Home > Microsoft Security > Microsoft Security Bulletin For August 13 2013

Microsoft Security Bulletin For August 13 2013

This is the monthly release of the latest version and definitions for the MSRT, which checks your computer for specific prevalent malware.Rereleased updates since Patch Tuesday Microsoft has rereleased two updates Security Strategies and Community Update Management Strategies Security Guidance for Update Management provides additional information about Microsoft’s best-practice recommendations for applying security updates. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Critical Remote Code ExecutionMay require restartMicrosoft Windows, Microsoft .NET Framework,Microsoft Silverlight MS13-053 Vulnerabilit ies in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851 ) This security update resolves two publicly disclosed get redirected here

TechNet Products Products Windows Windows Server System Center Microsoft Edge   Office Office 365 Exchange Server   SQL Server SharePoint Products Skype for Business See all products » IT Resources Resources Security Strategies and Community Update Management Strategies Security Guidance for Update Management provides additional information about Microsoft’s best-practice recommendations for applying security updates. The vulnerability could allow remote code execution if a user opens a specially crafted media file. You can obtain the security updates offered this month on Windows Update, from Download Center on Security and Critical Releases ISO CD Image files.

An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. You can also subscribe without commenting. To determine whether active protections are available from security software providers, please visit the active protections websites provided by program partners listed in Microsoft Active Protections Program (MAPP) Partners. This update contains time zone fixes impacting Libya, Israel, Pacific SA, Paraguay, West Asia, and Morocco.

In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation The company has released a total of eight bulletins this time that patch vulnerabilities in Microsoft Windows, Microsoft Server Software, and Internet Explorer.Three of the bulletins have received a maximum severity Critical Elevation of PrivilegeMay require restartMicrosoft Office, Microsoft Server Software MS13-025 Vulnerability in Microsoft OneNote Could Allow Information Disclosure (2816264)   This security update resolves a privately reported vulnerability in Microsoft OneNote. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.

Microsoft Customer Support Microsoft Community Forums United States (English) Sign in Security TechCenter Home Security Updates Tools Learn Library Support We’re sorry. I clicked on "Installed Updates", and they were all there. See Update FAQ for details.Update FAQ:⇒ Why was this bulletin rereleased on August 19, 2013? ⇐Microsoft rereleased this bulletin to announce the reoffering of the 2843638 update for Active Directory Federation useful reference Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose.

The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Some software updates may not be detected by these tools. MS13-053 TrueType Font Parsing Vulnerability CVE-2013-3129 1 - Exploit code likely 1 - Exploit code likelyPermanent(None) MS13-053 Win32k Information Disclosure Vulnerability CVE-2013-3167 Not affected 1 - Exploit code likelyPermanentThis is an A restart is required after installation.**KB2767849 – 2007 Office system update: August 13, 2013 (Office 2007).

Other versions are past their support life cycle. https://answers.microsoft.com/en-us/windows/forum/windows_vista-update/microsoft-security-bulletin-for-august-13-2013/02bbd315-5bb4-4b1e-a726-193d5983e61c?page=2 This update is rated important for Windows Server 2012. This update is rated critical XP and Server 2003. MS13-052 Delegate Serialization Vulnerability CVE-2013-3171 3 - Exploit code unlikely 3 - Exploit code unlikelyNot applicable(None) MS13-052 Null Pointer Vulnerability CVE-2013-3178 1 - Exploit code likely 1 - Exploit code likelyNot

Security Advisories and Bulletins Security Bulletin Summaries 2014 2014 MS14-AUG MS14-AUG MS14-AUG MS14-DEC MS14-NOV MS14-OCT MS14-SEP MS14-AUG MS14-JUL MS14-JUN MS14-MAY MS14-APR MS14-MAR MS14-FEB MS14-JAN TOC Collapse the table of content Expand http://img4skype.com/microsoft-security/microsoft-security-bulletin-for-march-12-2013.html Obtaining Other Security Updates Updates for other security issues are available from the following locations: Security updates are available from Microsoft Download Center. You should review each software program or component listed to see whether any security updates pertain to your installation. We appreciate your feedback.

It addresses eleven different vulnerabilities that stem from the way IE handles objects in memory, some of which allow remote code execution if a specially crafted malicious web page is visited. Microsoft is hosting a webcast to address customer questions on these bulletins on August 14, 2013, at 11:00 AM Pacific Time (US & Canada). Note You may have to install several security updates for a single vulnerability. useful reference It addresses one vulnerability that could reveal information pertaining to the service account used by AD FS leading to attempted logins and denial of service attacks.

Register now for the August Security Bulletin Webcast. Disruptive posting: Flaming or offending other usersIllegal activities: Promote cracked software, or other illegal contentOffensive: Sexually explicit or offensive languageSpam: Advertisements or commercial links Submit report Cancel report Track this discussion This bulletin spans more than one software category  Microsoft Security Software Antispyware Software Bulletin Identifier MS13-058 Aggregate Severity Rating Important Windows Defender for Windows 7 (x86)Windows Defender for Windows 7 (x86) (2847927)(Important)

I clicked on "Installed Updates", and they were all there.

With the release of the security bulletins for August 2013, this bulletin summary replaces the bulletin advance notification originally issued August 8, 2013. The Application Compatibility Toolkit (ACT) contains the necessary tools and documentation to evaluate and mitigate application compatibility issues before deploying Windows Vista, a Windows Update, a Microsoft Security Update, or a For more information about how to deploy this security update using Windows Server Update Services, visit Windows Server Update Services. With the release of the security bulletins for July 2013, this bulletin summary replaces the bulletin advance notification originally issued July 4, 2013.

This bulletin spans more than one software category. By searching using the security bulletin number (such as, "MS13-001"), you can add all of the applicable updates to your basket (including different languages for an update), and download to the It addresses vulnerability by correcting the way that Microsoft Windows handles asynchronous RPC messages. http://img4skype.com/microsoft-security/microsoft-security-bulletin-for-october-8-2013.html Bulletin ID Vulnerability Title CVE ID Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Key Notes MS14-043 CSyncBasePlayer Use After Free Vulnerability

Microsoft Active Protections Program (MAPP) To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. In a web-browsing attack scenario, an attacker who successfully exploited this vulnerability could bypass the Address Space Layout Randomization (ASLR) security feature, which helps protect users from a broad class of Important Elevation of PrivilegeDoes not require restartMicrosoft Security Software Exploitability Index The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

I realized that today is Update day so I just ran the Fix-It tool, but it found no problems. Note You may have to install several security updates for a single vulnerability. This update is rated critical for client and important for server operating systems and affects all listed versions of the Internet Explorer web browser and all currently supported Windows operating systems MS14-048 OneNote Remote Code Execution Vulnerability CVE-2014-2815 Not Affected 2 - Exploitation Less Likely Not applicable None MS14-049 Windows Installer Repair Vulnerability CVE-2014-1814 2 - Exploitation Less Likely 2 - Exploitation

MS13-022 Silverlight Double Dereference Vulnerability CVE-2013-0074 1 - Exploit code likelyNot applicableNot applicable(None) MS13-023 Visio Viewer Tree Object Type Confusion Vulnerability CVE-2013-0079 Not affected 2 - Exploit code would be difficult The vulnerabilities could not be exploited remotely or by anonymous users. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included. Microsoft Baseline Security Analyzer The Microsoft Baseline Security Analyzer (MBSA) allows administrators to scan local and remote systems for missing security updates as well as common security misconfigurations.

You can find them most easily by doing a keyword search for "security update". Note System Management Server 2003 is out of mainstream support as of January 12, 2010.