Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

Microsoft Security Bulletin Summary for September 2013

Sep 10, 2013 3:49AM PDT
Microsoft Security Bulletin Summary for September 2013

Published : September 10, 2013

Microsoft released 13 new security updates today, as part of their routine monthly security update cycle. Four (4) are rated Critical and nine (9) rated as Important. They address 47 unique CVEs in Microsoft Windows, Office, Internet Explorer and SharePoint.

For those who need to prioritize their deployment planning, Microsoft recommends focusing on MS13-067, MS13-068, and MS13-069 first. (See below)

Microsoft also released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Critical: 4

MS13-067 - Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052)
MS13-068 - Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2756473)
MS13-069 - Cumulative Security Update for Internet Explorer (2870699)
MS13-070 - Vulnerability in OLE Could Allow Remote Code Execution (2876217)

Important: 9

MS13-071 - Vulnerability in Windows Theme File Could Allow Remote Code Execution (2864063)
MS13-072 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537)
MS13-073 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2858300)
MS13-074 - Vulnerabilities in Microsoft Access Could Allow Remote Code Execution (2848637)
MS13-075 - Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2878687)
MS13-076 - Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2876315)
MS13-077 - Vulnerability in Windows Service Control Manager Could Allow Elevation of Privilege (2872339)
MS13-078 - Vulnerability in FrontPage Could Allow Information Disclosure (2825621)
MS13-079 - Vulnerability in Active Directory Could Allow Denial of Service (2853587)

Security Bulletin: http://technet.microsoft.com/en-us/security/bulletin/ms13-sep

* * * * * * * * * * * * * * * * * * * *

Dustin Childs @ the Microsoft Security Response Center (MSRC):

MS13-068 | Vulnerability in Microsoft Outlook Could Allow Remote Code Execution

In preparing for this month's release, this is the first bulletin that caught my attention, and it likely caught yours as well. This privately reported issue could allow remote code execution if an email carrying a specially craft S/MIME certificate is viewed or previewed on an affected system. As detailed in the SRD Blog, creating S/MIME certificates is trivial, but creating the specific one in the precise manner needed to execute code will be difficult. Still, the possibility is there and that is why we listed this update as our highest priority for this month. We have not detected any active attacks here and if you have automatic updating enabled, you won't need to take any action to be protected from this issue.

MS13-069 | Cumulative Security Update for Internet Explorer

This security update resolves 10 issues in all supported versions of Internet Explorer. All 10 were privately disclosed and we have not detected any active attacks for anything addressed by the bulletin. All CVEs are caused by the browser improperly accessing an object in memory. If you visit a specially crafted website with an affected system, an attacker could execute arbitrary code in the context of the current user. This security update is rated Critical for all versions of Internet Explorer.

MS13-067 | Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution

This update for SharePoint Servers also addresses 10 issues, but here, only CVE-2013-1330 is Critical. While CVE-2013-3180, an Important-rated issue, was publicly disclosed, we have not detected any active attacks involving any of these issues. For the one Critical CVE here, an attacker could send specially crafted content to an affected server. After a failure to properly validate the input, the attacker could then execute code on the system in the context of the W3WP service account. SharePoint Server 2013 is not affected by this Critical issue.

http://blogs.technet.com/b/msrc/archive/2013/09/10/lovely-tokens-and-the-september-2013-security-updates.aspx

Discussion is locked

- Collapse -
A Few Updates Are Not Appearing As Installed...MS Fault
Sep 10, 2013 10:19AM PDT

A few of the updates, although they appear to download and install correctly, if you run a second scan at the Windows Update site, or if you check again on Automatic Updates, they popup again as if they need to be reinstalled. Here, there were three: KB2810048, KB2760588, and KB2760411, all for MS Office but on Windows XP AND Windows 7 computers.. A quick check of the internet shows that almost all folks are having the same issue on all relevant operating systems.. See the link below:

http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/updates-trying-to-install-over-and-over-again/2a624908-f4b1-46d8-87ed-caa09674ff4f

http://answers.microsoft.com/en-us/windows/forum/windows_xp-windows_update/on-xp-pro-kb2760411-kb2760588-and-kb2810048-will/354cf9ff-dd70-4cd6-875d-734f816ee577

Running a few tests to see if I could fix the issue, I uninstalled the updates from a couple of computers, downloaded the offline installation files, then ran the installation offline.. I also uninstalled the offending updates but let the Windows Update site re-install the updates.. Nothing worked and as the discussion at the websites above suggest, it appears like the fault is Microsoft.. I'll guess they will fix the problem or re-release a "fixed" version of the update at a later time.

Hope this helps.

Grif

- Collapse -
Same here
Sep 11, 2013 5:13AM PDT

and same 3 updates.

I have hidden the latest available updates for now and am awaiting further news.

Mark

- Collapse -
(NT) Thank you...It helps.....a lot :)
Sep 11, 2013 6:33AM PDT
- Collapse -
Microsoft Talks About The Problem In Their KB Article
Sep 12, 2013 3:03AM PDT
- Collapse -
Thanks for the iinfo, Grif
Sep 12, 2013 6:46AM PDT

Hi Grif -- I will be dancing in your city for a few days and not yet done any of the updates. However, I notice I have 24 Important updates (169.1MB -- that's a lot of updates) and an optional one for driver.....first time ever receiving a driver update from Windows Updates for my Dell Studio XPS 8100 -- usually updated them from Dell.....

The new links you posted are support for MS13-072 and MS13-073 and you mentioned three in your OP.
When I get back to my computer in a few days, I will make decisions of what to download from my list of updates, and exclude the three you mentioned.....the problems are with the individual updates and not the entire Windows Update release, yes?.

As always, my thanks.......Miki

- Collapse -
Don't accept ...
Sep 12, 2013 6:54AM PDT

Windows drivers Miki.

Dafydd.

- Collapse -
My thanks, Dafydd.....
Sep 12, 2013 10:20AM PDT

Appreciate your post...and to know that I am on the right track Happy

Miki

- Collapse -
Agreed...Don't Update Drivers From Windows Updates
Sep 12, 2013 8:42AM PDT

But the other important and critical updates should be fine.

As to the three I mentioned earlier, and whether you should install them, or not, unfortunately, Microsoft has given no instructions as to whether the problem updates are simply a detection/recognition problem or whether the updates are "bad". In other words, although the problem updates have been installed by many, they aren't recommending they be uninstalled. Instead, they simply leave the point mute.

Just my opinion here, but since all my machines have installed those particular updates, I'm leaving them installed, thinking the vulnerability is therefore patched.. Microsoft should fix the detection/recognition problem soon, which should then cause them to be re-released, or possibly they'll be detected correctly by the Windows Updates system.

It's up to you.

Hope this helps.

Grif

- Collapse -
Appreciate your reply re drivers, Grif
Sep 12, 2013 10:18AM PDT

I was not planning to update drivers from Windows Updates, but, as usual, I needed confirmation that I was doing the right thing Happy

I will wait another week or so before confronting my 24 updates (mostly for Microsoft Office 2010 Home and Business). Hopefully more info will be released.

You are always helpful......Miki

- Collapse -
Sorted
Sep 13, 2013 7:03PM PDT
Note This issue is resolved by a detection change released September 13, 2013. This change did not affect the updated files. This change only affects the way that we offer the updates to customers. Customers who have successfully installed the update do not have to take any action.

Checked Windows Update and the problematic hidden updates were no longer there.
Happy
- Collapse -
Yep, same here
Sep 13, 2013 8:21PM PDT

I tried to restore the hidden updates but they are no longer listed.

Mark

- Collapse -
Yep, Same Here, Too....
Sep 15, 2013 12:13AM PDT

I updated a couple of new computers and the updates did not return. Both have Windows 7 and Office 2007 installed. Likewise, a previously updated WinXP computer, with Office 2003 and the Office 2007 Compatibility Pack, no longer show the relevant updates as being needed. Yay.

Hope this helps.

Grif

- Collapse -
(NT) Now I can Update with peace of mind :)
Sep 15, 2013 9:56PM PDT
- Collapse -
I always wait a month to do updates
Sep 12, 2013 7:18AM PDT

from MS. They just can't seem to get it right. I really don't use Windows anymore anyway

- Collapse -
Thanks for your reply
Sep 12, 2013 10:29AM PDT

itsdigger -- I wait about a week or two to install Windows Updates after their release. During that time, I check back several times on this forum to see if any problems have been reported.

Miki

- Collapse -
Microsoft Security Advisory (2887505)
Sep 17, 2013 8:07AM PDT

Dustin Childs @ the Microsoft Security Response Center (MSRC):

Today we released Security Advisory 2887505 regarding an issue that affects Internet Explorer. There are only reports of a limited number of targeted attacks specifically directed at Internet Explorer 8 and 9, although the issue could potentially affect all supported versions. This issue could allow remote code execution if an affected system browses to a website containing malicious content directed towards the specific browser type. This would typically occur when an attacker compromises the security of trusted websites regularly frequented, or convinces someone to click on a link in an email or instant message. Running modern versions of Internet Explorer ensures that customers receive the benefit of additional security features that can help prevent successful attacks.

While we are actively working to develop a security update to address this issue, we encourage Internet Explorer customers concerned with the risk associated with this vulnerability, to deploy the following workarounds and mitigations from the advisory:

• Apply the Microsoft Fix it solution, "CVE-2013-3893 MSHTML Shim Workaround," that prevents exploitation of this issue

See Microsoft Knowledge Base Article 2887505 to use the automated Microsoft Fix it solution to enable or disable this workaround.

• Set Internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones

This will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.

• Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones

This will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.

As a best practice, we always encourage customers to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. We also encourage customers to exercise caution when visiting websites and avoid clicking suspicious links or opening email messages from unfamiliar senders. Additional information can be found at www.microsoft.com/protect.

We are monitoring the threat landscape very closely and will continue to take appropriate action to help protect our customers.

http://blogs.technet.com/b/msrc/archive/2013/09/17/microsoft-releases-security-advisory-2887505.aspx

- Collapse -
Thank you, Carol
Sep 17, 2013 2:50PM PDT

This looks mighty complicated to me, and I wonder just how many readers will adhere to Microsoft's security suggestions.

Miki
Internet Explorer 9

- Collapse -
(NT) Would this be a good time to install IE10?
Sep 17, 2013 3:18PM PDT
- Collapse -
I believe so..
Sep 18, 2013 3:40AM PDT

Hi Miki..

Due to "extenuating circumstances", I've been offline for the better part of a week. And will continue to be so (sporadicly) for a short while. My apologies for not getting back to you regarding the updates. (My thanks to Grif as always)

With that being said.........

I think now would be an excellent time to install IE10. Especially so, if you're using IE as your default browser. IE10 affords you additional security. But keep in mind, while Microsoft mentions (limited) attacks directed at IE 8 & 9, all versions are (potentially) vulnerable. Just my opinion.

Applying the Fix It solution is up to you. My opinion? IF you're using IE as your default browser, I would either temporarily switch to another browser, or apply the interim patch. If you run into problems, you're given the option to reverse / disable the workaround.

As far as your questioning how many will apply it. I haven't been online long enough to find out. Sad

Carol

OT: Did you read the email (Dear Mr. Ballmer) Susan Bradley sent to Steve Ballmer?

- Collapse -
Carol -- thank you for.....
Sep 18, 2013 3:16PM PDT

.....the Susan Bradley link to Steve Ballmer. She always offers us great and helpful information.....and thank you also for your suggestions.

Miki

- Collapse -
It's Up To You, But IE10 Is Still Affected By This Issue
Sep 18, 2013 3:43AM PDT
- Collapse -
I am not inclined to upgrade to IE10
Sep 18, 2013 3:26PM PDT

Grif -- I am always the very last to upgrade to a new browser version. Actually, I would like to know if anyone is taking any or all of the suggestions contained in the Microsoft Security Advisory (2887505). I tend to wait for a patch.

Miki
IE9

- Collapse -
(NT) I'm Using A Different Browser & I'll Wait For The Patch
Sep 19, 2013 3:15AM PDT
- Collapse -
(NT) Grif--thank you for your reply
Sep 19, 2013 6:42AM PDT