August 2013 Security Bulletin Webcast Q&A
Hosts: Jonathan Ness, Security Development Manager
Dustin Childs, Group Manager, Response Communications
Chat Topic: August 2013 Security Bulletin Release Date: Wednesday, August 14, 2013
Q: Relative to identifying missing security updates, does MBSA and WSUS produce identical results?
A: Yes, they have the ability to produce the same results/reports around security patching.
Q: In the July 2013 MSRT, many of my XP, 2003 and Windows 7 systems were offered and run twice. Was this detection error known and fixed for the August 2013 MSRT?
A: Please follow the deployment instructions and FAQs related to MSRT: http://support.microsoft.com/kb/891716.
Q: According to this Microsoft support page, Exchange 2003 SP2 has an end of life the same date as Windows XP (04/08/2014). Can you please confirm the end of life date for Exchange 2003 SP2?
A: Microsoft Exchange 2003 SP2 goes into Custom Support on 4/8/2014
Q: Regarding MS13-061, if the Exchange server does get exploited, what is the worst that could happen? Will there be service interruption?
A: An attacker who successfully exploited these vulnerabilities could run arbitrary code as LocalService on the affected Exchange server. An attacker could then install programs; view, change, or delete data; or take any other action that the server process has access to do.
Q: For MS13-063, are 64BIT for all supported operating systems not affected?
A: The kernel fix for VDM addresses issues associated with execution of 16bit applications. This functionality is only available on 32bit Windows systems, therefore, 64bit systems are unaffected by these issues. The Security Feature Bypass issue also addressed by MS13-063 does affect all OS versions, including 64 bit.
Q: The page for Security update 2862772 packages for Windows XP and for Windows Server 2003 includes Internet Explorer hotfix files and general distribution release (GDR) files, but there's no details of these hotfixes. Does this update have hotfixes? If so, where are they documented?
A: KB2862772 packages for Windows XP and Windows Server 2003 have no new hotfixes added comparing to MS13-055(last month). But KB2862772 is a Cumulative security update which contains the hotfixes and security fixes previously released. If a user has installed a hotfix and has not been updating the machines for a long time, the machine of the user will get KB2862772 which contains the previously released Hotfixes.
Q: If I am not using IPv6 am I vulnerable to MS13-065?
A: If IPv6 is enabled on a computer, then the machine will be vulnerable; we recommend keeping IPv6 enabled. As always, we recommend that the update be applied to applicable machines.
Q: What is the difference when you guys say the affected component is Windows server as opposed to Windows kernel?
A: When we service the Windows Kernel we are updating a component of our operating system offerings. Windows kernel is a component of Windows Server operating systems. At times it is necessary for us to service additional components, including drivers and services, on which Windows Server and client operating systems are built.
Q: In regards to MS13-062, we have changed the returning ports from the default range in our environment for end point mapper communications. Is this vulnerability still exploitable?
A: An attacker would need to know the new RPC ports, but this is discoverable remotely via a port scan. There is potentially still at risk to MS13-062, so we continue to encourage you apply the update.
Q: Will Security Advisory 2854544 affect the SCCM agents reporting back to the server?
A: No Microsoft products are affected by the update.
Q: I read that MS13-061 has been temporarily suspended due to an issue. Are you aware of a timeline as to when this will be available again?
A: We are aware that Microsoft Exchange Server 2013 customers are experiencing difficulties with search functionality after applying a recent Microsoft security update. Microsoft is working to quickly resolve the issue. For more information and the current workarounds, please visit the Microsoft Exchange blog.
Q: If you have already applied MS13-052 and MS13-057 will a detection tool report that they need to be updated with the re-issue?
A: MS13-052 and MS13-057 v2 updates will need to be reinstalled even if you have original v1 release installed. The WU detection will offer applicable v2 updates for installation.
Q: We noticed that there is no security updates for IE Flash Player for Window 8 and Windows Server 2010 this month. Are you going to release this?
A: There are no updates for Adobe Flash Player in Internet Explorer this month.
Q: Which component that is not present on 64-bit Windows is affected by the vulnerability described on MS13-063? Also, what is the name of the resource that is not available on 64-bit Windows?
A: The ASLR-related components that were fixed (CVE-2013-2556) apply to 64 bit systems. The NTVDM-related components (CVE-2013-3196, CVE-2013-3197, and CVE-2013-3198) apply to 32 bit systems and are not applicable to 64 bit systems.