To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in Information: - 1 (877) Pin: 3959

Review of March 2013 Bulletin Release Information - Seven New Security Bulletins - One Security Bulletin Re-Release - One Updated Security Advisory - Microsoft Windows Malicious Software Removal Tool Changes to Security Bulletins Resources Questions and Answers: Please Submit Now - Submit Questions via Twitter #MSFTSecWebcast

Severity & Exploitability Index Exploitability Index 1 RISK 2 3 DP Severity Critical IMPACT Important Moderate Low MS13-021MS13-022MS MS13-024MS13-025MS13-026MS Internet Explorer Visio SilverlightSharePoint Kernel-Mode Drivers OneNoteOutlook for Mac

Bulletin Deployment Priority

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE CVE CVE CVE CVE CVE Critical11Remote Code ExecutionCooperatively Disclosed CVE Critical21Remote Code ExecutionCooperatively Disclosed CVE CriticalNA1Remote Code ExecutionCooperatively Disclosed CVE CriticalNA1Remote Code ExecutionPublicly Disclosed Affected Products IE6 – IE10 on all supported versions of Windows Client (except for IE10 on Windows 7) IE6 – IE10 on all supported versions of Windows Server (except for IE10 on Windows Server 2008 R2 x64) Affected ComponentsInternet Explorer Deployment Priority1 Main TargetWorkstations Possible Attack Vectors An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. (All CVEs) The attacker could take advantage of compromised websites and websites that accept or host user- provided content or advertisements. (All CVEs) Impact of AttackAn attacker could gain the same user rights as the current user. (All CVEs) Mitigating Factors An attacker cannot force users to view the attacker-controlled content. (All CVEs) By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML messages in the Restricted sites zone. (All CVEs) By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012 runs in a restricted mode that is known as Enhanced Security Configuration. (All CVEs) Additional InformationInstallations using Server Core are not affected. MS13-021: Cumulative Security Update for Internet Explorer ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE Critical1NARemote Code ExecutionCooperatively Disclosed Affected Products Microsoft Silverlight 5 and Microsoft Silverlight 5 Developer Runtime when installed on Mac and all supported versions of Windows Client (except Windows RT) and Windows Server Affected ComponentsSilverlight Deployment Priority1 Main TargetWorkstations Possible Attack Vectors An attacker could host a website that contains a specially crafted Silverlight application designed to exploit this vulnerability and then convince a user to view the website. The attacker could take advantage of compromised websites and websites that accept or host user- provided content or advertisements. Impact of AttackAn attacker could gain the same user rights as the current user. Mitigating Factors An attacker cannot force users to visit specially crafted websites. By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012 runs in a restricted mode that is known as Enhanced Security Configuration. Additional Information Microsoft Silverlight build , which was the current build of Microsoft Silverlight when this bulletin was first released, addresses the vulnerability and is not affected. Builds of Microsoft Silverlight previous to are affected. MS13-022: Vulnerability in Silverlight Could Allow Remote Code Execution ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE CriticalNA2Remote Code ExecutionCooperatively Disclosed Affected ProductsAll supported editions of Microsoft Visio Viewer 2010 Affected ComponentsVisio Deployment Priority2 Main TargetWorkstations Possible Attack Vectors an attacker could send a specially crafted Visio file to the user and then convince the user to open the file. Web-based: an attacker would have to host a website that contains a specially crafted Visio file that could exploit this vulnerability. In addition, the attacker could take advantage of compromised websites and websites that accept or host user-provided content. Impact of AttackAn attacker could run arbitrary code as the current user. Mitigating Factors By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML messages in the Restricted sites zone. By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012 runs in a restricted mode that is known as Enhanced Security Configuration. An attacker cannot force users to visit specially crafted websites. MS13-023: Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE CriticalNA1Elevation of PrivilegeCooperatively Disclosed CVE CVE ImportantNA1Elevation of PrivilegeCooperatively Disclosed CVE ModerateNA3Denial of ServiceCooperatively Disclosed Affected ProductsMicrosoft SharePoint Server 2010Microsoft SharePoint Foundation 2010 Affected ComponentsSharePoint Deployment Priority2 Main TargetServers where SharePoint is installed Possible Attack Vectors An attacker must input a specially crafted URL to a system running an affected version of SharePoint Server. (CVE , CVE , CVE ) A user must visit a specially crafted page usually only available to SharePoint administrators. (CVE ) Impact of Attack An attacker could read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim. (CVE , CVE , CVE ) An attacker could cause the W3WP process on an affected version of SharePoint Server to terminate, causing the SharePoint site, and any other sites running under that process, to become unavailable until the process is restarted. (CVE ) Mitigating Factors Microsoft has not identified any mitigating factors for these vulnerabilities. (CVE , CVE , CVE ) An attacker would have no way to force users to visit specially crafted websites. (CVE ) Additional Information For supported editions of Microsoft SharePoint Server 2010, in addition to security update package for Microsoft SharePoint 2010 ( ), customers also need to install the security update for Microsoft SharePoint Foundation 2010 ( ) to be protected from the vulnerabilities described in this bulletin. MS13-024: Vulnerabilities in SharePoint Could Allow Elevation of Privilege ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE ImportantNA3Information DisclosureCooperatively Disclosed Affected ProductsMicrosoft OneNote 2010 Affected ComponentsOneNote Deployment Priority3 Main TargetWorkstations Possible Attack Vectors In a web-based attack scenario, an attacker could exploit the vulnerability by convincing a user to open a specially crafted OneNote file. Impact of Attack An attacker could discover sensitive information, such as the username and/or password for configured accounts. Mitigating FactorsMicrosoft has not identified any mitigating factors for this vulnerability. MS13-025: Vulnerability in Microsoft OneNote Could Allow Information Disclosure ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE Important33Information DisclosureCooperatively Disclosed Affected ProductsMicrosoft Office 2008 for Mac and Microsoft Office for Mac 2011 Affected ComponentsOutlook for Mac Deployment Priority3 Main Target Workstations running an affected version of Microsoft Outlook for Mac and that have a WebKit browser installed Possible Attack Vectors An attacker could send the user a specially crafted HTML that contains HTML5 content tags and convince the user to preview or open the message. Impact of Attack An attacker could identify that an they sent was rendered in an HTML mail viewer. This could allow the attacker to confirm that the targeted account is valid and that the specially crafted has been read. Mitigating FactorsMicrosoft has not identified any mitigating factors for this vulnerability. MS13-026: Vulnerability in Office Outlook for Mac Could Allow Information Disclosure ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE CVE CVE Important11Elevation of PrivilegeCooperatively Disclosed Affected ProductsAll supported versions of Windows Client and Windows Server (except Windows RT) Affected ComponentsKernel-Mode Driver Deployment Priority1 Main TargetWorkstations Possible Attack VectorsAn attacker could exploit the vulnerability by inserting a malicious USB device into the system. Impact of AttackAn attacker could gain elevated privileges and read arbitrary amounts of kernel memory. Mitigating FactorsIn a default scenario, an attacker would require physical access to exploit this vulnerability. Additional InformationInstallations using Server Core are affected. MS13-027: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege ( )

Microsoft Security Bulletin MS13-003: Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege ( ) - Re-released this bulletin to announce availability of an update for Microsoft System Center Operations Manager 2007 Service Pack 1. Customers running Microsoft System Center Operations Manager 2007 Service Pack 1 on 32-bit or x64-based operating systems are encouraged to download and apply the update to their systems. - Microsoft System Center Operations Manager 2007 ServicePack 1 on Itanium-based systems is not affected by the vulnerabilities described in this bulletin.

Microsoft Security Advisory ( ): Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 - On March 12, 2013, Microsoft released an update (KB ) for all supported editions of Windows 8, Windows Server 2012 and Windows RT. The update addresses the vulnerabilities described in Adobe Security Bulletin APSB13-09.

Detection & Deployment 1.The MBSA does not support detection on Windows 8, Windows RT, and Windows Server Windows RT systems only support detection and deployment from Windows Update, Microsoft Update and the Windows Store. 3.Mac is not supported by detection tools.

Other Update Information

During this release, Microsoft will increase/add detection capability for the following families in the MSRT: - Win32/Wecykler: A worm that spreads via removable drives, such as USB sticks. It also terminates some security related processes and logs keystrokes.Win32/Wecykler Available as a priority update through Windows Update or Microsoft Update Offered through WSUS 3.0 or as a download at:

Changes to KB References

Changes to Deployment

Submit text questions using the “Ask” button. Don’t forget to fill out the survey. A recording of this webcast will be available within 48 hours on the MSRC blog. Register for next month’s webcast at: