Security Advisory - January 08, 2013
Zscaler Tackles XSS, DoS and Security Feature Bypass Vulnerabilities in January 2013 Microsoft Patch Cycle
Zscaler, working with Microsoft through their MAPPs program has proactively deployed protections for the following four vulnerabilities included in the January 2013 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the January release and deploy additional protections as necessary.
MS13-003 – Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege (2748552)
Severity: Important
Affected Software
- Microsoft System Center Operations Manager 2007
CVE-2013-0009 - System Center Operations Manager Web Console XSS Vulnerability
CVE-2013-0010 - System Center Operations Manager Web Console XSS Vulnerability
Description: A cross-site scripting (XSS) vulnerability exists in System Center Operations Manager that could allow specially crafted script code to run under the guise of the server.
MS13-007 – Vulnerability in Open Data Protocol Could Allow Denial of Service (2769327)
Severity: Important
Affected Software
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
- Windows 8
- Windows Server 2012
CVE-2013-0005 - Replace Denial of Service Vulnerability
Description: A denial of service vulnerability exists in the OData specification that could allow denial of service.
MS13-006 – Vulnerability in Microsoft Windows Could Allow Security Feature Bypass (2785220)
Severity: Important
Affected Software
- Windows Vista
- Windows Server 2008
- Windows 7
- Windows 8
- Windows Server 2012
- Windows RT
CVE-2013-0013 Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability
Description: A security feature bypass vulnerability exists in the way that the Microsoft Windows SSL/TLS (Secure Socket Layer and Transport Layer Security) handle the SSL version 3 (SSLv3) and TLS protocols.