Patch Tuesday Wednesday (Dec-2013)

This month Microsoft have released eleven (11) security bulletins of which five (5) have a maximum rating of Critical, and six (6) have a maximum rating of Important.

This month, we have 11 security bulletins, 5 Critical and 6 Important in severity, addressing 24 unique CVEs in Microsoft Windows, Internet Explorer, Office and Exchange. For those who need to prioritize deployment planning we recommend focusing on MS13-096, MS13-097, and MS13-099. [1]

Bulletin KB number Description Impact / Severity Software
MS13-096 2908005 Vulnerability in Microsoft Graphics Component Could allow Remote Code Execution Critical :
Remote Code Execution
Microsoft Windows, Microsoft Office, Microsoft Lync
MS13-097 2898785 Cumulative Security Update for Internet Explorer Critical :
Remote Code Execution
Microsoft Windows, Internet Explorer
MS13-098 2893294 Vulnerability in Windows Could Allow Remote Code Execution Critical :
Remote Code Execution
Microsoft Windows
MS13-099 2909158 Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution Critical :
Remote Code Execution
Microsoft Windows
MS13-100 2904244 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution Important :
Remote Code Execution
Microsoft SharePoint
MS13-101 2880430 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege Important :
Elevation of Privilege
Microsoft Windows
MS13-102 2898715 Vulnerability in LRPC Client Could Allow Elevation of Privilege Important :
Elevation of Privilege
Microsoft Windows
MS13-103 2905244 Vulnerability in ASP.NET SignalR Could Allow Elevation of Privilege Important :
Elevation of Privilege
Microsoft Developer Tools
MS13-104 2909976 Vulnerability in Microsoft Office Could Allow Information Disclosure Important :
Information Disclosure
Microsoft Office
MS13-105 2915705 Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution Critical :
Remote Code Execution
Microsoft Exchange
MS13-106 2905238 Vulnerability in a Microsoft Office Shared Component Could Allow Security Feature Bypass Important :
Security Feature Bypass
Microsoft Office

PATCH NOW:
* MS13-096 – Known Exploits
* MS13-098 – Known Exploits (targeted attacks).

UPDATE 2013-Dec-13
Microsoft has REVISED Security Advisory 2916652 “Improperly Issued Digital Certificates Could Allow Spoofing” to announce the release of the Windows XP and Windows 2003 update that was not previously available.

Advertisements
This entry was posted in microsoft, patch, Patch_Tuesday, security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s