Spyware, Viruses, & Security forum

Alert

Microsoft Security Bulletin Summary for September 2013

by Carol~ Forum moderator / September 10, 2013 3:49 AM PDT
Microsoft Security Bulletin Summary for September 2013

Published : September 10, 2013

Microsoft released 13 new security updates today, as part of their routine monthly security update cycle. Four (4) are rated Critical and nine (9) rated as Important. They address 47 unique CVEs in Microsoft Windows, Office, Internet Explorer and SharePoint.

For those who need to prioritize their deployment planning, Microsoft recommends focusing on MS13-067, MS13-068, and MS13-069 first. (See below)

Microsoft also released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Critical: 4

MS13-067 - Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052)
MS13-068 - Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2756473)
MS13-069 - Cumulative Security Update for Internet Explorer (2870699)
MS13-070 - Vulnerability in OLE Could Allow Remote Code Execution (2876217)

Important: 9

MS13-071 - Vulnerability in Windows Theme File Could Allow Remote Code Execution (2864063)
MS13-072 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537)
MS13-073 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2858300)
MS13-074 - Vulnerabilities in Microsoft Access Could Allow Remote Code Execution (2848637)
MS13-075 - Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2878687)
MS13-076 - Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2876315)
MS13-077 - Vulnerability in Windows Service Control Manager Could Allow Elevation of Privilege (2872339)
MS13-078 - Vulnerability in FrontPage Could Allow Information Disclosure (2825621)
MS13-079 - Vulnerability in Active Directory Could Allow Denial of Service (2853587)

Security Bulletin: http://technet.microsoft.com/en-us/security/bulletin/ms13-sep

* * * * * * * * * * * * * * * * * * * *

Dustin Childs @ the Microsoft Security Response Center (MSRC):

MS13-068 | Vulnerability in Microsoft Outlook Could Allow Remote Code Execution

In preparing for this month's release, this is the first bulletin that caught my attention, and it likely caught yours as well. This privately reported issue could allow remote code execution if an email carrying a specially craft S/MIME certificate is viewed or previewed on an affected system. As detailed in the SRD Blog, creating S/MIME certificates is trivial, but creating the specific one in the precise manner needed to execute code will be difficult. Still, the possibility is there and that is why we listed this update as our highest priority for this month. We have not detected any active attacks here and if you have automatic updating enabled, you won't need to take any action to be protected from this issue.

MS13-069 | Cumulative Security Update for Internet Explorer

This security update resolves 10 issues in all supported versions of Internet Explorer. All 10 were privately disclosed and we have not detected any active attacks for anything addressed by the bulletin. All CVEs are caused by the browser improperly accessing an object in memory. If you visit a specially crafted website with an affected system, an attacker could execute arbitrary code in the context of the current user. This security update is rated Critical for all versions of Internet Explorer.

MS13-067 | Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution

This update for SharePoint Servers also addresses 10 issues, but here, only CVE-2013-1330 is Critical. While CVE-2013-3180, an Important-rated issue, was publicly disclosed, we have not detected any active attacks involving any of these issues. For the one Critical CVE here, an attacker could send specially crafted content to an affected server. After a failure to properly validate the input, the attacker could then execute code on the system in the context of the W3WP service account. SharePoint Server 2013 is not affected by this Critical issue.

http://blogs.technet.com/b/msrc/archive/2013/09/10/lovely-tokens-and-the-september-2013-security-updates.aspx
Post a reply
Discussion is locked
You are posting a reply to: Microsoft Security Bulletin Summary for September 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Microsoft Security Bulletin Summary for September 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
A Few Updates Are Not Appearing As Installed...MS Fault
by Grif Thomas Forum moderator / September 10, 2013 10:19 AM PDT

A few of the updates, although they appear to download and install correctly, if you run a second scan at the Windows Update site, or if you check again on Automatic Updates, they popup again as if they need to be reinstalled. Here, there were three: KB2810048, KB2760588, and KB2760411, all for MS Office but on Windows XP AND Windows 7 computers.. A quick check of the internet shows that almost all folks are having the same issue on all relevant operating systems.. See the link below:

http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/updates-trying-to-install-over-and-over-again/2a624908-f4b1-46d8-87ed-caa09674ff4f

http://answers.microsoft.com/en-us/windows/forum/windows_xp-windows_update/on-xp-pro-kb2760411-kb2760588-and-kb2810048-will/354cf9ff-dd70-4cd6-875d-734f816ee577

Running a few tests to see if I could fix the issue, I uninstalled the updates from a couple of computers, downloaded the offline installation files, then ran the installation offline.. I also uninstalled the offending updates but let the Windows Update site re-install the updates.. Nothing worked and as the discussion at the websites above suggest, it appears like the fault is Microsoft.. I'll guess they will fix the problem or re-release a "fixed" version of the update at a later time.

Hope this helps.

Grif

Collapse -
Same here
by MarkFlax Forum moderator / September 11, 2013 5:13 AM PDT

and same 3 updates.

I have hidden the latest available updates for now and am awaiting further news.

Mark

Collapse -
(NT) Thank you...It helps.....a lot :)
by michhala / September 11, 2013 6:33 AM PDT
Collapse -
Microsoft Talks About The Problem In Their KB Article
by Grif Thomas Forum moderator / September 12, 2013 3:03 AM PDT
Collapse -
Thanks for the iinfo, Grif
by michhala / September 12, 2013 6:46 AM PDT

Hi Grif -- I will be dancing in your city for a few days and not yet done any of the updates. However, I notice I have 24 Important updates (169.1MB -- that's a lot of updates) and an optional one for driver.....first time ever receiving a driver update from Windows Updates for my Dell Studio XPS 8100 -- usually updated them from Dell.....

The new links you posted are support for MS13-072 and MS13-073 and you mentioned three in your OP.
When I get back to my computer in a few days, I will make decisions of what to download from my list of updates, and exclude the three you mentioned.....the problems are with the individual updates and not the entire Windows Update release, yes?.

As always, my thanks.......Miki

Collapse -
Don't accept ...
by Dafydd Forum moderator / September 12, 2013 6:54 AM PDT

Windows drivers Miki.

Dafydd.

Collapse -
My thanks, Dafydd.....
by michhala / September 12, 2013 10:20 AM PDT
In reply to: Don't accept ...

Appreciate your post...and to know that I am on the right track Happy

Miki

Collapse -
Agreed...Don't Update Drivers From Windows Updates
by Grif Thomas Forum moderator / September 12, 2013 8:42 AM PDT

But the other important and critical updates should be fine.

As to the three I mentioned earlier, and whether you should install them, or not, unfortunately, Microsoft has given no instructions as to whether the problem updates are simply a detection/recognition problem or whether the updates are "bad". In other words, although the problem updates have been installed by many, they aren't recommending they be uninstalled. Instead, they simply leave the point mute.

Just my opinion here, but since all my machines have installed those particular updates, I'm leaving them installed, thinking the vulnerability is therefore patched.. Microsoft should fix the detection/recognition problem soon, which should then cause them to be re-released, or possibly they'll be detected correctly by the Windows Updates system.

It's up to you.

Hope this helps.

Grif

Collapse -
Appreciate your reply re drivers, Grif
by michhala / September 12, 2013 10:18 AM PDT

I was not planning to update drivers from Windows Updates, but, as usual, I needed confirmation that I was doing the right thing Happy

I will wait another week or so before confronting my 24 updates (mostly for Microsoft Office 2010 Home and Business). Hopefully more info will be released.

You are always helpful......Miki

Collapse -
Sorted
by Blue_Zee / September 13, 2013 7:03 PM PDT
Note This issue is resolved by a detection change released September 13, 2013. This change did not affect the updated files. This change only affects the way that we offer the updates to customers. Customers who have successfully installed the update do not have to take any action.

Checked Windows Update and the problematic hidden updates were no longer there.
Happy
Collapse -
Yep, same here
by MarkFlax Forum moderator / September 13, 2013 8:21 PM PDT
In reply to: Sorted

I tried to restore the hidden updates but they are no longer listed.

Mark

Collapse -
Yep, Same Here, Too....
by Grif Thomas Forum moderator / September 15, 2013 12:13 AM PDT
In reply to: Sorted

I updated a couple of new computers and the updates did not return. Both have Windows 7 and Office 2007 installed. Likewise, a previously updated WinXP computer, with Office 2003 and the Office 2007 Compatibility Pack, no longer show the relevant updates as being needed. Yay.

Hope this helps.

Grif

Collapse -
(NT) Now I can Update with peace of mind :)
by michhala / September 15, 2013 9:56 PM PDT
Collapse -
I always wait a month to do updates
by itsdigger / September 12, 2013 7:18 AM PDT

from MS. They just can't seem to get it right. I really don't use Windows anymore anyway

Collapse -
Thanks for your reply
by michhala / September 12, 2013 10:29 AM PDT

itsdigger -- I wait about a week or two to install Windows Updates after their release. During that time, I check back several times on this forum to see if any problems have been reported.

Miki

Collapse -
Microsoft Security Advisory (2887505)
by Carol~ Forum moderator / September 17, 2013 8:07 AM PDT

Dustin Childs @ the Microsoft Security Response Center (MSRC):

Today we released Security Advisory 2887505 regarding an issue that affects Internet Explorer. There are only reports of a limited number of targeted attacks specifically directed at Internet Explorer 8 and 9, although the issue could potentially affect all supported versions. This issue could allow remote code execution if an affected system browses to a website containing malicious content directed towards the specific browser type. This would typically occur when an attacker compromises the security of trusted websites regularly frequented, or convinces someone to click on a link in an email or instant message. Running modern versions of Internet Explorer ensures that customers receive the benefit of additional security features that can help prevent successful attacks.

While we are actively working to develop a security update to address this issue, we encourage Internet Explorer customers concerned with the risk associated with this vulnerability, to deploy the following workarounds and mitigations from the advisory:

• Apply the Microsoft Fix it solution, "CVE-2013-3893 MSHTML Shim Workaround," that prevents exploitation of this issue

See Microsoft Knowledge Base Article 2887505 to use the automated Microsoft Fix it solution to enable or disable this workaround.

• Set Internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones

This will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.

• Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones

This will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.

As a best practice, we always encourage customers to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. We also encourage customers to exercise caution when visiting websites and avoid clicking suspicious links or opening email messages from unfamiliar senders. Additional information can be found at www.microsoft.com/protect.

We are monitoring the threat landscape very closely and will continue to take appropriate action to help protect our customers.

http://blogs.technet.com/b/msrc/archive/2013/09/17/microsoft-releases-security-advisory-2887505.aspx

Collapse -
Thank you, Carol
by michhala / September 17, 2013 2:50 PM PDT

This looks mighty complicated to me, and I wonder just how many readers will adhere to Microsoft's security suggestions.

Miki
Internet Explorer 9

Collapse -
(NT) Would this be a good time to install IE10?
by michhala / September 17, 2013 3:18 PM PDT
In reply to: Thank you, Carol
Collapse -
I believe so..
by Carol~ Forum moderator / September 18, 2013 3:40 AM PDT

Hi Miki..

Due to "extenuating circumstances", I've been offline for the better part of a week. And will continue to be so (sporadicly) for a short while. My apologies for not getting back to you regarding the updates. (My thanks to Grif as always)

With that being said.........

I think now would be an excellent time to install IE10. Especially so, if you're using IE as your default browser. IE10 affords you additional security. But keep in mind, while Microsoft mentions (limited) attacks directed at IE 8 & 9, all versions are (potentially) vulnerable. Just my opinion.

Applying the Fix It solution is up to you. My opinion? IF you're using IE as your default browser, I would either temporarily switch to another browser, or apply the interim patch. If you run into problems, you're given the option to reverse / disable the workaround.

As far as your questioning how many will apply it. I haven't been online long enough to find out. Sad

Carol

OT: Did you read the email (Dear Mr. Ballmer) Susan Bradley sent to Steve Ballmer?

Collapse -
Carol -- thank you for.....
by michhala / September 18, 2013 3:16 PM PDT
In reply to: I believe so..

.....the Susan Bradley link to Steve Ballmer. She always offers us great and helpful information.....and thank you also for your suggestions.

Miki

Collapse -
It's Up To You, But IE10 Is Still Affected By This Issue
by Grif Thomas Forum moderator / September 18, 2013 3:43 AM PDT
Collapse -
I am not inclined to upgrade to IE10
by michhala / September 18, 2013 3:26 PM PDT

Grif -- I am always the very last to upgrade to a new browser version. Actually, I would like to know if anyone is taking any or all of the suggestions contained in the Microsoft Security Advisory (2887505). I tend to wait for a patch.

Miki
IE9

Collapse -
(NT) I'm Using A Different Browser & I'll Wait For The Patch
by Grif Thomas Forum moderator / September 19, 2013 3:15 AM PDT
Collapse -
(NT) Grif--thank you for your reply
by michhala / September 19, 2013 6:42 AM PDT
Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Big stars on small screens

Smosh tells CNET what it took to make it big online

Internet sensations Ian Hecox and Anthony Padilla discuss how YouTube has changed and why among all their goals, "real TV" isn't an ambition.