Page 2 of 2
Microsoft also addressed a critical remote code execution vulnerability in Windows Print Spooler that could be exploited by an attacker sending a malicious print job. The attack can be used by an attacker to corrupt memory, execute malicious code and leapfrog to more sensitive systems. In MS13-001, Microsoft said standard firewall configurations helps mitigate the risk posed by the flaw. The security update affects users of Windows 7 and Windows Server 2008.
In addition, Microsoft issued 5 bulletins rated important. Microsoft fixed two vulnerabilities in System Center Operations Manager that could give an attacker elevated privileges. It repaired four flaws in the NET framework and fixed a flaw in the Windows kernel mode driver and an Open Data protocol vulnerability that could be exploited, causing a server or service to stop responding and restart.
Microsoft also addressed a vulnerability in the implementation of SSL/TLS that could allow an attacker to intercept and view encrypted Web traffic handshakes and can be used in man-in-the-middle attacks, VMware's Miller said. The issue is rated important and affects all versions of Windows.
"This is an interesting vulnerability itself but very difficult to exploit," Miller said. "We're talking about very specific configurations or difficult to exploit vulnerabilities."