Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

MS Security Bulletin Summary - August 2013


  • Please log in to reply
5 replies to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 13 August 2013 - 11:24 AM

FYI...

- https://technet.micr...lletin/ms13-aug
August 13, 2013 - "This bulletin summary lists security bulletins released for August 2013...
(Total of -8-)

Microsoft Security Bulletin MS13-059 - Critical
Cumulative Security Update for Internet Explorer (2862772)
- https://technet.micr...lletin/ms13-059
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS13-060 - Critical
Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2850869)
- https://technet.micr...lletin/ms13-060
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS13-061 - Critical
Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2876063)
- https://technet.micr...lletin/ms13-061
Critical - Remote Code Execution - May require restart - Microsoft Server Software

Microsoft Security Bulletin MS13-062 - Important
Vulnerability in Remote Procedure Call Could Allow Elevation of Privilege (2849470)
- https://technet.micr...lletin/ms13-062
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-063 - Important
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2859537)
- https://technet.micr...lletin/ms13-063
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-064 - Important
Vulnerability in Windows NAT Driver Could Allow Denial of Service (2849568)
- https://technet.micr...lletin/ms13-064
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-065 - Important
Vulnerability in ICMPv6 could allow Denial of Service (2868623)
- https://technet.micr...lletin/ms13-065
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-066 - Important
Vulnerability in Active Directory Federation Services Could Allow Information Disclosure
- https://technet.micr...lletin/ms13-066
Important - Information Disclosure - May require restart - Microsoft Windows
___

MS13-052: Vulnerabilities in .NET Framework and Silverlight could allow remote code execution
- https://support.micr....com/kb/2861561
August 13, 2013 This security update has been re-released and contains some updated articles. We recommend that you apply this updated security update.
Last Review: August 13, 2013 - Revision: 5.0
- https://technet.micr...lletin/MS13-052
Updated: August 13, 2013

MS13-057: Description of the security update for Windows Media Format Runtime 9 and 9.5 (wmvdmod.dll), and for Windows Media Player 11 and 12
- http://support.micro...b;en-us;2803821
"... issue resolved for Win7 and Win Svr 2008R2...
re-released version of security update 2803821 - August 13, 2013..."
Last Review: August 13, 2013 - Revision: 8.0
- https://technet.micr...lletin/MS13-057
Updated: August 13, 2013
___

- http://blogs.technet...Redirected=true

Bulletin Deployment Priority
- https://blogs.techne...13-DP-Slide.PNG

Severity and Exploitability Index
- https://blogs.techne...nd-XI-Slide.PNG
___

ISC Analysis
- https://isc.sans.edu...l?storyid=16358
Last Updated: 2013-08-13 17:28:40

- http://www.theinquir...er-and-exchange
Aug 14 2013 - "... MS13-059 fixes 11 vulnerabilities in all versions of IE from IE6 to IE10... two patches for address space layout randomisation (ALSR) bypasses this month in MS13-059 for IE and MS13-063 in the Windows kernel..."
___

- https://secunia.com/advisories/53998/ - MS13-059
- https://secunia.com/advisories/54364/ - MS13-060
- https://secunia.com/advisories/54392/ - MS13-061
- https://secunia.com/advisories/54394/ - MS13-062
- https://secunia.com/advisories/54406/ - MS13-063
- https://secunia.com/advisories/54420/ - MS13-064
- https://secunia.com/advisories/54440/ - MS13-065
- https://secunia.com/advisories/54459/ - MS13-066
___

MSRT
- https://support.micr...om/?kbid=890830
August 13, 2013 - Revision: 125.0

- http://www.microsoft...e-families.aspx
"... list includes every major virus and worm family the tool provides detection and cleaning capabilities for since its initial release on January 11, 2005..."

Download:
- https://www.microsof...ol-details.aspx
Windows-KB890830-V5.3.exe
Windows Malicious Software Removal Tool x64:
Windows-KB890830-x64-V5.3.exe

.

Edited by AplusWebMaster, 14 August 2013 - 08:33 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

    Advertisements

Register to Remove


#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 14 August 2013 - 08:18 PM

FYI...

MS13-061 rescinded ...
- https://blogs.techne...Redirected=true
14 Aug 2013 - "Late last night we became aware of an issue with MS13-061 security update for Exchange Server 2013. Specifically, after the installation of the security update, the Content Index for mailbox databases shows as Failed and the Microsoft Exchange Search Host Controller service is renamed. For those that have already installed the MS13-061 security update for Exchange Server 2013, we already have KB 2879739* that provides the steps on how to resolve this issue. However, due to this issue and that it affects all Mailbox server installations, we have decided to pull the MS13-061 security update temporarily.
Note: This issue does not occur in Exchange 2010 or Exchange 2007. You can proceed with testing and deploying Exchange 2007 SP3 RU11, Exchange 2010 SP2 RU7, and Exchange 2010 SP3 RU2.
Recommendation: If you have already installed MS13-061 security update on your Exchange 2013 servers, we recommend following the steps in KB 2879739 to resolve the issue. If you have not installed MS13-061 security update on your Exchange 2013 servers, we recommend not proceeding with the update at this time..."

Update 2874216 breaks the content index in Exchange Server 2013
* https://support.micr....com/kb/2879739 - MS13-061
Last Review: August 20, 2013 - Revision: 5.0 <<
Applies to:
- Microsoft Exchange Server 2013 Enterprise
- Microsoft Exchange Server 2013 Standard

:ph34r:

Edited by AplusWebMaster, 21 August 2013 - 06:23 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#3 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 15 August 2013 - 08:56 AM

FYI...

MS botches six Windows patches in latest Automatic Update
Microsoft acknowledges it has problems with KB 2876063, KB 2859537, KB 2873872, KB 2843638, KB 2843639, and KB 2868846 -- all released earlier this week
- http://www.infoworld...c-update-224988
August 15, 2013 (Details at the URL above)
___

KB 2876063
- http://support.micro....com/kb/2876063 - MS13-061
Last Review: August 14, 2013 - Revision: 2.0
KB 2859537
- http://support.micro....com/kb/2859537 - MS13-063
Last Review: August 16, 2013 - Revision: 3.0 <<
KB 2873872
- http://support.micro....com/kb/2873872 - MS13-066
Last Review: August 19, 2013 - Revision: 4.0 <<
KB 2843638
- http://support.micro....com/kb/2843638 - MS13-066
Last Review: August 19, 2013 - Revision: 7.0 <<
KB 2843639
- http://support.micro....com/kb/2843639 - MS13-066
Last Review: August 19, 2013 - Revision: 9.0 <<
KB 2868846
- http://support.micro....com/kb/2868846 - MS13-066
Last Review: August 19, 2013 - Revision: 8.0 <<
___

- https://technet.micr...lletin/ms13-061
V2.0 (August 14, 2013): Rereleased bulletin to remove the 2874216 updates for Microsoft Exchange Server 2013 Cumulative Update 1 and Microsoft Exchange Server 2013 Cumulative Update 2 to address an issue with the updates. See the Update FAQ for details.

- https://technet.micr...lletin/ms13-063
V1.1 (August 14, 2013): Updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes".

- https://technet.micr...lletin/ms13-066
V3.0 (August 19, 2013): Rereleased bulletin to announce the reoffering of the 2843638 update for Active Directory Federation Services 2.0 on Windows Server 2008 and Windows Server 2008 R2. See the Update FAQ for details.

Important Announcement: AD FS 2.0 and MS13-066
- https://blogs.techne...Redirected=true
Update (8/19/13): We have republished MS13-066 with a corrected version of the hotfixes that contributed to this problem. If you had held off on installing the update, it should be safe to install on all of your ADFS servers now.
The updated security bulletin is here:
- http://technet.micro...lletin/MS13-066

- http://support.micro....com/kb/2843638
Last Review: August 19, 2013 - Revision: 7.0 <<

- http://support.micro....com/kb/2843639
Last Review: August 19, 2013 - Revision: 9.0 <<

:ph34r: :ph34r: :ph34r:

Edited by AplusWebMaster, 19 August 2013 - 09:56 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#4 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 19 August 2013 - 04:34 PM

FYI...

MS13-066 re-released
- https://technet.micr...lletin/ms13-066
Updated: August 19, 2013 - "... Update FAQ: Why was this bulletin rereleased on August 19, 2013?
Microsoft rereleased this bulletin to announce the reoffering of the 2843638 update for Active Directory Federation Services 2.0 on Windows Server 2008 and Windows Server 2008 R2. The rereleased update addresses an issue in the original offerings that caused AD FS to stop working if the previously released RU3 rollup QFE (update 2790338) had not been installed; the rerelease removes this requirement. Furthermore, in creating this rerelease, Microsoft has consolidated the fixes contained in the two original updates (2843638 and 2843639) into a single 2843638 update. Customers who already installed the original updates will be reoffered the 2843638 update and are encouraged to apply it at the earliest opportunity. Note that when the installation is complete, customers will see only the 2843638 update in the list of installed updates."
V3.0 (August 19, 2013): Rereleased bulletin to announce the reoffering of the 2843638 update for Active Directory Federation Services 2.0 on Windows Server 2008 and Windows Server 2008 R2. See the Update FAQ for details.

- https://support.micr....com/kb/2873872
Last Review: August 19, 2013 - Revision: 4.0

- https://support.micr....com/kb/2843638
Last Review: August 23, 2013 - Revision: 8.0

- https://support.micr....com/kb/2843639
Last Review: August 19, 2013 - Revision: 9.0

:ph34r: :ph34r:

Edited by AplusWebMaster, 29 August 2013 - 11:22 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#5 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 23 August 2013 - 12:10 PM

FYI...

MS13-063 KB2859537 ...
- http://www.infoworld...-2859537-225314
Aug 21, 2013 - "... Microsoft published a "Known issues" paragraph in the KB 2859537* Knowledge Base article, but it hadn't pulled the patch. As of this morning, the patch is no longer being offered (it's -unchecked- in the Automatic Update list), and the Known issues paragraph has been modified a bit... Since MS13-063 is a Windows Kernel update - always problematic, reaching into the inner sanctum - a lot of people have reported problems... Microsoft is interested in 0xc0000005 crashes, even if (especially if) you thought you had a genuine copy of Windows 7 or Vista..."

- https://technet.micr...lletin/ms13-063
Updated: August 14, 2013

* https://support.micr....com/kb/2859537
Last Review: August 16, 2013 - Revision: 3.0

:ph34r: :ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#6 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 27 August 2013 - 03:25 PM

FYI...

MS releases revisions to existing Updates
- https://isc.sans.edu...l?storyid=16448
Last Updated: 2013-08-27 20:49:12 - "... patches have undergone signficant revision according to Microsoft. The following patches were updated today by Microsoft, and are set to roll in the automatic updates:

* MS13 - July 2013 / MS13-057 - Critical
- https://technet.micr...lletin/ms13-jul
Updated: Tuesday, August 27, 2013
V3.0 (August 27, 2013): For MS13-057, bulletin revised to rerelease security update 2803821 for Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008; security update 2834902 for Windows XP and Windows Server 2003; security update 2834903 for Windows XP; security update 2834904 for Windows XP and Windows Server 2003; and security update 2834905 for Windows XP. Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 customers should install the rereleased updates that apply to their systems. See the bulletin for details.
- https://technet.micr...lletin/ms13-057
V3.0 (August 27, 2013): Bulletin revised to rerelease security update 2803821 for Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008; security update 2834902 for Windows XP and Windows Server 2003; security update 2834903 for Windows XP; security update 2834904 for Windows XP and Windows Server 2003; and security update 2834905 for Windows XP. Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 customers should install the rereleased updates. See the Update FAQ for more information.

* MS13 - August 2013 / MS13-061 - Critical
- https://technet.micr...lletin/ms13-aug
Updated: Tuesday, August 27, 2013
V3.0 (August 27, 2013): For MS13-061, bulletin revised to announce the reoffering of the 2874216 update for Microsoft Exchange Server 2013 Cumulative Update 1 and Microsoft Exchange Server 2013 Cumulative Update 2. See the bulletin for details.
- https://technet.micr...lletin/ms13-061
V3.0 (August 27, 2013): Rereleased bulletin to announce the reoffering of the 2874216 update for Microsoft Exchange Server 2013 Cumulative Update 1 and Microsoft Exchange Server 2013 Cumulative Update 2. See the Update FAQ for details.
___

Office 2010 update
- https://support.micr...b/2825640/en-us
Last Review: August 27, 2013 - Revision: 1.0 - "... This update fixes some issues that occur when you install Service Pack 2 (SP2) for Office 2010. Additionally, this update contains stability and performance improvements..."

:ph34r: :ph34r:

Edited by AplusWebMaster, 28 August 2013 - 05:49 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users