Spyware, Viruses, & Security forum


Microsoft Security Bulletin Summary for November 2013

by Carol~ Forum moderator / November 12, 2013 2:39 AM PST
Microsoft Security Bulletin Summary for November 2013

Published : November 12, 2013

Microsoft released 8 new security updates today, as part of their routine monthly security update cycle. Three (3) are rated Critical and five (5) rated as Important, addressing 19 unique CVEs in Microsoft Windows, Internet Explorer, and Office.

Microsoft also released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Critical: 3

MS13-088 - Cumulative Security Update for Internet Explorer (2888505)
MS13-089 - Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution (2876331)
MS13-090 - Cumulative Security Update of ActiveX Kill Bits (2900986)

Important: 5

MS13-091 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2885093)
MS13-092 - Vulnerability in Hyper-V Could Allow Elevation of Privilege (2893986)
MS13-093 - Vulnerability in Windows Ancillary Function Driver Could Allow Information Disclosure (2875783)
MS13-094 - Vulnerability in Microsoft Outlook Could Allow Information Disclosure (2894514)
MS13-095 - Vulnerability in Digital Signatures Could Allow Denial of Service (2868626)

Security Bulletin: http://technet.microsoft.com/en-us/security/bulletin/ms13-nov

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

For those who need to prioritize their deployment planning Microsoft recommends focusing on MS13-090, MS13-088, and MS13-089.

MS13-090 | Cumulative Security Update of Active X Kill Bits
This update addresses a remote code execution issue in an ActiveX control by providing a kill bit for associated ActiveX controls. We are aware of limited attacks that exploit this issue. The code execution occurs at the level of the logged on user, so non-admin users would face less of an impact. The remote code execution vulnerability with higher severity rating be fixed in today's release and we advise customers to prioritize the deployment of MS13-090 for their monthly release. As usual, customer with Automatic Updates enabled will not need to take any action to receive the update. Additional information about this vulnerability is available on the Security Research & Defense blog.

MS13-088 | Cumulative Update for Internet Explorer
This security update resolves ten privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user.

MS13-089 | Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution
This update addresses one privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views or opens a specially crafted Windows Write file in WordPad. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.

Last but not least, we are also providing an update for users of DirectAccess (DA) through Security Advisory 2862152. This security feature bypass issue would require a man-in-the-middle attacker to be successful, but if someone can snoop on your DA connection, it's possible they could impersonate a legitimate DA server in order to establish connections with legitimate DA clients. The attacker-controlled system could then intercept the target user's network traffic and potentially determine the encrypted domain credentials. This update, along with the new configuration guidelines available in KB2862152, helps ensure the authenticity of DA connections.

More from Dustin Childs @ the Microsoft Security Response Center: Authenticity and the November 2013 Security Updates
Post a reply
Discussion is locked
You are posting a reply to: Microsoft Security Bulletin Summary for November 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Microsoft Security Bulletin Summary for November 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


Free trip to the Grand Prix

Don't miss your chance to win a trip to the Formula 1 Grand Prix in Monaco for you and a plus-one.