Microsoft security bulletin for September 10 2013

Discussion in 'other security issues & news' started by NICK ADSL UK, Sep 10, 2013.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft security bulletin for September 10 2013
    Note: There may be latency issues due to replication, if the page does not display keep refreshing

    Today Microsoft released the following Security Bulletin(s).
    http://technet.microsoft.com/en-us/security/bulletin/ms13-sep

    Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

    Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

    Bulletin Summary:



    Critical (4)

    Microsoft Security Bulletin MS13-067 - Critical
    Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052)
    http://go.microsoft.com/fwlink/?LinkId=293350

    Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2756473)
    http://go.microsoft.com/fwlink/?LinkID=307055

    Microsoft Security Bulletin MS13-069 - Critical
    Cumulative Security Update for Internet Explorer (28706990)
    https://technet.microsoft.com/en-us/security/bulletin/ms13-069

    Microsoft Security Bulletin MS13-070 - Critical
    Vulnerability in OLE Could Allow Remote Code Execution (2876217)
    https://technet.microsoft.com/en-us/security/bulletin/ms13-070




    Important (9)

    Vulnerability in Windows Theme File Could Allow Remote Code Execution (2864063)
    http://go.microsoft.com/fwlink/?LinkID=314046

    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537)
    http://go.microsoft.com/fwlink/?LinkId=299217

    Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2858300)
    http://go.microsoft.com/fwlink/?LinkId=293351

    Vulnerabilities in Microsoft Access Could Allow Remote Code Execution (2848637)
    http://go.microsoft.com/fwlink/?LinkId=308989

    Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2878687)
    http://go.microsoft.com/fwlink/?LinkId=318022

    Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2876315)
    http://go.microsoft.com/fwlink/?LinkID=320624

    Vulnerability in Windows Service Control Manager Could Allow Elevation of Privilege (2872339)
    http://go.microsoft.com/fwlink/?LinkID=320630

    Vulnerability in FrontPage Could Allow Information Disclosure (2825621)
    http://go.microsoft.com/fwlink/?LinkId=318021

    Vulnerability in Active Directory Could Allow Denial of Service (2853587)
    http://go.microsoft.com/fwlink/?LinkID=320666
    Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

    If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

    As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

    Security Tool
    Find out if you are missing important Microsoft product updates by using MBSA.
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Webcast: Information about the September 2013 Security Bulletin Release

    Event ID:

    1032557378

    Starts: Wednesday, September 11, 2013 11:00 AM
    Time zone: (GMT-08:00) Pacific Time (US & Canada)
    Duration: 1 hour(s)


    Language(s):

    English.



    Product(s):

    computer security and information security.



    Audience(s):

    IT Decision Maker and IT Manager.


    Join us for a brief overview of the technical details of this month's Microsoft security bulletins. We intend to address your concerns in this webcast. Therefore, Microsoft security experts devote most of this webcast to answering the questions that you ask.


    Presented by:

    Dustin Childs, Group Manager, Response Communications, Microsoft Corporation

    and


    Jonathan Ness, Security Development Manager, Microsoft Corporation


    Register now for the September Security Bulletin webcast.
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Advisory (2755801)

    Update for Vulnerabilities in Adobe Flash Player in Internet Explorer

    Published: Friday, September 21, 2012 | Updated: Tuesday, September 10, 2013

    Version: 15.0


    General Information

    Executive Summary

    Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, and Windows RT. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11.

    Advisory Details

    Current Update

    Microsoft recommends that customers apply the current update immediately using update management software, or by checking for updates using the Microsoft Update service. Since the update is cumulative, only the current update will be offered. Customers do not need to install previous updates as a prerequisite for installing the current update.
    On September 10, 2013, Microsoft released an update (2880289) for Internet Explorer 10 on all supported editions of Windows 8, Windows Server 2012, and Windows RT. The update addresses the vulnerabilities described in Adobe Security bulletin APSB13-21. For more information about this update, including download links, see Microsoft Knowledge Base Article 2880289.

    Notes The update for Windows RT is available via Windows Update only.
    The update is also available for Internet Explorer 11 Preview in Windows 8.1 Preview and Windows RT 8.1 Preview releases, as well as for Internet Explorer 11 in Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 releases. The update is available via Windows Update.

    http://technet.microsoft.com/en-us/security/advisory/2755801
     
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
  5. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Minor Revisions - Sept 10, 2013

    Summary

    The following bulletins have undergone minor revision increments.
    Please see the bulletins for more details.

    * MS13-068

    Bulletin Information:

    * MS13-068 - Critical
    https://technet.microsoft.com/security/bulletin/ms13-068

    - Reason for Revision: V1.1 (September 10, 2013): Added
    workarounds in the Vulnerability Information section that
    explain how to disable the Reading Pane in Outlook 2007 and
    Outlook 2013.
    - Originally posted: September 10, 2013
    - Updated: September 10, 2013
    - Bulletin Severity Rating: Critical
    - Version: 1.1
     
  6. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK


    September 2013 Office Update: Targeting and Repeated Offering

    1 day ago

    byThe Microsoft Office Sustained Engineering Team


    Since the shipment of the September 2013 Security Bulletin Release, we have received reports of updates being offered for installation multiple times, or certain cases where updates were not offered via Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM).

    We have investigated the issue, established the cause, and we have released new updates that will cease the unnecessary re-targeting of the updates or the correct offering of these updates.

    We have received escalations related to targeting for the following KB's.

    MICROSOFT SECURITY BULLETIN MS13-072
    •Security Update for Word 2003 (KB2817682)
    •Security Update for Office 2003 (KB2817474)
    •Security Update for Microsoft Office 2007 suites (KB2760411)
    •Security Update for Microsoft Office 2007 suites (KB2597973)
    •Security Update for Microsoft Office Word 2007 (KB2767773)
    •Security Update for Microsoft Word 2010 (KB2760769)
    •Security Update for Microsoft Office 2010 (KB2767913)
    •Security Update for Word Viewer (KB2817683)
    •Security Update for Microsoft Office 2007 suites (KB2760823)

    MICROSOFT SECURITY BULLETIN MS13-073
    •Security Update for Excel 2003 (KB281004:cool:
    •Security Update for Microsoft Office Excel 2007 (KB2760583)
    •Security Update for Microsoft Excel 2010 (KB2760597)
    •Security Update for Microsoft Excel 2013 (KB2768017)
    •Security Update for Microsoft Office Excel Viewer 2007 (KB2760590)
    •Security Update for Microsoft Office 2007 suites (KB276058:cool:

    Non-Security Updates:
    •Update for Microsoft PowerPoint 2010 (KB2553145)
    •Update for Microsoft PowerPoint Viewer 2010 (KB2553351)

    Please inform us of any other KB's where you are experiencing multiple re-installation offers or missing installations from deployment products.

    http://blogs.technet.com/b/office_sustained_engineering/
     
  7. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Bulletin Minor Revisions - Sep 13, 2013

    Summary

    The following bulletins have undergone minor revision increments.
    Please see the bulletins for more details.

    * MS13-063
    * MS13-067
    * MS13-072
    * MS13-073
    * MS13-074

    Bulletin Information:

    * MS13-063 - Important

    - »technet.microsoft.com/security/b···ms13-063
    - Reason for Revision: V1.2 (September 13, 2013): Corrected
    update replacement for all affected software excluding Windows XP
    and Windows 8. This is an informational change only.
    - Originally posted: August 13, 2013
    - Updated: September 13, 2013
    - Bulletin Severity Rating: Important
    - Version: 1.2

    * MS13-067 - Critical

    https://technet.microsoft.com/security/bulletin/ms13-063
    - Reason for Revision: V1.2 (September 13, 2013): Revised
    bulletin to announce a detection change for the Excel Services
    on Microsoft SharePoint Server 2007 update (2760589).
    This is a detection change only. There were no changes to
    the update files. Customers who have successfully installed
    the update do not need to take any action.
    - Originally posted: September 10, 2013
    - Updated: September 13, 2013
    - Bulletin Severity Rating: Critical
    - Version: 1.2

    * MS13-072 - Important
    https://technet.microsoft.com/security/bulletin/ms13-067

    - Reason for Revision: V1.1 (September 13, 2013): Revised
    bulletin to announce detection changes for the Microsoft
    Office 2007 update (2760411) and the Microsoft Word 2010
    update (2767913). These are detection changes only. There
    were no changes to the update files. Customers who have
    successfully installed the updates do not need to take
    any action. Also updated the Known Issues entry in the
    Knowledge Base Article section from "Yes" to "None".
    - Originally posted: September 10, 2013
    - Updated: September 13, 2013
    - Bulletin Severity Rating: Important
    - Version: 1.1

    * MS13-073 - Important
    https://technet.microsoft.com/security/bulletin/ms13-072

    - Reason for Revision: V1.1 (September 13, 2013): Revised
    bulletin to announce detection changes for the Microsoft
    Excel 2003 update (281004:cool:, Microsoft Excel 2007 update
    (2760583), Microsoft Office Excel Viewer update (2760590),
    and Microsoft Office Compatibility Pack update (276058:cool:.
    These are detection changes only. There were no changes
    to the update files. Customers who have successfully
    installed the updates do not need to take any action.
    Also updated the Known Issues entry in the Knowledge
    Base Article section from "Yes" to "None".
    - Originally posted: September 10, 2013
    - Updated: September 13, 2013
    - Bulletin Severity Rating: Important
    - Version: 1.1

    * MS13-074 - Important
    https://technet.microsoft.com/security/bulletin/ms13-073

    - Reason for Revision: V1.1 (September 13, 2013): Revised
    bulletin to announce a detection change for the Microsoft
    Access 2013 (64-bit editions) update (2810009). This is a
    detection change only. There were no changes to the update
    files. Customers who have successfully installed the
    update do not need to take any action.
    - Originally posted: September 10, 2013
    - Updated: September 13, 2013
    - Bulletin Severity Rating: Important
    - Version: 1.1
     
  8. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Releases Security Advisory 2887505

    http://blogs.technet.com/b/msrc/archive/2013/09/16/microsoft-releases-security-advisory-2887505.aspx
     
Loading...
Thread Status:
Not open for further replies.