Spyware, Viruses, & Security forum

Alert

Microsoft Security Bulletin Summary for October 2013

by Carol~ Forum moderator / October 8, 2013 4:09 AM PDT
Microsoft Security Bulletin Summary for October 2013

Published : October 08, 2013

Microsoft released 8 new security updates today, as part of their routine monthly security update cycle. Four (4) are rated Critical and four (4) rated as Important. They address 26 unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight.

Microsoft also released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Critical: 4

MS13-080 - Cumulative Security Update for Internet Explorer (2879017)
MS13-081 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008)
MS13-082 - Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2878890)
MS13-083 - Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2864058)

Important: 4

MS13-084 - Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2885089)
MS13-085 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080)
MS13-086 - Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2885084)
MS13-087 - Vulnerability in Silverlight Could Allow Information Disclosure (2890788)

Security Bulletin: http://technet.microsoft.com/en-us/security/bulletin/ms13-oct

* * * * * * * * * * * * * * *

For those who need to prioritize their deployment planning, Microsoft recommends focusing on MS13-080, MS13-081, and MS13-083.

MS13-080 | Cumulative Security Update for Internet Explorer
This security update resolves 10 issues in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a customer views a specially crafted webpage using Internet Explorer, as described in Microsoft Security Advisory 2887505. An attacker who successfully exploited these vulnerabilities could gain the same rights as the current user running Internet Explorer. All but one of these issues were privately disclosed.

MS13-081 | Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution
This security update resolves seven issues in Microsoft Windows. The most severe vulnerability could allow remote code execution if a user views a malicious webpage with specially crafted OpenType fonts. This release also addresses vulnerabilities that could allow elevation of privilege if an attacker gains access to a system, in some cases physical access to a USB port is required. These issues were privately reported and we have not detected any attacks or customer impact.

MS13-083 | Vulnerability in Windows Common Control Library Could Allow Remote Code Execution
This security update resolves one issue in Microsoft Windows. The vulnerability could allow remote code execution if an affected system is accessible via an ASP.NET web application and can receive a specifically crafted request. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. This issue was privately reported and we have not detected any attacks or customer impact.

Security Advisory 2862973 Update for MD5 Certificates
We would like to remind customers of the Update for MD5 Certificates that was released in August 2013 and will be released through Microsoft Update in February 2014. This update affects applications and services using certificates with the MD5 hashing algorithm. This restriction is limited to certificates issued under roots in the Microsoft root certificate program. This will apply only to certificates utilized for server authentication, code signing and time stamping. These applications and services will no longer trust certificates utilizing MD5.

http://blogs.technet.com/b/msrc/archive/2013/10/08/the-october-2013-security-updates.aspx
Post a reply
Discussion is locked
You are posting a reply to: Microsoft Security Bulletin Summary for October 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Microsoft Security Bulletin Summary for October 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Unusual NET Framework Update AFTER Normal Updates-WinXP
by Grif Thomas Forum moderator / October 8, 2013 10:22 AM PDT

It's an interesting group of Windows Updates this month, and I needed run a second Windows Updates scan to get them all.

Checking on a couple of Windows XP machines here which all have NET Framework 2.0, 3.0, 3.5 SP1, and 4.0 installed and updated fully.. During the normal manual scanning of Windows Updates, there were six separate updates to the various versions of NET Framework mentioned; three updates to NET 4.0 and one each to 2.0, 3.0, and 3.5 SP1 respectively. In addition, there were a number of security updates to Windows, Internet Explorer, and Office.. About 19 in all on these XP computers. All downloaded correctly, then installed correctly, as well.. A restart was required and was performed.

Here's where it got unusual. After the restart, and because there have been some hinky things found lately upon secondary updates scans, I performed a second update scan on both machines.. After the scan, on both XP machines here, a single update appeared that was NOT on the original set of updates.. It was listed as "Microsoft NET Framework 3.5 SP1 and NET Framework 3.5 Family Update for NET versions 2.0 through 3.5 (KB951847) and was one of those updates which requires itself to be installed "stand-alone" BEFORE anything else is added. A quick check of KB951847 seems to show an older update, basically information about Service Pack 1 for NET 3.5, with nothing new added. The article has a "Last Reviewed" date from August 2011and Service Pack 1 was originally released in 2008. Strange.

But I went ahead and installed the update and downloaded and installed successfully.. Although no restart was required, I restarted the computers anyway.. The restart went fine and afterward, I ran a third update scan on both machines and no further updates came up.. Clearly, since this appears to be a "roll up" type of update, there must have been some sort of fix for something .NET related, but it surely isn't clear, and at this point, I'm unable to find an manual download which could be installed offline on stand-alone machines.

No real problems here, just a twist in the monthly updates scheme for those who may not be watching.

Hope this helps.

Grif

Collapse -
KB 2862330 Security Update for Windows 7 64-bit
by michhala / October 12, 2013 8:38 PM PDT

Grif --Just finished installing October's Updates. Again, as in August Updates, I had one Important update on the list unchecked which I did not install. A Google Search reported problems with this update KB2862330......another case of an update being "throttled".

Did you or anyone else have this update on their Important list and if so was it checked or unchecked?

My thanks......Miki
Windows 7 64-bit Home Premium

Collapse -
Re: KB2862330
by Kees_B Forum moderator / October 12, 2013 9:12 PM PDT

With me this update was done automatically last Wednesday without any issue.

Kees

Collapse -
(NT) Thank you, Kees, for your reply.
by michhala / October 13, 2013 7:25 AM PDT
In reply to: Re: KB2862330
Collapse -
I've Installed KB2862330 On Three Win7 Machines So Far...
by Grif Thomas Forum moderator / October 13, 2013 2:44 AM PDT

....and it installed correctly and has caused no problems.. All computers here were Win7 SP1 64 bit.

A little strange though regarding it being "unchecked" vs "Checked".. On two of the computers, both having AMD processors, the "Important" box was UNCHECKED. So, I manually placed the check mark in the box on both machines, and installed the update... On one of the computers, a desktop with an Intel processor, the box was CHECKED. I'm not sure why, but that's what I had here.. Either way, the installations caused no problems and the computers have run fine..

In fact one of the computers, my daughter's machine, had received an iTunes update and the update brought Conduit and Sweetpacks malware along with it.. Apparently, iTunes is sending adware with its updates now.. As a result of seeing the junk on her machine, I needed to clean up the computer before installing the Windows Updates. It took a little more time but things went well and the machines running cleaner now.

Hope this helps.

Grif

Collapse -
Grif, appreciate you and your reply
by michhala / October 13, 2013 7:23 AM PDT

Well, I guess it is up to me to decide whether or not to check the box and allow the KB2862330 to install or to hide it. Since it is a single download, I can always remove it, I suppose.

My heart momentarily stopped when I read about your daughter's iTunes update bringing along Conduit and Sweetpacks. Had to do a Search to find out what they were. I recently installed an iTunes upgrade but could not find either malware on my IE9 toolbar.....if they were on my computer, am I correct in thinking that is where they would be? I do not make much use of iTunes other than to use it to back up my iPhone as a second backup to iCloud.

My thanks for your help
Miki

Collapse -
Just A Note About KB2862330....
by Grif Thomas Forum moderator / October 13, 2013 11:35 AM PDT

Please check the Knowledgebase link below regarding the "Known Issues with this Security Updates"..

http://support.microsoft.com/kb/2862330

Just me thinking out loud here, but since the update is related to USB drivers update, if you decide to run the update, make sure you unplug any unnecessary USB devices before running it. All the machines that I've run the update on have NO USB devices attached except for the USB mouse and keyboard. I've also installed the update on a Windows XP SP3 machine and experienced no problems as well.

Hope this helps.

Grif

Collapse -
Grift, thank you.....
by michhala / October 13, 2013 5:18 PM PDT

.........for your thinking out loud post :). At this point, I am not inclined to install the update as I do not think much will be gained by so doing.

I had seen the link you posted and it caused me to decide to keep Microsoft away from my USB drivers as I do standard drivers and trust there is a reason why the Update remains unchecked. Happy

Miki

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

CNET Forums

Looking for tech help?

Whether you’re looking for dependable tech advice or offering helpful tricks, join the conversation in our forums.