{"id":2396,"date":"2013-04-18T00:00:00","date_gmt":"2013-04-18T00:00:00","guid":{"rendered":"http:\/\/otava.test\/april-microsoft-security-updates\/"},"modified":"2013-04-18T00:00:00","modified_gmt":"2013-04-18T00:00:00","slug":"april-microsoft-security-updates","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/april-microsoft-security-updates\/","title":{"rendered":"April Microsoft Security Updates"},"content":{"rendered":"<p id=\"internal-source-marker_0.3497912822095266\" dir=\"ltr\">This month there are nine updates within the Microsoft security bulletin. Two are due to remote code execution vulnerabilities, while many of the important-rated patches are due to weaknesses that could allow an elevation of privilege.<\/p>\n<p dir=\"ltr\">The first critical update was a cumulative update for Internet Explorer, resolving two reported vulnerabilities that would have allowed remote code execution. In order for an attacker to exploit this, a user would simply have to view a specially crafted webpage while using Internet Explorer. This update affects Internet Explorer 6 through 10. A full list of the affected softwares and their severity rating can be found <a href=\"https:\/\/technet.microsoft.com\/en-us\/security\/bulletin\/ms13-apr\">on the bulletin<\/a>.<\/p>\n<p dir=\"ltr\">The other critical update is for another remote code execution vulnerability, this time involving Windows Remote Desktop Client. If a user views a specially crafted web page, the attacker has the opportunity to gain the same rights as the user. For both of these updates Microsoft reminded readers that setting up accounts with only as many user rights as necessary can help lower the effects to these types of attacks, as the attacker doesn\u2019t get as many freedoms as if everyone on the system had administrator level access.<\/p>\n<p dir=\"ltr\">Rated \u2018important\u2019, there was a vulnerability for SharePoint servers that could allow information disclosure. In order to exploit this vulnerability, an attacker would have to know the address or location of a specific SharePoint list, and gained access to where the list was maintained. The attacker would also need to get past the authentication requests posed by the site. In order to resolve this issue, the default access controls applied to these lists were altered. This affects supported editions of SharePoint Server 2013.<\/p>\n<p dir=\"ltr\">There was also an important vulnerability patched for Active Directory, where If the attacker sent a specially crafted query to the Lightweight Directory Access Protocol (LDAP) services, it would result in a denial of service. This was due to the way the service was handling LDAP queries, and will require a restart with the patch.<\/p>\n<p dir=\"ltr\">The rest of the updates were for elevation of privilege vulnerabilities. Of note, there was a patch for three vulnerabilities in Microsoft Windows that would allow the elevation of privilege given they have the ability to physically access the computer. After the updates were published by Microsoft and they started being implemented, it was found that this patch was causing system areas. This was caused by the update\u2019s incompatibility with certain third-party software. It was suggested that if the patch was installed, to uninstall. Microsoft also pulled the update from their site in order to get it fixed and republished.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This month there are nine updates within the Microsoft security bulletin. Two are due to remote code execution vulnerabilities, while many of the important-rated patches are due to weaknesses that could allow an elevation of privilege. The first critical update was a cumulative update for Internet Explorer, resolving two reported vulnerabilities that would have allowed remote code execution. In order for an attacker to exploit this, a user would simply have to view a specially crafted webpage while using Internet Explorer. This update affects Internet Explorer 6 through 10. A full list of the affected softwares and their severity rating can be found on the bulletin. The other critical update is for another remote code execution vulnerability, this time involving Windows Remote Desktop Client. If a user views a specially crafted web page, the attacker has the opportunity to gain the same rights as the user. For both of these updates Microsoft reminded readers that setting up accounts with only as many user rights as necessary can help lower the effects to these types of attacks, as the attacker doesn\u2019t get as many freedoms as if everyone on the system had administrator level access. Rated \u2018important\u2019, there was a vulnerability&#8230;<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[59],"tags":[],"other_category":[],"class_list":["post-2396","post","type-post","status-publish","format-standard","hentry","category-information-technology-tips"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>April Microsoft Security Updates | OTAVA<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/april-microsoft-security-updates\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"April Microsoft Security Updates\" \/>\n<meta property=\"og:description\" content=\"This month there are nine updates within the Microsoft security bulletin. Two are due to remote code execution vulnerabilities, while many of the important-rated patches are due to weaknesses that could allow an elevation of privilege. The first critical update was a cumulative update for Internet Explorer, resolving two reported vulnerabilities that would have allowed remote code execution. In order for an attacker to exploit this, a user would simply have to view a specially crafted webpage while using Internet Explorer. This update affects Internet Explorer 6 through 10. A full list of the affected softwares and their severity rating can be found on the bulletin. The other critical update is for another remote code execution vulnerability, this time involving Windows Remote Desktop Client. If a user views a specially crafted web page, the attacker has the opportunity to gain the same rights as the user. For both of these updates Microsoft reminded readers that setting up accounts with only as many user rights as necessary can help lower the effects to these types of attacks, as the attacker doesn\u2019t get as many freedoms as if everyone on the system had administrator level access. Rated \u2018important\u2019, there was a vulnerability...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/april-microsoft-security-updates\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2013-04-18T00:00:00+00:00\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/april-microsoft-security-updates\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/april-microsoft-security-updates\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"April Microsoft Security Updates\",\"datePublished\":\"2013-04-18T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/april-microsoft-security-updates\/\"},\"wordCount\":435,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"articleSection\":[\"Information Technology Tips\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/april-microsoft-security-updates\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/april-microsoft-security-updates\/\",\"url\":\"https:\/\/www.otava.com\/blog\/april-microsoft-security-updates\/\",\"name\":\"April Microsoft Security Updates | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"datePublished\":\"2013-04-18T00:00:00+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/april-microsoft-security-updates\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/april-microsoft-security-updates\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/april-microsoft-security-updates\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"April Microsoft Security Updates\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"April Microsoft Security Updates | OTAVA","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/april-microsoft-security-updates\/","og_locale":"en_US","og_type":"article","og_title":"April Microsoft Security Updates","og_description":"This month there are nine updates within the Microsoft security bulletin. Two are due to remote code execution vulnerabilities, while many of the important-rated patches are due to weaknesses that could allow an elevation of privilege. The first critical update was a cumulative update for Internet Explorer, resolving two reported vulnerabilities that would have allowed remote code execution. In order for an attacker to exploit this, a user would simply have to view a specially crafted webpage while using Internet Explorer. This update affects Internet Explorer 6 through 10. A full list of the affected softwares and their severity rating can be found on the bulletin. The other critical update is for another remote code execution vulnerability, this time involving Windows Remote Desktop Client. If a user views a specially crafted web page, the attacker has the opportunity to gain the same rights as the user. For both of these updates Microsoft reminded readers that setting up accounts with only as many user rights as necessary can help lower the effects to these types of attacks, as the attacker doesn\u2019t get as many freedoms as if everyone on the system had administrator level access. Rated \u2018important\u2019, there was a vulnerability...","og_url":"https:\/\/www.otava.com\/blog\/april-microsoft-security-updates\/","og_site_name":"OTAVA","article_published_time":"2013-04-18T00:00:00+00:00","author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/april-microsoft-security-updates\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/april-microsoft-security-updates\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"April Microsoft Security Updates","datePublished":"2013-04-18T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/april-microsoft-security-updates\/"},"wordCount":435,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"articleSection":["Information Technology Tips"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/april-microsoft-security-updates\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/april-microsoft-security-updates\/","url":"https:\/\/www.otava.com\/blog\/april-microsoft-security-updates\/","name":"April Microsoft Security Updates | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"datePublished":"2013-04-18T00:00:00+00:00","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/april-microsoft-security-updates\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/april-microsoft-security-updates\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/april-microsoft-security-updates\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"April Microsoft Security Updates"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2396","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=2396"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2396\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=2396"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=2396"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=2396"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=2396"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}