April 9 Patch Tuesday Fixes Surface Wi-Fi, 14 Other Vulnerabilities in Microsoft Products

Microsoft updates Surface RT & Pro--fixes 14 exploits in Windows, Internet Explorer, Antimalware client, Office, and Server Software. KB2839011 address infinite reboot issue. Addresses Flash Player in Windows 8 IE10. UR 5 for OpsMgr 2012.

April Patch Tuesday, Microsoft releases nine bulletins, two Critical-class and seven Important-class, addressing in Windows, Internet Explorer, Microsoft Antimalware Client, Office, and Server Software.

MS13-028 resolves two issues in Internet Explorer, both of which could allow remote code execution if a customer views a specially crafted webpage using the browser.

This security update is rated critical for IE6, 7, 8, 9, and IE10 on Windows clients and moderate for IE6, 7, 8, 9, and IE0 on Windows servers.

"The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same rights as the current user," informs Microsoft.

Additonally, an update addressing vulnerabilities in Adobe Flash Player in Internet Explorer 10 on Windows 8 has also been released.

MS13-029 resolves an issue in the Windows Remote Desktop Client ActiveX control.

"The vulnerability could allow remote code execution if an attacker convinces a customer to view a website containing specially crafted content that exploits the vulnerability," MSRC adds.

Microsoft has issued a new round of updates for the Surface tablet, trying to address the limited Wi-Fi connectivity bug that has been reported for the past four months or so.

Finally, Microsoft has also released firmware updates to Surface RT and Surface Pro to fix the Wi-Fi issue. So all Surface RT users should now be able to browse the Internet freely via a wireless network connection.

According to Microsoft's Surface RT Update History page, the fix include:

  • "Certain "Limited" connectivity issues resolved
  • Improves Wi-Fi to handle a wide range of access points
  • Resolves system crashes caused by certain Wi-Fi issues
  • Resolves an issue with on screen touch navigation in the UEFI boot menu
  • Resolves some Surface Type and Touch cover connectivity issues
  • Support for 106/109 keyboards on North American Surface devices
  • Resolves an issue where toggling airplane mode would disable the Wi-Fi driver," informs Microsoft.

For a quick summary of April 9th, Patch Tuesday release, watch the bulletin overview video below:

april 9 microsoft patch tuesday deployment priority guidance chart

april 9 microsoft patch tuesday severity and exploitability index chart

In addition, Microsoft also released Update Rollup 5 for System Center 2012 that fixes Operations Manager 2012 (OpsMgr 2012) issues, including:

  • "Solaris agent could run out of file descriptors when many multi-version file systems (MVFS) are mounted.
  • Logical and physical disks are not discoverable on AIX-based computers when a disk device file is contained in a subdirectory.
  • Rules and monitors that were created by using the UNIX/Linux Shell Command templates do not contain overridable ShellCommand and Timeout parameters.
  • Process monitors that were created by using the UNIX/Linux Process Monitoring template cannot save in an existing management pack that has conflicting references to library management packs.
  • Linux agent cannot install on a CentOS or Oracle Linux host by using the FIPS version of OpenSSL 0.9.8," informs Microsoft.

For more details and download, check this KB2822776 - Description of Update Rollup 5 for System Center 2012 http://support.microsoft.com/kb/2822776.

Update 04/12: KB2823324 update, that caused infinite re-boot to some Windows 7 users--today been updated to fix the continuous reboot loop error.

According to Microsoft the problem was caused by a compatibility error with Kaspersky security products.

"After you install security update 2823324, Kaspersky Anti-Virus for Windows Workstations or Kaspersky Anti-Virus for Windows Servers versions and may display an error message that resembles the following: Your license is not valid," Microsoft confirmed in a statement.

Those affected need to uninstall the security update 2823324 if it is already installed. However, all customers should follow the guidance that we have provided in KB2839011 to uninstall.

Update Rollup 2 for Microsoft System Center 2012 Service Pack 1 (SP1) is now available and includes the updates for OpsMgr 2012 SP1.

You can get all the details and a download link via KB2802159 - Description of Update Rollup 2 for System Center 2012 Service Pack 1.