Collapse -
Miki, Not Carol, But I've Not Seen Any Issues With That One
by Grif Thomas Forum moderator / April 13, 2013 9:45 AM PDT
In reply to: KB2808735 ?

At least here, I've got it installed on a couple of XP computers plus a number of Windows 7 machines.. No problems so far and Microsoft has not issued any "uninstall" notices regarding 2808735 that I've seen. So my path is to install 2898735, but leave 2823324 uninstalled for the moment.

Hope this helps.

Grif

Collapse -
Thank you, thank you, Grif
by michhala / April 13, 2013 12:01 PM PDT

I shall follow your path....will install KB2808735.......will not install KB2823324 (it is not included on my Windows Update list).

So appreciate your help, Grif......Miki

Collapse -
Miki .. Only an added note regarding KB2808735
by Carol~ Forum moderator / April 14, 2013 6:53 AM PDT
In reply to: KB2808735 ?

The third paragraph in Dustin Child's blog post, "KB2839011 Released to Address Security Bulletin Update Issue" was corrected to now read:

'Update 2823324 addresses a Moderate-level vulnerability that requires an attacker to have physical computer access to exploit. The other security update provided in security bulletin MS13-036, 2808735, continues to be available for download for all affected platforms and is being pushed via updates to help protect customers against other issues - the bulletin no longer contains the affected update.'

He edited what he originally wrote (including the reference to 2808735) since the time I posted it at the Windows 7 forum. I'm glad I kept my working copy. Otherwise, I'd be questioning my sanity right about now. Happy

As Grif, I haven't read of any issues with 2808735.

Carol

Collapse -
My thanks, Carol
by michhala / April 14, 2013 8:21 AM PDT

Appreciate your updating me...it definitely IS enough to make one crazy. Happy This is the second Windows Update in a row that contained a problematic update.

Please know that I have checked the "thumbs up" several times....it is not working as usual -- instead of a checkmark, I am gifted with a fleeting message notifying me that it will appear shortly.

Thank you, again.....Miki

Collapse -
I do not have the link info but here
by bus / April 11, 2013 11:10 AM PDT

A friend found this message at Microsoft

"Known issues with this security update
Microsoft is investigating behavior wherein systems may fail to recover from a reboot or applications fails to load after security update 2823324 is applied. Microsoft recommends that customers uninstall this update. As an added precaution, Microsoft has removed the download links to the 2823324 update while we investigate"

Collapse -
The Microsoft Link..
by Carol~ Forum moderator / April 11, 2013 11:50 AM PDT

I posted the Microsoft link earlier in a thread at the Windows 7 forum. I was waiting for a response from you before offering it here.

I presume this is the one you're referring to: http://support.microsoft.com/kb/2823324

Interesting what you write about Avast. Some with the problem are using Kaspersky, while other's are not. I haven't heard the same about Avast (or other A/V's) but it doesn't surprise me.

Thanks for posting back.

Best of luck..
Carol

Collapse -
Thank you for link but I am afraid to remove KB2823324
by bus / April 11, 2013 8:52 PM PDT
In reply to: The Microsoft Link..

The affected computer in this case is running Vista 32-bit. It is being used as a media center for OTA HD TV viewing. I was very dishearten to think it was destroyed by an update package. I'm glad with the help of others to have been able to restore it.

I enjoyed watching my favorite TV shows last night in 5.1 sound via this computer. My cable provider does not provide the quality of these over the air channels unless you pay an additional ten dollars per TV set per month and I doubt the sound quality is included.

At this point I'm afraid to remove the KB2823324 update for fear of loosing the computer again. I'm going to try and see if I can leave it alone. I may try and seek advice directly from Microsoft on this one. I have spent over six hours on this problem so far. The thought of dealing directly with Microsoft on this one computer that is almost ten years old is not a good one. At least it slowed me down and I have not yet updated my win7 computer. I plan to do that later today which should be less problematic since Microsoft has removed KB2823324 links.

Collapse -
KB2839011 Released to Address Security Bulletin Update Issue
by Carol~ Forum moderator / April 12, 2013 12:56 AM PDT

Dusting Childs @ the Microsoft Security Response Center:

We are aware that some of our customers may be experiencing difficulties after applying security update 2823324, which we provided in security bulletin MS13-036 on Tuesday, April 9. We've determined that the update, when paired with certain third-party software, can cause system errors. As a precaution, we stopped pushing 2823324 as an update when we began investigating the error reports, and have since removed it from the download center.

Contrary to some reports, the system errors do not result in any data loss nor affect all Windows customers. However, all customers should follow the guidance that we have provided in KB2839011 to uninstall security update 2823324 if it is already installed.

Update 2823324 addresses a Moderate-level vulnerability that requires an attacker to have physical computer access to exploit. MS13-036 remains available for download and is being pushed via updates to help protect customers against the other issues documented in the security bulletin - it no longer contains the affected update.

Dustin Childs
Group Manager,Response Communications
Microsoft Trustworthy Computing

http://blogs.technet.com/b/msrc/archive/2013/04/11/kb2839011-released-to-address-security-bulletin-update-issue.aspx

Collapse -
Update 2823324
by Fish / April 12, 2013 2:15 AM PDT

I have already installed and restarted after this update with no problems.YET!
Scenario's one and two do not pertain to me.
Can I just carry on as is or what? I repeat I have no noticable problems with the update.

Collapse -
><)))o> ... MANY are asking the same question
by Carol~ Forum moderator / April 12, 2013 3:49 AM PDT
In reply to: Update 2823324

MANY are asking the same question. As you know the official response is to uninstall it. Or not to install it, if you haven't done so already. I can only give you my opinion.

If you're not using one of the offending third-party products and you haven't been impacted by the update, I would let it be for now. The decision is still yours to make.

IF I find throughout my travels, that those who chose not to uninstall it are starting to experience problems, I'll be sure to post it.

Thus far, I haven't heard of any who installed the update (without issue) experiencing problems afterwards.

The best I know to tell you..
Carol

Collapse -
Cat ;-0
by Fish / April 12, 2013 10:59 PM PDT

Thank's. I will just hunker down until things settle and see what happens.

Collapse -
(NT) :-D
by Carol~ Forum moderator / April 12, 2013 11:18 PM PDT
In reply to: Cat ;-0
Collapse -
Microsoft Security Bulletin Minor Revision
by Carol~ Forum moderator / April 17, 2013 11:12 PM PDT
Published: Tuesday, April 09, 2013

Updated: Wednesday, April 17, 2013

Version: 2.1

Reason for Revision: V2.1 (April 17, 2013): Added FAQs to provide additional guidance for customers who are having difficulties restarting their systems after installing security update 2823324.

From Updated FAQ:

What if I experienced difficulties restarting my system after installing security update 2823324?

To help customers who are experiencing difficulties restarting their systems after installation of security update 2823324, Microsoft is making available a bootable media ISO image through the Microsoft Download Center (DLC). Customers who cannot successfully restart their systems after applying the 2823324 update can download this image to create a bootable DVD or USB drive with which they can boot their systems, uninstall security update 2823324, and return their systems to a normal operating state. Please see the Microsoft Download Center for additional guidance and to download the ISO.

Microsoft recommends using this ISO image only if customers cannot successfully restart their systems. Customers who can restart normally should not use this ISO image and should instead refer to Microsoft Knowledge Base Article 2839011 for instructions on how to uninstall security update 2823324.

Bulletin: https://technet.microsoft.com/en-us/security/bulletin/ms13-036
Collapse -
New update available for MS13-036
by Carol~ Forum moderator / April 23, 2013 3:37 AM PDT

Dustin Childs @ The Microsoft Security Response Center (MSRC):

23 Apr 2013

Today we released a new update to replace KB2823324, which was originally made available through MS13-036. As we previously discussed, we stopped distributing this update when we learned some customers were having issues. The new update, KB2840149, still addresses the Moderate security issue described in MS13-036, and should not cause these issues.

If you have automatic updates enabled, you won't need to take any actions. For those manually updating, we encourage you to apply this update at your earliest convenience.

http://blogs.technet.com/b/msrc/archive/2013/04/23/new-update-available-for-ms13-036.aspx

Collapse -
Microsoft Security Bulletin MS13-036 Revision | FAQ
by Carol~ Forum moderator / April 23, 2013 10:04 AM PDT
Published: Tuesday, April 09, 2013

Updated: Tuesday, April 23, 2013

Version: 3.0

Reason for Revision: V3.0 (April 23, 2013): Rereleased bulletin to replace the 2823324 update with the 2840149 update for NTFS.sys when installed on supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. See the Update FAQ for details.

Update FAQ:

Why was this bulletin revised on April 23, 2013? What happened to the original 2823324 security update?

To address known issues with security update 2823324, Microsoft rereleased bulletin MS13-036 to replace the 2823324 update with the 2840149 update for NTFS.sys when installed on all affected versions of Microsoft Windows. Security update 2823324 was expired on April 11, 2013. Microsoft strongly recommends that customers with the 2823324 update still installed should uninstall the update prior to applying the 2840149 update. All customers should apply the 2840149 update, which replaces the expired 2823324 update.

I used Microsoft's Repair Disk ISO to boot and remove the 2823324 update. Should I apply the April 23, 2013 rereleased update (2840149)?

Yes. Customers who used the Microsoft Repair Disk ISO, available through the Microsoft Download Center, to return their computers to a normal operating state should apply the 2840149 update.

⇒ I already successfully installed the original 2823324 security update and am not experiencing any difficulties. Should I apply the April 23, 2013 rereleased update (2840149)?⇐

Yes. On April 11, 2013 Microsoft provided guidance that all customers should uninstall security update 2823324, and expired the associated packages. In situations where customers did not uninstall the original update, they should apply the rereleased update (2840149), which replaces the expired 2823324 update. Customers do not need to uninstall the expired 2823324 update before applying the 2840149 update; however, Microsoft strongly recommends it. Customers who do not remove the expired update will retain a listing for 2823324 under installed updates in Control Panel.

I uninstalled the original 2823324 security update. Should I apply the April 23, 2013 rereleased update (2840149)?

Yes. To be protected from CVE-2013-1293, all customers should apply the rereleased update (2840149), which replaces the expired 2823324 update.

For additional information: http://technet.microsoft.com/en-us/security/bulletin/ms13-036
Collapse -
so how do uninstall the expired 2823324 from a Vista 32 bit
by bus / April 24, 2013 9:55 PM PDT

Because I can't find instruction from MS on how to remove the expired 2823324 from my Vista 32 bit computer I decided to just do the correction update but if anyone knows how to remove the expired 2823324 from a Vista 32 bit based computer please provide the link.

Collapse -
If you applied the replaced update..
by Carol~ Forum moderator / April 25, 2013 12:11 AM PDT

bus..

There is no need to remove 2823324, if you already applied the re-released update. Microsoft recommended uninstalling it, only if you hadn't yet installed 2840149.

Read the information included in the above revision where it states:

⇒ I already successfully installed the original 2823324 security update and am not experiencing any difficulties. Should I apply the April 23, 2013 rereleased update (2840149)?⇐

Yes. On April 11, 2013 Microsoft provided guidance that all customers should uninstall security update 2823324, and expired the associated packages. In situations where customers did not uninstall the original update, they should apply the rereleased update (2840149), which replaces the expired 2823324 update. Customers do not need to uninstall the expired 2823324 update before applying the 2840149 update; however, Microsoft strongly recommends it. Customers who do not remove the expired update will retain a listing for 2823324 under installed updates in Control Panel.

Hope this addresses your concerns. If not, let us know.
Carol

Collapse -
replaced update
by 35phyl / April 29, 2013 11:51 AM PDT

Has anyone who installed 2823324, had no problem with it ,left it installed and also installed 2840149 have any problems? I installed 2823324, left it installed, but have been afraid to install 2840149 without hearing from people who have installed the replacement without uninstalling the original update. Thanks for any assurance anyone can give me.

Collapse -
Why Go Against Microsoft's Recommendations?
by Grif Thomas Forum moderator / April 29, 2013 12:40 PM PDT
In reply to: replaced update

"Customers do not need to uninstall the expired 2823324 update before applying the 2840149 update; however, Microsoft strongly recommends it."

On all computers here which had 2823324, we simply uninstalled it and reinstalled the new update.. Since the new version is designed to fix the same vulnerability, why keep a faulty update on the machine?

On my home computers, on which I've disabled autoupdates, I always wait 3 or 4 days till I update them.. In this case, it helped me avoid the problem update and I didn't need to uninstall anything at all.

Hope this helps.

Grif

Collapse -
Fwiw
by bob b / May 1, 2013 9:22 AM PDT
In reply to: replaced update

I installed 324.....the machine worked fine.
I left it installed.

I installed 149......the machine worked fine.
After a few days I uninstalled 324.....the machine worked fine.

So....based on that.
You can uninstall 324 before or after 149 or just leave it installed.
Ymmv.

Collapse -
replaced update
by 35phyl / May 2, 2013 3:23 AM PDT
In reply to: Fwiw

Thank you. I will go ahead and install 149 update.

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Tech for the school year

Smart tech for smart students

Forget the pencils and notebooks. Gear up your students with these portable and powerful note-taking machines.