Microsoft security bulletin for December 10 2013

Discussion in 'other security issues & news' started by NICK ADSL UK, Dec 10, 2013.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,218
    Location:
    UK
    Microsoft security bulletin for December 10 2013
    Note: There may be latency issues due to replication, if the page does not display keep refreshing

    Today Microsoft released the following Security Bulletin(s).


    Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

    Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

    Bulletin Summary:

    http://technet.microsoft.com/en-us/security/bulletin/ms13-dec

    Critical (5)

    Microsoft Security Bulletin MS13-096
    Vulnerability in Microsoft Graphics Component Could allow Remote Code Execution (2908005)
    http://technet.microsoft.com/en-us/security/bulletin/ms13-096

    Microsoft Security Bulletin MS13-097
    Cumulative Security Update for Internet Explorer (2898785)
    http://technet.microsoft.com/en-us/security/bulletin/ms13-097

    Microsoft Security Bulletin MS13-098
    Vulnerability in Windows Could Allow Remote Code Execution (2893294)
    http://technet.microsoft.com/en-us/security/bulletin/ms13-098

    Microsoft Security Bulletin MS13-099
    Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution (290915:cool:
    http://technet.microsoft.com/en-us/security/bulletin/ms13-099

    Microsoft Security Bulletin MS13-105
    Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2915705)
    http://technet.microsoft.com/en-us/security/bulletin/ms13-105





    Important (6)



    Microsoft Security Bulletin MS13-100
    Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2904244)
    http://technet.microsoft.com/en-us/security/bulletin/ms13-100

    Microsoft Security Bulletin MS13-101
    Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2880430)
    http://technet.microsoft.com/en-us/security/bulletin/ms13-101

    Microsoft Security Bulletin MS13-102
    Vulnerability in LRPC Client Could Allow Elevation of Privilege (2898715)
    http://technet.microsoft.com/en-us/security/bulletin/ms13-102

    Microsoft Security Bulletin MS13-103
    Vulnerability in ASP.NET SignalR Could Allow Elevation of Privilege (2905244)
    http://technet.microsoft.com/en-us/security/bulletin/ms13-103

    Microsoft Security Bulletin MS13-104
    Vulnerability in Microsoft Office Could Allow Information Disclosure (2909976)
    http://technet.microsoft.com/en-us/security/bulletin/ms13-104

    Microsoft Security Bulletin MS13-106
    Vulnerability in a Microsoft Office Shared Component Could Allow Security Feature Bypass (290523:cool:
    http://technet.microsoft.com/en-us/security/bulletin/ms13-106

    Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

    As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

    Security Tool
    Find out if you are missing important Microsoft product updates by using MBSA.
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,218
    Location:
    UK
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,218
    Location:
    UK
    Microsoft Webcast: Information about the December 2013 Security Bulletin Release


    Event ID:

    1032557386


    Starts: Wednesday, December 11, 2013 11:00 AM
    Time zone: (GMT-08:00) Pacific Time (US & Canada)
    Duration: 1 hour(s)


    Language(s):

    English.


    Product(s):

    computer security and information security.


    Audience(s):

    IT Decision Maker and IT Manager.


    Join us for a brief overview of the technical details of this month's Microsoft security bulletins. We intend to address your concerns in this webcast. Therefore, Microsoft security experts devote most of this webcast to answering the questions that you ask.


    Presented by:

    Dustin Childs, Group Manager, Response Communications, Microsoft Corporation

    and


    TBD




    Register now for the December Security Bulletin webcast.
     
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,218
    Location:
    UK
  5. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,218
    Location:
    UK
    Microsoft Security Advisory (2916652)
    Improperly Issued Digital Certificates Could Allow Spoofing

    Published: Monday, December 09, 2013 | Updated: Thursday, December 12, 2013

    Revisions

    V1.0 (December 9, 2013): Advisory published.
    V2.0 (December 12, 2013): Advisory revised to announce the availability of the 2917500 update for customers running Windows XP or Windows Server 2003, or for customers who choose not to install the automatic updater of revoked certificates. The 2917500 update is available via the Microsoft Update service and from the download center. For more information, see the Suggested Actions section of this advisory.

    http://technet.microsoft.com/en-us/security/advisory/2916652
     
  6. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,218
    Location:
    UK
    Title: Microsoft Security Advisory Notification
    Issued: December 13, 2013
    ********************************************************************

    Security Advisories Updated or Released Today ==============================================

    * Microsoft Security Advisory (2915720)
    - Title: Changes in Windows Authenticode Signature Verification
    - https://technet.microsoft.com/security/advisory/2915720
    - Revision Note: V1.1 (December 13, 2013): Corrected the registry
    key information in the Test the Improvement to Authenticode
    Signature Verification suggested action. Customers who have
    applied or plan to apply the suggested action should review
    the revised information.
     
  7. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,218
    Location:
    UK
    Microsoft Security Bulletin Minor Revisions Issued: December 20, 2013

    Summary

    The following bulletins have undergone minor revision increments.
    Please see the bulletins for more details.

    * MS13-096
    * MS13-098

    Bulletin Information:

    * MS13-096 - Critical

    https://technet.microsoft.com/security/bulletin/ms13-096
    - Reason for Revision: V1.2 (December 20, 2013): Revised the
    Based on the configuration of my system, how do I know if my
    system is affected? Update FAQ to include the updates that are
    applicable for each configuration. This is an informational
    change only.
    - Originally posted: December 10, 2013
    - Updated: December 20, 2013
    - Bulletin Severity Rating: Critical
    - Version: 1.2

    * MS13-098 - Critical
    https://technet.microsoft.com/security/bulletin/ms13-098
    - Reason for Revision: V1.2 (December 20, 2013): Updated the
    Known Issues entry in the Knowledge Base Article section
    from "Yes" to "None". Also, added additional information to
    the What does the update do? vulnerability FAQ for
    CVE-2013-3900. These are informational changes only.
    - Originally posted: December 10, 2013
    - Updated: December 20, 2013
    - Bulletin Severity Rating: Critical
    - Version: 1.2
    --
     
Loading...
Thread Status:
Not open for further replies.