Microsoft Security Updates For May 2013
This documentation is archived and is not being maintained. Review each of the assessments below, in accordance with your specific configuration, to prioritize your deployment of this month's updates. Review the whole column for each bulletin identifier that is listed to verify the updates that you have to install, based on the programs or components that you have installed on Non-Security Updates on MU, WU, and WSUS For information about non-security releases on Windows Update and Microsoft Update, please see: Microsoft Knowledge Base Article 894199: Description of Software Update Services and Check This Out
Microsoft is hosting a webcast to address customer questions on these bulletins on April 10, 2013, at 11:00 AM Pacific Time (US & Canada). V2.1 (May 25, 2016): For MS16-065, added a Known Issue to the Executive Summaries table. The Software Update Management in System Center Configuration Manager is built on Microsoft Windows Software Update Services (WSUS), a time-tested update infrastructure that is familiar to IT administrators worldwide. Bulletin Information Executive Summaries The following table summarizes the security bulletins for this month in order of severity.
Important 3 No direct code execution. MS13-042(Publisher) Victim opens malicious .PUB file Important 1 Likely to see reliable exploits developed for denial-of-service within next 30 days. 11 CVE’s affecting primarily Publisher 2003. After this date, this webcast is available on-demand. Some security updates require administrative rights following a restart of the system.
- Important Denial of ServiceRequires restart Microsoft Windows MS13-033 Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2820917) This security update resolves a privately reported vulnerability in all
- Yes No Additional feedback? 1500 characters remaining Submit Skip this Thank you!
- Bulletin IDVulnerability TitleCVE IDExploitability Assessment for Latest Software ReleaseExploitability Assessment for Older Software ReleaseDenial of Service Exploitability AssessmentKey Notes MS13-047 Internet Explorer Memory Corruption Vulnerability CVE-2013-3110 Not affected 1 - Exploit
- Administrators can use the inventory capabilities of SMS in these cases to target updates to specific systems.
- TheMicrosoft Security Bulletin Advance Notification Serviceoffers details about security updates approximately three business days before they are released.
- Updates for consumer platforms are available from Microsoft Update.
An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle. Page generated 2016-05-25 12:52-07:00.
The vulnerability could allow remote code execution if an authenticated attacker makes malformed Remote Procedure Call (RPC) requests to an affected host. V1.2 (May 13, 2016): For MS16-067, Bulletin Summary revised to change the vulnerability severity rating for Windows 8.1 and Windows RT 8.1 to Not applicable, because these operating systems are not Includes all Windows content. https://technet.microsoft.com/en-us/library/security/ms13-jun.aspx Cisco SecurityIntelligence Operations Event Intelligence The following table identifies Cisco Security Intelligence Operations content and Cisco mitigation information that is associated with this Microsoft release: Microsoft Security Bulletin Cisco IntelliShield Alert
For more information see the TechNet Update Management Center. This bulletin spans more than one software category. Microsoft Security Software Antimalware Software Bulletin Identifier MS13-034 Aggregate Severity Rating Important Windows Defender for Windows 8 and Windows RTWindows Defender for For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications. See bulletin for details.
The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. For more information about what these ratings mean, and how they are determined, please see Microsoft Exploitability Index. You should review each software program or component listed to see whether any security updates pertain to your installation. Updates for consumer platforms are available from Microsoft Update.
The Application Compatibility Toolkit (ACT) contains the necessary tools and documentation to evaluate and mitigate application compatibility issues before deploying Windows Vista, a Windows Update, a Microsoft Security Update, or a his comment is here An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. For more information, see Microsoft Knowledge Base Article 913086. This is an informational change only.
For more information about what these ratings mean, and how they are determined, please see Microsoft Exploitability Index. For information about SMS, visit the Microsoft Systems Management Server TechCenter. MS13-043(Word 2003) Victim opens malicious .doc file Important 2 Difficult to build reliable exploit code for this vulnerability. this contact form An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.
For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification. Revisions V1.0 (May 10, 2016): Bulletin Summary published. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
You can streamline testing and validating Windows updates against installed applications with the Update Compatibility Evaluator components included with Application Compatibility Toolkit. You can find them most easily by doing a keyword search for "security update". In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation See other tables in this section for additional affected software.
Administrators can use the inventory capabilities of SMS in these cases to target updates to specific systems. MS13-031 Kernel Race Condition Vulnerability CVE-2013-1284 2 - Exploit code would be difficult to buildNot affectedPermanent(None) MS13-031 Kernel Race Condition Vulnerability CVE-2013-1294 2 - Exploit code would be difficult to build Advanced Notification includes information about: The number of new security updates being released The software affected Severity levels of vulnerabilities Information about any detection tools relevant to the updates Sign up navigate here The next release of SMS, System Center Configuration Manager, is now available; see the earlier section, System Center Configuration Manager.
Revisions V1.0 (June 11, 2013): Bulletin Summary published. Bulletin IDVulnerability TitleCVE IDExploitability Assessment for Latest Software ReleaseExploitability Assessment for Older Software ReleaseDenial of Service Exploitability AssessmentKey Notes MS13-028 Internet Explorer Use After Free Vulnerability CVE-2013-1303 2 - Exploit code For more information about MBSA, see Microsoft Baseline Security Analyzer. Microsoft Baseline Security Analyzer The Microsoft Baseline Security Analyzer (MBSA) allows administrators to scan local and remote systems for missing security updates as well as common security misconfigurations.
This documentation is archived and is not being maintained. You can obtain the security updates offered this month on Windows Update, from Download Center on Security and Critical Releases ISO CD Image files. Review the whole column for each bulletin identifier that is listed to verify the updates that you have to install, based on the programs or components that you have installed on On Tuesday,May 14 at approximately 10 AM Pacific Time Microsoft will release 10 bulletins.
The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.