Jump to content
Login new information ×
Giveaway Contest ×
Login new information
Giveaway Contest

Microsoft Patch Tuesday December 2013 - Overview

Matsuda

By Matsuda
in Software News

 Share

Recommended Posts

Matsuda

Matsuda

Posted
Posted

windows8patchtuesday_r1_c1_5.jpg

The last Microsoft patch day of 2013 is here and Microsoft has just pushed the new updates to Windows Update. If you check for new updates right now, your installation of Windows should pick them up and install them if automatic updates are configured.

Microsoft has released a total of 11 security bulletins this month, that patch a total of 24 different vulnerabilities. Five of the bulletins have received the highest severity rating of critical, while the remaining six an important rating.

The information below provide you with all the details that you need to understand, download, and deploy the bulletins to protect affected systems and software.

In particular, you will receive information about the operating system, Office and server distribution of bulletins, a suggested deployment guide, links to each bulletin and non-security updates for additional information, as well as information on how to download and install those updates.

Operating System Distribution

The least affected client operating system are Windows 8, Windows 8.1 and Windows 7 this time with three critical and 1 important bulletin. Windows XP is affected by three critical and two important bulletins, and Vista by four critical bulletins and one important one.

On the server side, Windows Server 2008 R2 and Windows Server 2012 are the least affected with two critical and two important bulletins each. Windows Server 2003 is affected by two critical and three important bulletins, and Windows Server 2008 by three critical and two important bulletins.

  • Windows XP: 3 critical, 2 important
  • Windows Vista: 4 critical, 1 important
  • Windows 7: 3 critical, 1 important
  • Windows 8: 3 critical, 1 important
  • Windows 8.1: 3 critical, 1 important
  • Windows RT: 3 critical, 1 important
  • Windows RT 8.1: 3 critical, 1 important
  • Windows Server 2003: 2 critical, 3 important
  • Windows Server 2008: 3 critical, 2 important
  • Windows Server 2008 R2: 2 critical, 2 important
  • Windows Server 2012: 2 critical, 2 important

Office Distribution

A total of three bulletins address vulnerabilities in Microsoft Office software. This time, Microsoft Office 2013 is the least affected with one bulletin that has been rated important. Then there is Office 2003 with one critical bulletin, and Office 2007 and Office 2010 which are both affected by vulnerabilities in two bulletins rated as critical and important.

  • Microsoft Office 2003: 1 critical
  • Microsoft Office 2007: 1 critical, 1 important
  • Microsoft Office 2010: 1 critical, 1 important
  • Microsoft Office 2013: 1 important

Microsoft Server Software

Two bulletins address vulnerabilities in Microsoft Server this month. The following list details which server products are affected this month, and how severely.

  • Microsoft Exchange Server 2007: 1 critical
  • Microsoft Exchange Server 2010: 1 critical
  • Microsoft Exchange Server 2013: 1 critical
  • Microsoft SharePoint Server 2013: 1 important

Deployment Guide

deployment-priority.jpg

Each month, Microsoft releases a deployment guide that weights the different bulletins in terms of importance. This goes beyond the severity rating of each bulletin, as the company suggests the order of bulletin installation.

While designed for Enterprise customers, system and network administrators in particular, it can also be of use to tech savvy users and others who test bulletins first before they are deployed on live systems.

It should be clear that the deployment priority may change depending on the installed software and system used.

  • Tier 1 updates: MS13-096 GDI+, MS13-097 Internet Explorer, MS13-099 Scripting Runtime
  • Tier 2 updates: MS13-098 Windows, MS13-105 Exchange, MS13-100 SharePoint, MS13-101 KMD, MS13-102 Windows LPC
  • Tier 3 updates: Ms13-103 SignalR, Ms13-104 Office, MS13-106 Office ASLR

Microsoft has released an updated table this month that highlights the Deployment Priority, Severity and XI. In addition to highlighting the bulletins, products and priority, it also highlights the exploit index, maximum impact and disclosure.

Security Bulletins

  • MS13-096Vulnerability in Microsoft Graphics Component Could allow Remote Code Execution (2908005)
  • MS13-097Cumulative Security Update for Internet Explorer (2898785)
  • MS13-098Vulnerability in Windows Could Allow Remote Code Execution (2893294)
  • MS13-099 Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution (2909158)
  • MS13-105Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2915705)
  • MS13-100Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2904244)
  • MS13-101Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2880430)
  • MS13-102Vulnerability in LRPC Client Could Allow Elevation of Privilege (2898715)
  • MS13-103 Vulnerability in ASP.NET SignalR Could Allow Elevation of Privilege (2905244)
  • MS13-104Vulnerability in Microsoft Office Could Allow Information Disclosure (2909976)
  • MS13-106 Vulnerability in a Microsoft Office Shared Component Could Allow Security Feature Bypass (2905238)

Other security-related information

Security Advisory 2916652 has been released. It describes an update of the Certificate Trust List (CTL) for all supported versions of Windows. A third-party digital certificate that was trusted before has been removed from the list to protect Windows systems against spoofing and man-in-the-middle attacks.

Security Advisory 2905247 describes an issue in ASP.Net that could allow the elevation of privilege. The advisory suggests that administrators harden the security by making configuration changes.

Security Advisory 2871690 notifies customers that an update for Windows 8 and Windows Server 2012 is available that revokes digital signatures for specific UEFI modules.

Security Advisory 2915720 finally informs about a change to how Windows verifies Authenticode-signed binaries.

Non-security related updates

  • Update for Windows 7 and Windows Server 2008 R2 (KB2847077)
  • Update Rollup for Microsoft Windows MultiPoint Server 2012 (KB2864239)
  • Update for Windows 8, Windows RT, and Windows Server 2012 (KB2877213)
  • Update for Windows 8, Windows RT, Windows Server 2012, Windows 7, Windows Server 2008 R2, and Windows Server 2008 (KB2891804)
  • Update for Microsoft Camera Codec Pack for Windows 8.1 and Windows RT 8.1 (KB2899189)
  • Update for Microsoft Camera Codec Pack for Windows 8 and Windows RT (KB2899190)
  • Update for Windows 8, Windows RT, and Windows Server 2012 (KB2903938)
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2903939)
  • Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, and Windows XP (KB2904266)
  • Update for Windows 8, Windows Server 2012, Windows 7, Windows Server 2008 R2, and Windows Server 2008 (KB2905454)
  • Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2907791)
  • Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2907800)
  • Update for Windows 8.1 and Windows RT 8.1 (KB2909569)
  • Update for Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8, Windows RT, Windows Server 2012, Windows 7, and Windows Server 2008 R2 (KB2913152)
  • Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2913253)
  • Update for Windows 8.1 and Windows RT 8.1 (KB2913320)
  • Windows Malicious Software Removal Tool - December 2013 (KB890830)/Windows Malicious Software Removal Tool - December 2013 (KB890830) - Internet Explorer Version
  • Update for Windows 8, Windows RT, and Windows Server 2012 (KB2889784)
  • Rules Update for Direct Access Best Practice Analyzer for Windows Server 2012 (KB2896496)
  • Update for Windows 8.1 (KB2913236)
  • Language Packs for Windows RT (KB2607607)
  • Language Packs for Windows RT 8.1 (KB2839636)
  • Microsoft .NET Framework 4.5.1 (KB2858725)
  • Microsoft .NET Framework 4.5.1 Upgrade Language Packs (KB2858725)
  • Microsoft .NET Framework 4.5.1 Language Packs for Windows Server 2012 (KB2858726)
  • Microsoft .NET Framework 4.5.1 for Windows Server 2012 x64-based Systems (KB2881468)
  • Rules Update for Direct Access Best Practice Analyzer for Windows Server 2012 (KB2896496)
  • Update for Windows 8.1 (KB2904594)
  • Internet Explorer 11 for Windows 7 and Windows Server 2008 R2 (KB2841134)




search_button.gifSource

Link to comment
Share on other sites
  • Replies 4
  • Views 3.1k
  • Created
  • Last Reply

Top Posters In This Topic

  • brain_death

    1

  • Matsuda

    1

  • insanedown58

    1

  • pakura

    1

Popular Days

Top Posters In This Topic

Popular Days

insanedown58

insanedown58

Posted
Posted

This made my 8.1 system unstable. The update made my PC lag to hell as it tries to install it even though its crashing. I'd like to try and fix it but I'm on a dual-boot with Ubuntu so I'm alright. :lol:

Link to comment
Share on other sites
brain_death

brain_death

Posted
Posted (edited)

Four updates not installing for me on Windows 8.1 x64...

KB2893294

KB2893984

KB2898785

KB2903939

All fine on Windows 7 x64!

<_<

=== EDIT ===================

Just down to the last of these now on Windows 8.1, if anyone is interested!

Edited by brain_death
Link to comment
Share on other sites
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...