3823_7103_securitybulletin_thumb_32407BF9_thumb_12CC8186

This month is the 10th anniversary of security bulletins or as they are more commonly known as “Patch Tuesday’s!  This month we have 8 bulletins you need to consider for your environment.  Check out the table below for all the details.

Bulletin ID Bulletin Title and Executive Summary Maximum Severity Rating and Vulnerability Impact Restart Requirement Affected Software
MS13-080 Cumulative Security Update for Internet Explorer (2879017)

This security update resolves one publicly disclosed vulnerability and nine privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Critical 
Remote Code Execution
Requires restart Microsoft Windows,
Internet Explorer
MS13-081 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008)

This security update resolves seven privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if a user views shared content that embeds OpenType or TrueType font files. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system.
Critical 
Remote Code Execution
Requires restart Microsoft Windows
MS13-082 Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2878890)

This security update resolves two privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft .NET Framework. The most severe of the vulnerabilities could allow remote code execution if a user visits a website containing a specially crafted OpenType font (OTF) file using a browser capable of instantiating XBAP applications.
Critical 
Remote Code Execution
May require restart Microsoft Windows,
Microsoft .NET Framework
MS13-083 Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2864058)

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a specially crafted web request to an ASP.NET web application running on an affected system. An attacker could exploit this vulnerability without authentication to run arbitrary code.
Critical 
Remote Code Execution
Requires restart Microsoft Windows
MS13-084 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2885089)

This security update resolves two privately reported vulnerabilities in Microsoft Office server software. The most severe vulnerability could allow remote code execution if a user opens a specially crafted Office file in an affected version of Microsoft SharePoint Server, Microsoft Office Services, or Web Apps.
Important 
Remote Code Execution
May require restart Microsoft Office,
Microsoft Server Software
MS13-085 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080)

This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file with an affected version of Microsoft Excel or other affected Microsoft Office software. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Important 
Remote Code Execution
May require restart Microsoft Office
MS13-086 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2885084)

This security update resolves two privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Word or other affected Microsoft Office software. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Important 
Remote Code Execution
May require restart Microsoft Office
MS13-087 Vulnerability in Silverlight Could Allow Information Disclosure (2890788)

This security update resolves a privately reported vulnerability in Microsoft Silverlight. The vulnerability could allow information disclosure if an attacker hosts a website that contains a specially crafted Silverlight application that could exploit this vulnerability and then convinces a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. Such websites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit a website. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or in an Instant Messenger message that takes them to the attacker's website. It could also be possible to display specially crafted web content by using banner advertisements or by using other methods to deliver web content to affected systems.
Important 
Information Disclosure
Does not require restart Microsoft Silverlight

Jeffa

Technorati Tags: ,,