Dial In Number Pin: 3959 Information About Microsoft’s January 2013 Out-of-Band Security Bulletin Jonathan Ness Security Development Manager Microsoft Corporation Dustin Childs Group Manager, Response Communications Microsoft Corporation

Dial In Number Pin: 3959 What We Will Cover Review of the January 2013 Bulletin Out-Of-Band release information for Security Bulletin MS Review of the January 2013 Bulletin Out-Of-Band release information for Security Bulletin MS Resources.Resources. Questions and answers: Please Submit Now.Questions and answers: Please Submit Now.

Dial In Number Pin: 3959 Severity & Deployment Priority Exploitability Index 1 RISK 2 3 DP 1 Severity CRIT IMPACT IMPORT MOD LOW MS InternetExplorer

Dial In Number Pin: 3959 MS13-008: Security Update for Internet Explorer ( ) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE Critical11 Remote Code Execution Publicly disclosed Affected Products Internet Explorer 6, 7, and 8 on all supported versions of Windows Client Internet Explorer 6, 7, and 8 on all supported versions of Windows Server Affected Components Internet Explorer Deployment Priority 1 Main Target Workstations Possible Attack Vectors An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer.An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer. An attacker could also take advantage of compromised websites and websites that accept or host user- provided content or advertisements.An attacker could also take advantage of compromised websites and websites that accept or host user- provided content or advertisements. Impact of Attack An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Mitigating Factors By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML messages in the Restricted sites zone.By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML messages in the Restricted sites zone. By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012 runs in a restricted mode that is known as Enhanced Security Configuration.By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012 runs in a restricted mode that is known as Enhanced Security Configuration. An attacker would have no way to force users to view the attacker-controlled content.An attacker would have no way to force users to view the attacker-controlled content. Additional Information This vulnerability was first described in Microsoft Security Advisory This update fully deprecates Security Advisory This vulnerability was first described in Microsoft Security Advisory This update fully deprecates Security Advisory Security Advisory Security Advisory Security Advisory Security Advisory Internet Explorer 9 and 10 are not affected by this vulnerability.Internet Explorer 9 and 10 are not affected by this vulnerability. Customers must have installed the last IE Cumulative Update (MS12-077) prior to installing this update,Customers must have installed the last IE Cumulative Update (MS12-077) prior to installing this update,MS12-077

Dial In Number Pin: 3959 Detection, Deployment, & Additional Information

Dial In Number Pin: 3959 Questions and Answers Submit text questions using the “Ask” button.Submit text questions using the “Ask” button. Don’t forget to fill out the survey.Don’t forget to fill out the survey. A recording of this webcast will be available within 48 hours on the MSRC Blog: recording of this webcast will be available within 48 hours on the MSRC Blog: Register for next month’s webcast at: for next month’s webcast at:

Dial In Number Pin: 3959 Resources Blogs Microsoft Security Response Center (MSRC) blog: Security Response Center (MSRC) blog: Security Research & Defense blog: Research & Defense blog: Microsoft Malware Protection Center Blog: Malware Protection Center Blog: Twitter Security Centers Microsoft Security Home Page: Security Home Page: TechNet Security Center: Security Center: MSDN Security Developer Center: us/security/default.aspxMSDN Security Developer Center: us/security/default.aspx us/security/default.aspx us/security/default.aspx Bulletins, Advisories, Notifications & Newsletters Security Bulletins Summary: ary.mspxSecurity Bulletins Summary: ary.mspx ary.mspx ary.mspx Security Bulletins Search: Bulletins Search: Security Advisories: Advisories: Microsoft Technical Security Notifications: mspxMicrosoft Technical Security Notifications: mspx mspx mspx Microsoft Security Newsletter: Security Newsletter: Other Resources Update Management Process e/patchmanagement/secmod193.mspxUpdate Management Process e/patchmanagement/secmod193.mspx e/patchmanagement/secmod193.mspx e/patchmanagement/secmod193.mspx Microsoft Active Protection Program Partners: ners.mspxMicrosoft Active Protection Program Partners: ners.mspx ners.mspx ners.mspx

Dial In Number Pin: 3959