Microsoft security bulletin for September 10 2013

Microsoft security bulletin for September 10 2013
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).
http://technet.microsoft.com/en-us/security/bulletin/ms13-sep

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:



Critical (4)

Microsoft Security Bulletin MS13-067 - Critical
Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052)
http://go.microsoft.com/fwlink/?LinkId=293350

Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2756473)
http://go.microsoft.com/fwlink/?LinkID=307055

Microsoft Security Bulletin MS13-069 - Critical
Cumulative Security Update for Internet Explorer (28706990)
https://technet.microsoft.com/en-us/security/bulletin/ms13-069

Microsoft Security Bulletin MS13-070 - Critical
Vulnerability in OLE Could Allow Remote Code Execution (2876217)
https://technet.microsoft.com/en-us/security/bulletin/ms13-070




Important (9)

Vulnerability in Windows Theme File Could Allow Remote Code Execution (2864063)
http://go.microsoft.com/fwlink/?LinkID=314046

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537)
http://go.microsoft.com/fwlink/?LinkId=299217

Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2858300)
http://go.microsoft.com/fwlink/?LinkId=293351

Vulnerabilities in Microsoft Access Could Allow Remote Code Execution (2848637)
http://go.microsoft.com/fwlink/?LinkId=308989

Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2878687)
http://go.microsoft.com/fwlink/?LinkId=318022

Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2876315)
http://go.microsoft.com/fwlink/?LinkID=320624

Vulnerability in Windows Service Control Manager Could Allow Elevation of Privilege (2872339)
http://go.microsoft.com/fwlink/?LinkID=320630

Vulnerability in FrontPage Could Allow Information Disclosure (2825621)
http://go.microsoft.com/fwlink/?LinkId=318021

Vulnerability in Active Directory Could Allow Denial of Service (2853587)
http://go.microsoft.com/fwlink/?LinkID=320666
Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Microsoft Webcast: Information about the September 2013 Security Bulletin Release

Event ID:

1032557378

Starts: Wednesday, September 11, 2013 11:00 AM
Time zone: (GMT-08:00) Pacific Time (US & Canada)
Duration: 1 hour(s)

Language(s):

English.



Product(s):

computer security and information security.



Audience(s):

IT Decision Maker and IT Manager.


Join us for a brief overview of the technical details of this month's Microsoft security bulletins. We intend to address your concerns in this webcast. Therefore, Microsoft security experts devote most of this webcast to answering the questions that you ask.


Presented by:

Dustin Childs, Group Manager, Response Communications, Microsoft Corporation

and


Jonathan Ness, Security Development Manager, Microsoft Corporation


Register now for the September Security Bulletin webcast.

 

Microsoft Security Advisory (2755801)

Update for Vulnerabilities in Adobe Flash Player in Internet Explorer

Published: Friday, September 21, 2012 | Updated: Tuesday, September 10, 2013

Version: 15.0


General Information

Executive Summary

Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, and Windows RT. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11.

Advisory Details

Current Update

Microsoft recommends that customers apply the current update immediately using update management software, or by checking for updates using the Microsoft Update service. Since the update is cumulative, only the current update will be offered. Customers do not need to install previous updates as a prerequisite for installing the current update.
On September 10, 2013, Microsoft released an update (2880289) for Internet Explorer 10 on all supported editions of Windows 8, Windows Server 2012, and Windows RT. The update addresses the vulnerabilities described in Adobe Security bulletin APSB13-21. For more information about this update, including download links, see Microsoft Knowledge Base Article 2880289.

Notes The update for Windows RT is available via Windows Update only.
The update is also available for Internet Explorer 11 Preview in Windows 8.1 Preview and Windows RT 8.1 Preview releases, as well as for Internet Explorer 11 in Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 releases. The update is available via Windows Update.

http://technet.microsoft.com/en-us/security/advisory/2755801

 

September 2013 Security Release ISO Image

This DVD5 ISO image file contains the security updates for Windows released on Windows Update on September 10, 2013.
http://www.microsoft.com/en-us/download/details.aspx?id=40264&WT.mc_id=rss_windows_allproducts

 

Microsoft Security Bulletin Minor Revisions - Sept 10, 2013

Summary

The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS13-068

Bulletin Information:

* MS13-068 - Critical
https://technet.microsoft.com/security/bulletin/ms13-068

- Reason for Revision: V1.1 (September 10, 2013): Added
workarounds in the Vulnerability Information section that
explain how to disable the Reading Pane in Outlook 2007 and
Outlook 2013.
- Originally posted: September 10, 2013
- Updated: September 10, 2013
- Bulletin Severity Rating: Critical
- Version: 1.1

 

September 2013 Office Update: Targeting and Repeated Offering

1 day ago

byThe Microsoft Office Sustained Engineering Team


Since the shipment of the September 2013 Security Bulletin Release, we have received reports of updates being offered for installation multiple times, or certain cases where updates were not offered via Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM).

We have investigated the issue, established the cause, and we have released new updates that will cease the unnecessary re-targeting of the updates or the correct offering of these updates.

We have received escalations related to targeting for the following KB's.

MICROSOFT SECURITY BULLETIN MS13-072
•Security Update for Word 2003 (KB2817682)
•Security Update for Office 2003 (KB2817474)
•Security Update for Microsoft Office 2007 suites (KB2760411)
•Security Update for Microsoft Office 2007 suites (KB2597973)
•Security Update for Microsoft Office Word 2007 (KB2767773)
•Security Update for Microsoft Word 2010 (KB2760769)
•Security Update for Microsoft Office 2010 (KB2767913)
•Security Update for Word Viewer (KB2817683)
•Security Update for Microsoft Office 2007 suites (KB2760823)

MICROSOFT SECURITY BULLETIN MS13-073
•Security Update for Excel 2003 (KB281004
•Security Update for Microsoft Office Excel 2007 (KB2760583)
•Security Update for Microsoft Excel 2010 (KB2760597)
•Security Update for Microsoft Excel 2013 (KB2768017)
•Security Update for Microsoft Office Excel Viewer 2007 (KB2760590)
•Security Update for Microsoft Office 2007 suites (KB276058

Non-Security Updates:
•Update for Microsoft PowerPoint 2010 (KB2553145)
•Update for Microsoft PowerPoint Viewer 2010 (KB2553351)

Please inform us of any other KB's where you are experiencing multiple re-installation offers or missing installations from deployment products.

http://blogs.technet.com/b/office_sustained_engineering/

 

Microsoft Security Bulletin Minor Revisions - Sep 13, 2013

Summary

The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS13-063
* MS13-067
* MS13-072
* MS13-073
* MS13-074

Bulletin Information:

* MS13-063 - Important

- »technet.microsoft.com/security/b···ms13-063
- Reason for Revision: V1.2 (September 13, 2013): Corrected
update replacement for all affected software excluding Windows XP
and Windows 8. This is an informational change only.
- Originally posted: August 13, 2013
- Updated: September 13, 2013
- Bulletin Severity Rating: Important
- Version: 1.2

* MS13-067 - Critical

https://technet.microsoft.com/security/bulletin/ms13-063
- Reason for Revision: V1.2 (September 13, 2013): Revised
bulletin to announce a detection change for the Excel Services
on Microsoft SharePoint Server 2007 update (2760589).
This is a detection change only. There were no changes to
the update files. Customers who have successfully installed
the update do not need to take any action.
- Originally posted: September 10, 2013
- Updated: September 13, 2013
- Bulletin Severity Rating: Critical
- Version: 1.2

* MS13-072 - Important
https://technet.microsoft.com/security/bulletin/ms13-067

- Reason for Revision: V1.1 (September 13, 2013): Revised
bulletin to announce detection changes for the Microsoft
Office 2007 update (2760411) and the Microsoft Word 2010
update (2767913). These are detection changes only. There
were no changes to the update files. Customers who have
successfully installed the updates do not need to take
any action. Also updated the Known Issues entry in the
Knowledge Base Article section from "Yes" to "None".
- Originally posted: September 10, 2013
- Updated: September 13, 2013
- Bulletin Severity Rating: Important
- Version: 1.1

* MS13-073 - Important
https://technet.microsoft.com/security/bulletin/ms13-072

- Reason for Revision: V1.1 (September 13, 2013): Revised
bulletin to announce detection changes for the Microsoft
Excel 2003 update (281004, Microsoft Excel 2007 update
(2760583), Microsoft Office Excel Viewer update (2760590),
and Microsoft Office Compatibility Pack update (276058.
These are detection changes only. There were no changes
to the update files. Customers who have successfully
installed the updates do not need to take any action.
Also updated the Known Issues entry in the Knowledge
Base Article section from "Yes" to "None".
- Originally posted: September 10, 2013
- Updated: September 13, 2013
- Bulletin Severity Rating: Important
- Version: 1.1

* MS13-074 - Important
https://technet.microsoft.com/security/bulletin/ms13-073

- Reason for Revision: V1.1 (September 13, 2013): Revised
bulletin to announce a detection change for the Microsoft
Access 2013 (64-bit editions) update (2810009). This is a
detection change only. There were no changes to the update
files. Customers who have successfully installed the
update do not need to take any action.
- Originally posted: September 10, 2013
- Updated: September 13, 2013
- Bulletin Severity Rating: Important
- Version: 1.1

 

Microsoft Releases Security Advisory 2887505

http://blogs.technet.com/b/msrc/archive/2013/09/16/microsoft-releases-security-advisory-2887505.aspx