monthly security bulletin briefing - microsoft › media › tnblogsfs... · 2017-01-30 · monthly...
TRANSCRIPT
1
Monthly Security
Bulletin Briefing
(August 2013)
GBS Security Worldwide Programs
Teresa GhiorzoeSecurity Program Manager LATAM
Blog de Seguridad: :
http://blogs.technet.com/b/seguridad/
Twitter: LATAMSRC
August 2013
Agenda
Other Security Resources• Detection and Deployment
Table
• Product Support Lifecycle Information
• August Release Summary
Appendix• Malicious Software Removal
Tool Updates
• Public Security Bulletin Links
• August Non-Security Updates
New Security
Bulletins
8
GBS Security Worldwide Programs
August Rereleases
Bulletins Advisories
2 1
Critical Important
3 5
New Security Advisories
2
August
2013
Security
Bulletins
Bulletin Impact Component Severity PriorityExploit
IndexPublic
MS13-059 Remote Code Execution Internet Explorer Critical 1 1 No
MS13-060 Remote Code Execution Unicode Scripts Processor Critical 1 2 No
MS13-061 Remote Code Execution Exchange Server Critical 2 2 Yes
MS13-062 Elevation of Privilege Remote Procedure Call Important 2 1 No
MS13-063 Elevation of Privilege Windows Kernel Important 2 1 Yes
MS13-064 Denial of Service Windows NAT Driver Important 3 3 No
MS13-065 Denial of Service ICMPv6 Important 3 3 No
MS13-066 Information DisclosureActive Directory Federation
ServicesImportant 2 3 No
Exploitability Index: 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected | * - Not Rated
GBS Security Worldwide Programs
MS13-059
Cumulative
Security Update
for Internet
Explorer
(2862772)
Affected Software:
IE 6 on Windows XP and Windows Server
2003
IE 7 on Windows XP, Windows Server 2003,
Windows Vista, and Windows Server 2008
IE 8 on Windows XP, Windows Server 2003,
Windows Vista, Windows Server 2008,
Windows 7, and Windows Server 2008 R2
IE 9 on Windows Vista, Windows Server
2008, Windows 7, and Windows Server 2008
R2
IE 10 on Windows 7, Windows Server 2008
R2, Windows 8, Windows Server 2012, and
Windows RT
Severity | Critical
Deployment
Priority
Update
Replacement
More Information
and / or
Known Issues
1 MS13-055 Yes 3
Restart
Requirement
A restart is
required
Uninstall Support
Use Add or Remove
Programs in Control
Panel
Detection and Deployment
WU MU MBSA WSUS ITMU SCCM1. The MBSA does not support Windows 8, Windows
Server 2012, or Windows RT
2. Windows RT devices can only be serviced with
Windows and Microsoft Update
3. Windows RT devices require update 2808380 to be
installed before WU will offer this security updateYes Yes Yes 1 | 2 Yes 2 Yes 2 Yes 2
GBS Security Worldwide Programs
MS13-059
Cumulative
Security Update
for Internet
Explorer
(2862772)
Vulnerability Details:
• Nine (9) remote code execution vulnerabilities exist when Internet Explorer improperly accesses an object
in memory. These vulnerabilities may corrupt memory in such a way that an attacker could execute
arbitrary code in the context of the current user.
• An elevation of privilege vulnerability exists in the way that Internet Explorer handles process integrity level
assignment in specific cases.
• An information disclosure vulnerability exists in Internet Explorer that could allow script to perform cross-
site scripting attacks.
CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory
Multiple *
CVE-2013-3186
CVE-2013-3192
Critical
Moderate
Moderate
Remote Code Execution
Elevation of Privilege
Information Disclosure
1
*
*
1
*
*
NA
*
*
No
No
No
No
No
No
None
None
None
Attack Vectors
• A maliciously crafted Web page
• Compromised websites and
websites that accept or host
user-provided content or
advertisements
* CVE-2013-3184 | CVE-2013-3187
CVE-2013-3188 | CVE-2013-3189
CVE-2013-3190 | CVE-2013-3191
CVE-2013-3193 | CVE-2013-3194
CVE-2013-3199
Mitigations
• Users would have to be persuaded
to visit a malicious web site
• Exploitation only gains the same
user rights as the logged on
account
• By default, all Microsoft e-mail
clients open HTML e-mail
messages in the Restricted Sites
zone
• By default, IE runs in a restricted
mode for all Windows Servers
Workarounds
• Set IE security to High for
Internet and Intranet zones
• Configure IE to prompt before
running ActiveX and Active
Scripting
• Microsoft has not identified
any workarounds for CVE-
2013-3186
GBS Security Worldwide Programs
Exploitability Index: 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected | * - Not Rated
DoS Rating: T = Temporary (DoS ends when an attack ceases) | P = Permanent (Administrative action required to recover)
MS13-060
Vulnerability in
Unicode Scripts
Processor Could
Allow Remote
Code Execution
(2850869)
Affected Software:
Windows XP (all editions)
Windows Server 2003 (all editions)
Severity | Critical
Deployment
Priority
Update
Replacement
More Information
and / or
Known Issues
1 MS10-063 None
Restart
Requirement
A restart may be
required
Uninstall Support
Use Add or Remove
Programs in Control
PanelDetection and Deployment
WU MU MBSA WSUS ITMU SCCM
The Unicode Script Processor (USP10.DLL), also
known as Uniscribe, is a collection of APIs that
enables a text layout client to format complex
scripts.
• Uniscribe supports the complex rules found
in scripts such as Arabic, Indian, and Thai.
• Uniscribe also handles scripts written from
right-to-left such as Arabic or Hebrew, and
supports the mixing of scripts.
Yes Yes Yes Yes Yes Yes
GBS Security Worldwide Programs
MS13-060
Vulnerability in
Unicode Scripts
Processor Could
Allow Remote
Code Execution
(2850869)
Vulnerability Details:
• A remote code execution vulnerability exists in the Unicode Script Processor (USP10.DLL), a collection of
APIs that enables a text layout client to format complex scripts, that is included in affected versions of
Microsoft Windows. This vulnerability could allow an attacker to take complete control of an affected
system if a user views a specially crafted website or file.
CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory
CVE-2013-3181 Critical Remote Code Execution NA 2 T No None None
Attack Vectors
• A maliciously crafted web site
• A maliciously crafted file
Mitigations
• Users would have to be persuaded
to visit a malicious web site
• Exploitation only gains the same
user rights as the logged on
account
Workarounds
• Modify the Access Control List
(ACL) on usp10.dll
• Disable support for parsing
embedded fonts in Internet
Explorer
GBS Security Worldwide Programs
Exploitability Index: 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected | * - Not Rated
DoS Rating: T = Temporary (DoS ends when an attack ceases) | P = Permanent (Administrative action required to recover)
MS13-061
Vulnerabilities in
Microsoft
Exchange Server
Could Allow
Remote Code
Execution
(2876063)
Affected Software: Exchange Server 2007 SP3 1
Exchange Server 2010 SP2 & SP3 2
Exchange Server 2013 Cumulative Update 1
or Cumulative Update 2
Severity | Critical
Deployment
Priority
Update
Replacement
More Information
and / or
Known Issues
2 MS13-012 None
Restart
Requirement
A restart is not
required
Uninstall Support
Use Add or Remove
Programs in Control
PanelDetection and Deployment
WU MU MBSA WSUS ITMU SCCM 1. Releasing as part of Update Rollup 11 for
Exchange Server 2007 SP3
2. Releasing as part of Update Rollup 2 for
Exchange Server 2010 SP3No Yes Yes Yes Yes Yes
GBS Security Worldwide Programs
MS13-061
Vulnerabilities in
Microsoft
Exchange Server
Could Allow
Remote Code
Execution
(2876063)
Vulnerability Details:
• Two vulnerabilities exist in Microsoft Exchange Server through the WebReady Document Viewing feature.
These vulnerabilities could allow an attacker to take complete control of an affected system if a user
previews a specially crafted file from within an OWA session
• A third vulnerability exists in Exchange Server 2013's Data Loss Protection (DLP) feature. This vulnerability
could cause the affected Exchange Server to become unresponsive if a user views a specially crafted file
through Outlook Web Access in a browser.
CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory
Multiple * Critical Remote Code Execution 2 2 P Yes None None
Attack Vectors
• A specially crafted file that is
viewed through Outlook Web
Access (OWA) in a browser
* CVE-2013-2393 | CVE-2013-3776
CVE-2013-3781
Mitigations
• The transcoding service in
Exchange that is used for
WebReady Document Viewing is
running in the LocalService
account, which has minimum
privileges on the local computer
and presents anonymous
credentials on the network
• The Filtering Management
service in Exchange that is used
for Data Loss Prevention is also
running as the LocalService
account
Workarounds
• Disable WebReady document
view
• Disable Data Loss Prevention
(Exchange Server 2013 only)
GBS Security Worldwide Programs
Exploitability Index: 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected | * - Not Rated
DoS Rating: T = Temporary (DoS ends when an attack ceases) | P = Permanent (Administrative action required to recover)
MS13-062
Vulnerability in
Remote
Procedure Call
Could Allow
Elevation of
Privilege
(2849470)
Affected Software: Windows XP (all editions)
Windows Server 2003 (all editions)
Windows Vista (all editions)
Windows Server 2008 (all editions)
Windows 7 (all editions)
Windows Server 2008 R2 (all editions)
Windows 8 (all editions)
Windows Server 2012 (all editions)
Windows RT (all editions)
Severity | Important
Deployment
Priority
Update
Replacement
More Information
and / or
Known Issues
2 MS09-026
MS10-084Yes 3
Restart
Requirement
A restart is
required
Uninstall Support
Use Add or Remove
Programs in Control
PanelDetection and Deployment
WU MU MBSA WSUS ITMU SCCM1. The MBSA does not support Windows 8, Windows
Server 2012, or Windows RT
2. Windows RT devices can only be serviced with
Windows and Microsoft Update
3. Windows RT devices require update 2808380 to be
installed before WU will offer this security updateYes Yes Yes 1 | 2 Yes 2 Yes 2 Yes 2
GBS Security Worldwide Programs
MS13-062
Vulnerability in
Remote
Procedure Call
Could Allow
Elevation of
Privilege
(2849470)
Vulnerability Details:
• An elevation of privilege vulnerability exists in the way that Windows handles asynchronous RPC requests.
An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete
control of an affected system. An attacker could exploit the vulnerability by making malformed RPC
requests to a shared host.
CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory
CVE-2013-3175 Important Elevation of Privilege 1 1 NA No None None
Attack Vectors
• Malformed RPC requests
Mitigations
• Microsoft has not identified any
mitigating factors for this
vulnerability
Workarounds
• Microsoft has not identified
any workarounds for this
vulnerability
GBS Security Worldwide Programs
Exploitability Index: 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected | * - Not Rated
DoS Rating: T = Temporary (DoS ends when an attack ceases) | P = Permanent (Administrative action required to recover)
MS13-063
Vulnerabilities in
Windows Kernel
Could Allow
Elevation of
Privilege
(2859537)
Affected Software: Windows XP (32-bit editions)
Windows Server 2003 (32-bit editions)
Windows Vista (all editions)
Windows Server 2008 (all editions)
Windows 7 (all editions)
Windows Server 2008 R2 (all editions)
Windows 8 (all 32-bit editions)
Severity | Important
Deployment
Priority
Update
Replacement
More Information
and / or
Known Issues
2 MS13-031
MS13-048None
Restart
Requirement
A restart is
required
Uninstall Support
Use Add or Remove
Programs in Control
Panel
Detection and Deployment
WU MU MBSA WSUS ITMU SCCM* The Microsoft Baseline Security Analyzer (MBSA)
tool does not support Windows 8 or Windows
Server 2012
Yes Yes Yes * Yes Yes Yes
GBS Security Worldwide Programs
MS13-063
Vulnerabilities in
Windows Kernel
Could Allow
Elevation of
Privilege
(2859537)
Vulnerability Details:• Three (3) elevation of privilege vulnerabilities exist in the Windows kernel due to a memory corruption condition in
the NT Virtual DOS Machine (NTVDM). An attacker who successfully exploited this vulnerability could run arbitrary
code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts
with full user rights.
• A security feature vulnerability exists in Windows due to improper implementation of Address Space Layout
Randomization (ASLR). The vulnerability could allow an attacker to bypass the ASLR security feature and load a DLL in
a process.
CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory
CVE-2013-3196
CVE-2013-3197
CVE-2013-3198
CVE-2013-2556
Important
Important
Important
Important
Elevation of Privilege
Elevation of Privilege
Elevation of Privilege
Security Feature Bypass
1
1
1
*
1
1
1
*
P
P
P
NA
No
No
No
Yes
No
No
No
No
None
None
None
None
Attack Vectors• A specially crafted application
• The loading of a malicious DLL
Mitigations• An attacker must have valid logon
credentials and be able to log on
locally to exploit the Elevation of
Privilege vulnerabilities
• 64-bit Windows operating systems
are not affected by the Elevation of
Privilege vulnerabilities
For CVE-2013-2556
• Microsoft has not identified any
workarounds for the Security Feature
Bypass vulnerability
Workarounds• Disable the NTVDM subsystem via
Group Policy
• Disable the NTVDM subsystem via
the Windows Registry
For CVE-2013-2556
• Microsoft has not identified any
workarounds for the Security
Feature Bypass vulnerability
Exploitability Index: 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected | * - Not Rated
DoS Rating: T = Temporary (DoS ends when an attack ceases) | P = Permanent (Administrative action required to recover)
GBS Security Worldwide Programs
MS13-064
Vulnerability in
Windows NAT
Driver Could
Allow Denial of
Service
(2849568)
Affected Software:
Windows Server 2012Severity | Important
Deployment
Priority
Update
Replacement
More Information
and / or
Known Issues
3 None None
Restart
Requirement
A restart is
required
Uninstall Support
Use Add or Remove
Programs in Control
PanelDetection and Deployment
WU MU MBSA WSUS ITMU SCCMMS13-064 and MS13-065 both address
vulnerabilities leveraging ICMP, but the security
updates are not relatedYes Yes No Yes Yes Yes
GBS Security Worldwide Programs
MS13-064
Vulnerability in
Windows NAT
Driver Could
Allow Denial of
Service
(2849568)
Vulnerability Details:
• A denial of service vulnerability exists in the Windows NAT Driver that could cause the target system to
stop responding until restarted, if an unauthenticated attacker sends specially crafted ICMP packets to the
target server.
CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory
CVE-2013-3182 Important Denial of Service 3 NA P No None None
Attack Vectors
• Specially crafted ICMP packets
Mitigations
• Microsoft has not identified any
mitigating factors for this
vulnerability
Workarounds
• Microsoft has not identified
any workarounds for this
vulnerability
GBS Security Worldwide Programs
Exploitability Index: 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected | * - Not Rated
DoS Rating: T = Temporary (DoS ends when an attack ceases) | P = Permanent (Administrative action required to recover)
MS13-065
Vulnerability in
ICMPv6 could
allow Denial of
Service
(2868623)
Affected Software: Windows Vista (all editions)
Windows Server 2008 (all editions)
Windows 7 (all editions)
Windows Server 2008 R2 (all editions)
Windows 8 (all editions)
Windows Server 2012 (all editions)
Windows RT (all editions)
Severity : Important
Deployment
Priority
Update
Replacement
More Information
and / or
Known Issues
3 MS13-049 Yes 3
Restart
Requirement
A restart is
required
Uninstall Support
Use Add or Remove
Programs in Control
PanelDetection and Deployment
WU MU MBSA WSUS ITMU SCCM
1. The Microsoft Baseline Security Analyzer
(MBSA) tool does not support Windows 8
or Windows Server 2012
2. Windows RT devices can only be serviced
with Windows and Microsoft Update
3. Windows RT devices require update
2808380 to be installed before WU will
offer this security update
Yes Yes Yes 1 | 2 Yes 2 Yes 2 Yes 2
GBS Security Worldwide Programs
MS13-065
Vulnerability in
ICMPv6 could
allow Denial of
Service
(2868623)
Vulnerability Details:
A denial of service vulnerability exists in the Windows TCP/IP stack that could cause the target system to stop
responding until restarted, if an unauthenticated attacker sends specially crafted ICMPv6 packets to the target
server. The vulnerability is caused when the TCP/IP stack does not properly allocate memory for incoming
ICMPv6 packets.
CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory
CVE-2013-3183 Important Denial of Service 3 3 P No None None
Attack Vectors
• Specially crafted ICMPv6
packets
Mitigations
• Firewall best practices and
standard default firewall
configurations can help protect
networks from attacks that
originate outside the enterprise
perimeter.
Workarounds
• Microsoft has not identified
any workarounds for this
vulnerability
GBS Security Worldwide Programs
Exploitability Index: 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected | * - Not Rated
DoS Rating: T = Temporary (DoS ends when an attack ceases) | P = Permanent (Administrative action required to recover)
MS13-066
Vulnerability in
Active Directory
Federation
Services Could
Allow
Information
Disclosure
(2873872)
Affected Software:
Active Directory Federation Services 1.x
• Windows Server 2003 SP2 (32-bit and 64-
bit editions)
• Windows Server 2008 SP2 (32-bit and 64-
bit editions)
• Windows Server 2008 R2 SP1 (64-bit
editions)
Active Directory Federation Services 2.0
• Windows Server 2008 SP2 (32-bit and 64-
bit editions)
• Windows Server 2008 R2 SP1 (64-bit
editions)
Active Directory Federation Services 2.1 on
Windows Server 2012
Severity : Important
Deployment
Priority
Update
Replacement
More Information
and / or
Known Issues
2 None Yes 1
Restart
Requirement
A restart may be
required
Uninstall Support
Use Add or Remove
Programs in Control
Panel
Detection and Deployment
WU MU MBSA WSUS ITMU SCCM• After you install this security update, you
must edit the Clientlogon.aspx page (ADFS
1.x) or the FormsSignIn.aspx page (ADFS 2.0
and 2.1) to add the text "autocomplete=off"
for the Username and Password text boxes
to manually complete the installation.
• The MBSA does not support Windows
Server 2012
Yes Yes Yes 2 Yes Yes Yes
GBS Security Worldwide Programs
MS13-066
Vulnerability in
Active Directory
Federation
Services Could
Allow
Information
Disclosure
(2873872)
Vulnerability Details:
An information disclosure vulnerability exists in Active Directory Federation Services (AD FS) that could allow
the unintentional disclosure of account information. An attacker who successfully exploited this vulnerability
could reveal information pertaining to the service account used by AD FS. An attacker could then attempt
logons from outside the corporate network, which would result in account lockout of the service account
used by AD FS if an account lockout policy has been configured. This would result in denial of service for all
applications relying on the AD FS instance.
CVE Severity Impact XI Latest XI Legacy XI DoS Public Exploited Advisory
CVE-2013-3185 Important Information Disclosure 3 3 T No None None
Attack Vectors
• Maliciously crafted ADFS
queries through an open
endpoint
Mitigations
• Microsoft has not identified any
mitigating factors for this
vulnerability
Workarounds
• Microsoft has not identified
any workarounds for this
vulnerability
GBS Security Worldwide Programs
Exploitability Index: 1 - Exploit code likely | 2 - Exploit code difficult | 3 - Exploit code unlikely | NA - Not Affected | * - Not Rated
DoS Rating: T = Temporary (DoS ends when an attack ceases) | P = Permanent (Administrative action required to recover)
Security
Bulletin
Rereleases
GBS Security Worldwide Programs
MS13-052 Vulnerabilities in .NET Framework
and Silverlight Could Allow Remote Code
Execution This bulletin has been revised to rerelease the 2840628, 2840632,
2840642, 2844285, 2844286, 2844287, and 2844289 updates
The new updates address a SharePoint and a .NET Framework 4
application issue as described in KB2872441 and KB2872041
Critical
• Customers should
install the rereleased
updates that apply to
their systems
Critical MS13-057 Vulnerability in Windows Media
Format Runtime Could Allow Remote Code
Execution The rereleased update addresses an application compatibility issue in
which WMV encoded video could fail to properly render during playback
Customers who have already installed the original 2803821 update are
protected from CVE-2013-3127. However, customers need to install the
rereleased 2803821 to avoid the playback issues that some customers are
experiencing and that are addressed by the rerelease.
• Windows 7 and
Windows Server
2008 R2 customers
should install the
rereleased updates
that apply to their
systems
New Security
Advisories
GBS Security Worldwide Programs
Security Advisory (2861855)Updates to Improve Remote Desktop Protocol Network-level
Authentication
Microsoft is announcing the availability of updates as part of ongoing efforts to improve Network-
level Authentication in RDP
This update (2861855) applies to all supported editions of Windows Vista, Windows Server 2008,
Windows 7, and Windows Server 2008 R2.
Microsoft will continue to announce additional updates via this advisory, all aimed at bolstering the
effectiveness of security controls in Windows.
Security Advisory (2862973)Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root
Certificate Program
Microsoft is announcing the availability of an update that restricts the use of certificates with MD5
hashes.
Usage of MD5 hash algorithm in certificates could allow an attacker to spoof content, perform
phishing attacks, or man-in-the-middle attacks.
This update (2862973) applies to all supported editions of Windows Vista, Windows Server 2008,
Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT.
Note that the 2862966 update is a prerequisite and must be installed before this update can be installed.
Security
Advisory
Rerelease
GBS Security Worldwide Programs
Security Advisory (2854544)Update to Improve Cryptography and Digital Certificate
Handling in Windows
Microsoft is releasing a new update (2862966) to provide a
framework to help improve management of certificates with
RSA keys that use specific cryptographic algorithms in
Windows
This update does not restrict the use of certificates by itself,
but may be a prerequisite for later updates that do restrict
the use of certificates
Update 2862966 applies
to all supported editions
of
Windows Vista,
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows 8
Windows Server 2012
Windows RT
• Microsoft also released an advisory update (2862973) for all supported editions of Windows
Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows
Server 2012, and Windows RT.
The update restricts the use of certificates with RSA keys that use the MD5 cryptographic
hashing algorithm.
At this time the update is available only from the Download Center for all affected software.
Microsoft recommends that customers download, test and apply the update at the earliest
opportunity.
August 2013
Manageability
Tools
Reference
BulletinWindows
Update
Microsoft
UpdateMBSA WSUS SMS ITMU SCCM
MS13-059 Yes Yes Yes 1 | 2 Yes 2 Yes 2 Yes 2
MS13-060 Yes Yes Yes Yes Yes Yes
MS13-061 No Yes Yes Yes Yes Yes
MS13-062 Yes Yes Yes 1 | 2 Yes 2 Yes 2 Yes 2
MS13-063 Yes Yes Yes 1 Yes Yes Yes
MS13-064 Yes Yes Yes 1 Yes Yes Yes
MS13-065 Yes Yes Yes 1 | 2 Yes 2 Yes 2 Yes 2
MS13-066 Yes Yes Yes 1 Yes Yes Yes
1. The Microsoft Baseline Security Analyzer (MBSA) tool does not support detection on systems running
Windows 8 or Windows Server 2012
2. Windows RT devices can only be serviced with Windows and Microsoft Update and the Microsoft Store
GBS Security Worldwide Programs
Microsoft
Support
Lifecycle
GBS Security Worldwide Programs
Lifecycle Changes
The following product families and service pack levels
are scheduled to have their support lifecycle expire on
August 13th 2013
Product Family• None
Service Pack Level• None
Remember that support for the entire Windows XP product
family will expire on 4/8/2014
http://support.microsoft.com/lifecycle
August 2013
Security
Bulletins
Bulletin Description Severity Priority
MS13-059 Cumulative Security Update for Internet Explorer Critical 1
MS13-060Vulnerability in Unicode Scripts Processor Could Allow Remote Code
ExecutionCritical 1
MS13-061Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code
ExecutionCritical 2
MS13-062Vulnerability in Remote Procedure Call Could Allow Elevation of
PrivilegeImportant 2
MS13-063 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege Important 2
MS13-064 Vulnerability in Windows NAT Driver Could Allow Denial of Service Important 3
MS13-065 Vulnerability in ICMPv6 could allow Denial of Service Important 3
MS13-066Vulnerability in Active Directory Federation Services Could Allow
Information DisclosureImportant 2
GBS Security Worldwide Programs
Links
Públicos
de los
Boletines
de
Seguridad
Español
LATAM
GBS Security Worldwide Programs
Links de los Boletines en Español
• Microsoft Security Bulletin Summary for August 2013-
Resumo
http://technet.microsoft.com/es-
es/security/bulletin/ms13-aug
• Security Bulletin Search/Boletines de Seguradad Busca
http://technet.microsoft.com/es-es/security/bulletin
• Security Advisories/Comunicados de Segurança
http://technet.microsoft.com/es-es/security/advisory
• Microsoft Technical Security Notifications - Notificações
http://technet.microsoft.com/es-
es/security/dd252948.aspx
Blogs
Seguridad de LATAM
• http://blogs.technet.com/b/segurid
ad/
• MSRC Blog
http://blogs.technet.com/msrc
• SRD Team Blog
http://blogs.technet.com/srd
• MMPC Team Blog
http://blogs.technet.com/mmpc
• MSRC Ecosystem Team Blog
http://blogs.technet.com/ecostrat
Supplemental Security Reference Articles
• Detailed Bulletin Information Spreadsheet
http://go.microsoft.com/fwlink/?LinkID=245778
• Security Tools for IT Pros- Herramientas de Seguridad
http://technet.microsoft.com/es-es/security/cc297183
• KB894199 Description of Software Update Services and Windows Server Update Services changes in
content
http://support.microsoft.com/kb/894199
• The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious
software
http://support.microsoft.com/kb/890830
Blog in Spanish
Blog de Segurança: :
http://blogs.technet.com/b/seguridad/
Twitter: LATAMSRC
Webcast Espanõl• Microsoft will host a public webcast to address customer questions on
these bulletins:
Information About Microsoft's Security Bulletins
Thursday, September 12, 2013 9:30-10:00 AM -
Horário Atlántico
28
Public Webcast
September 2013
Spanish Blog &
GBS Security Worldwide Programs
Appendix
GBS Security Worldwide Programs
MSRT ChangesNo new malware families are
being added to the August
tool
• A phased deployment plan is being
used to progressively rollout out
MSRT v5 to the install base while
verifying its quality.
• On July 9th the MSRT will be made
available on the Download Center
and to users who select the tool on
Microsoft Update
• The new version will allow MSRT to
adopt new engine features faster and
with less risk/effort
Additional ToolsMicrosoft Safety Scanner
• Same basic engine as the MSRT, but
with a full set of A/V signatures
Windows Defender Offline
• An offline bootable A/V tool with a
full set of signatures
• Designed to remove rootkits and
other advanced malware that can't
always be detected by antimalware
programs
• Requires you to download an ISO file
and burn a CD, DVD, or USB flash
drive
30
Malicious
Software
Removal Tool
Updates (MSRT)
GBS Security Worldwide Programs
Public
Security
Bulletin
Links
GBS Security Worldwide Programs
Monthly Bulletin Links
• Microsoft Security Bulletin Summary for August 2013
http://technet.microsoft.com/en-us/security/bulletin/ms13-aug
• Security Bulletin Search
http://technet.microsoft.com/en-us/security/bulletin
• Security Advisories
http://technet.microsoft.com/en-us/security/advisory
• Microsoft Technical Security Notifications
http://technet.microsoft.com/en-us/security/dd252948.aspx
Blogs
• MSRC Blog
http://blogs.technet.com/msrc
• SRD Team Blog
http://blogs.technet.com/srd
• MMPC Team Blog
http://blogs.technet.com/mmpc
• MSRC Ecosystem Team Blog
http://blogs.technet.com/ecostrat
Supplemental Security Reference Articles
• Detailed Bulletin Information Spreadsheet
http://go.microsoft.com/fwlink/?LinkID=245778
• Security Tools for IT Pros
http://technet.microsoft.com/en-us/security/cc297183
• KB894199 Description of Software Update Services and Windows Server Update Services changes in
content
http://support.microsoft.com/kb/894199
• The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious
software
http://support.microsoft.com/kb/890830
August 2013
Non- Security
Content(Windows & Office)
Description Classification Deployment
Update for Root Certificates for Windows 7 [August 2013] (KB931125) Update Site, SUS, Catalog
Update for Windows 8 (KB2862768) Critical Update Site, AU, SUS, Catalog
Update for Windows 8 (KB2863058) Update Rollup Site, AU, SUS, Catalog
Update for Windows 8 (KB2856373) Update Rollup Site, AU, SUS, Catalog
Update for Windows 8.1 Preview (KB2875111) Update
(Recommended)Site, AU,, Catalog
Windows Malicious Software Removal Tool for Windows 8 - August (KB890830) Update Rollup Site, AU, SUS, Catalog
Update for Microsoft Office 2007 suites (KB2767849) Critical Update Site, AU, SUS, Catalog
Update for Microsoft Office 2013 (KB2727096) 32-Bit Edition Critical Update Site, AU, SUS, Catalog
Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition Critical Update Site, AU, SUS, Catalog
Update for Microsoft Office Outlook 2007 (KB2768023) Critical Update Site, AU, SUS, Catalog
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) Critical Update Site, AU, SUS, Catalog
Update for Microsoft Office SharePoint Server 2007 (KB2760810) 32-Bit Edition Critical Update Site, AU, SUS, Catalog
Update for Microsoft Outlook 2013 (KB2817629) 32-Bit Edition Critical Update Site, AU, SUS, Catalog
Update for Outlook 2003 Junk E-mail Filter (KB2817666) Critical Update Site, AU, SUS, Catalog
Update for Microsoft Excel 2013 (KB2817425)Update
(Recommended)Site, AU, SUS, Catalog
GBS Security Worldwide Programs
August 2013
Non- Security
Content(Dynamics CRM,
SkyDrive Pro, and
Lync)
Description Classification Deployment
Update for Microsoft Dynamics CRM 2011 for Outlook (KB2855319) Critical Update Site, AU, SUS, Catalog
Update Rollup 12 for Microsoft Dynamics CRM 2011 for Outlook (KB2795627) Update Rollup Site, AU, SUS, Catalog
Update Rollup 13 for Microsoft Dynamics CRM 2011 for Outlook (KB2791312) Update Rollup Site, AU, SUS, Catalog
Update Rollup 14 for Microsoft Dynamics CRM 2011 for Outlook (KB2849744) Update Rollup Site, AU, SUS, Catalog
Update for Microsoft Dynamics CRM 2011 Server (KB2855319) Critical Update Site, AU, SUS, Catalog
Update Rollup 12 for Microsoft Dynamics CRM 2011 Server (KB2795627) Update Rollup Site, AU, SUS, Catalog
Update Rollup 13 for Microsoft Dynamics CRM 2011 Server (KB2791312) Update Rollup Site, AU, SUS, Catalog
Update Rollup 14 for Microsoft Dynamics CRM 2011 Server (KB2849744) Update Rollup Site, AU, SUS, Catalog
Update for Microsoft SkyDrive Pro (KB2817622) 64-Bit Edition Critical Update Site, AU, SUS, Catalog
Update for Microsoft Lync 2013 (KB2817621) 64-Bit Edition Critical Update Site, AU, SUS, Catalog
Update for Lync 2010 Attendant (KB2842632) Update Rollup Site, AU, SUS, Catalog
Update Rollup for Lync 2010 (KB2842627) Update Rollup Site, AU, SUS, Catalog
Update Rollup for Lync Server 2013 (KB2819565) Update Rollup Site, AU, SUS, Catalog
Update Rollup for Lync Server 2010 (KB2860700) Update Rollup Site, AU, SUS, Catalog
Update Rollup for Lync Server 2010 Archiving Server (KB2859580) Update Rollup Site, AU, SUS, Catalog
GBS Security Worldwide Programs