Home > Microsoft Security > Microsoft Security Bulletin Summary For May 2013

Microsoft Security Bulletin Summary For May 2013

Updates from Past Months for Windows Server Update Services. The LocalService account has minimum privileges on the local system and presents anonymous credentials on the network. See also other software categories under this section, Affected Software and Download Locations, for more update files under the same bulletin identifier. Other Information Microsoft Windows Malicious Software Removal Tool For the bulletin release that occurs on the second Tuesday of each month, Microsoft has released an updated version of the Microsoft Windows Check This Out

The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Updates for consumer platforms are available from Microsoft Update. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Important Information DisclosureMay require restartMicrosoft Office MS13-045 Vulnerability in Windows Essentials Could Allow Information Disclosure (2813707)   This security update resolves a privately reported vulnerability in Windows Essentials. These vulnerabilities could allow remote code execution if an authenticated attacker sends specially crafted page content to a SharePoint server. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

Important Remote Code Execution May require restart Microsoft SharePoint MS13-101 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2880430) This security update resolves five privately reported vulnerabilities in Microsoft Windows. This issue was privately disclosed and we have not detected any attacks or customer impact.http://blogs.technet.com/b/msrc/archive/2013/05/13/microsoft-customer-protections-for-may-2013.aspx Discussion is locked Flag Permalink You are posting a reply to: Microsoft Security Bulletin Summary for Important Information DisclosureMay require restartMicrosoft Office MS13-026 Vulnerability in Microsoft Office for Mac Could Allow Information Disclosure (2813682)   This security update resolves one privately reported vulnerability in Microsoft Office for Mac. Microsoft Baseline Security Analyzer The Microsoft Baseline Security Analyzer (MBSA) allows administrators to scan local and remote systems for missing security updates as well as common security misconfigurations.

Revisions V1.0 (May 14, 2013): Bulletin Summary published. IT Pro Security Community Learn to improve security and optimize your IT infrastructure, and participate with other IT Pros on security topics in IT Pro Security Community. Microsoft Customer Support Microsoft Community Forums United States (English) Sign in Security TechCenter Home Security Updates Tools Learn Library Support We’re sorry. https://technet.microsoft.com/en-us/library/security/ms13-dec.aspx For more information about what these ratings mean, and how they are determined, please see Microsoft Exploitability Index.

The Microsoft Update Catalog provides a searchable catalog of content made available through Windows Update and Microsoft Update, including security updates, drivers and service packs. This guidance contains recommendations and information that can help IT professionals understand how to use various tools for detection and deployment of security updates. For more information, see the MSDN article, Installing the .NET Framework. Microsoft is hosting a webcast to address customer questions on these bulletins on June 12, 2013, at 11:00 AM Pacific Time (US & Canada).

Critical Remote Code ExecutionRequires restartMicrosoft Windows, Internet Explorer MS13-060 Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2850869) This security update resolves a privately reported vulnerability in the Unicode Scripts https://technet.microsoft.com/en-us/library/security/ms13-apr.aspx Administrators can use the Elevated Rights Deployment Tool (available in the SMS 2003 Administration Feature Pack) to install these updates. This bulletin spans more than one software category.   Microsoft Security Software Antimalware Software Bulletin Identifier MS13-034 Aggregate Severity Rating Important Windows Defender for Windows 8 and Windows RTWindows Defender for For more information, see Microsoft Knowledge Base Article 913086.

An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. his comment is here Includes all Windows content. See other tables in this section for additional affected software. Security updates are also available at the Microsoft Download Center.

  • An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
  • The security update addresses the vulnerabilities by modifying the way that Internet Explorer authorizes script access to data and handles objects in memory.
  • Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion
  • The security update addresses the vulnerabilities by correcting how Microsoft Publisher parses specially crafted Publisher files.
  • With System Center Configuration Manager, IT administrators can deliver updates of Microsoft products to a variety of devices including desktops, laptops, servers, and mobile devices.
  • Bulletin Information Executive Summaries The following table summarizes the security bulletins for this month in order of severity.
  • Windows Server Update Services By using Windows Server Update Services (WSUS), administrators can quickly and reliably deploy the latest critical updates and security updates for Microsoft Windows 2000 operating systems and
  • An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.

Non-Security Updates on MU, WU, and WSUS For information about non-security releases on Windows Update and Microsoft Update, please see: Microsoft Knowledge Base Article 894199: Description of Software Update Services and You can find them most easily by doing a keyword search for "security update." For customers of Microsoft Office for Mac, Microsoft AutoUpdate for Mac can help keep your Microsoft software Important Elevation of PrivilegeMay require restartMicrosoft Office, Microsoft Server Software MS13-036 Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege (2829996) This security update resolves three privately reported vulnerabilities and one publicly disclosed this contact form The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

V4.0 (June 25, 2013): For MS13-029, revised bulletin to rerelease the 2813347 update for Remote Desktop Connection 7.0 Client on Windows XP Service Pack 3. For more information about how to deploy this security update using Windows Server Update Services, visit Windows Server Update Services. Displays all new, revised, and rereleased updates for Microsoft products other than Microsoft Windows.

Microsoft is hosting a webcast to address customer questions on these bulletins on December 11, 2013, at 11:00 AM Pacific Time (US & Canada).

Important Denial of ServiceRequires restart Microsoft Windows MS13-033 Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2820917)   This security update resolves a privately reported vulnerability in all This is an informational change only. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. For details on affected software, see the next section, Affected Software.

You’ll be auto redirected in 1 second. By using SMS, administrators can identify Windows-based systems that require security updates and to perform controlled deployment of these updates throughout the enterprise with minimal disruption to end users. Displays all new, revised, and rereleased updates for Microsoft products other than Microsoft Windows. navigate here Bulletin IDBulletin Title and Executive SummaryMaximum Severity Rating and Vulnerability ImpactRestart RequirementAffected Software MS13-047 Cumulative Security Update for Internet Explorer ( 2838727 )   This security update resolves nineteen privately reported

Other versions are past their support life cycle. Critical Remote Code ExecutionRequires restartMicrosoft Windows, Internet Explorer MS13-022 Vulnerability in Silverlight Could Allow Remote Code Execution (2814124) This security update resolves a privately reported vulnerability in Microsoft Silverlight. See the bulletin for more information. Bulletin IDBulletin Title and Executive SummaryMaximum Severity Rating and Vulnerability ImpactRestart RequirementAffected Software MS13-021 Cumulative Security Update for Internet Explorer (2809289)   This security update resolves eight privately reported vulnerabilities and

Use this table to learn about the likelihood of code execution and denial of service exploits within 30 days of security bulletin release, for each of the security updates that you Yes No Additional feedback? 1500 characters remaining Submit Skip this Thank you! Includes all Windows content. How do I use this table?

This can trigger incompatibilities and increase the time it takes to deploy security updates. Security solutions for IT professionals: TechNet Security Troubleshooting and Support Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center Local support according to Use these tables to learn about the security updates that you may need to install. The attacker would need to be able to satisfy the SharePoint site's authentication requests to exploit this vulnerability.

You can obtain the security updates offered this month on Windows Update, from Download Center on Security and Critical Releases ISO CD Image files. This issue was publicly disclosed and there are limited known targeted attacks. You can find them most easily by doing a keyword search for "security update". Sorry, there was a problem flagging this post.

This guidance contains recommendations and information that can help IT professionals understand how to use various tools for detection and deployment of security updates.