September 2013 Security Bulletin Webcast Q&A
Hosts: Jonathan Ness, Security Development Manager
Dustin Childs, Group Manager, Response Communications
Chat Topic: September 2013 Security Bulletin Release Date: Wednesday, September 11, 2013
Q: Are EMET mitigations effective workarounds for any of the September Security Bulletins?
A: Although we have not seen any active attacks against any of the issues released in September, EMET is typically effective against exploitation of memory corruption vulnerabilities. Specifically, the issues addressed by the IE bulletin are the type of issues EMET is designed to prevent an attacker from reaching. EMET itself is not a mitigation to a specific vulnerability. Instead, it is a defensive tool we recommend as part of an overall defensive strategy to help prevent the active exploitation of both known and unknown vulnerabilities.
Q: Will there be an update to MS13-063 from the August Security Bulletin Release that is causing blue screens?
A: Some users may experience issues with certain programs after they install security update 2859537. In some cases the programs may not successfully start. We are also aware of limited reports that certain users may encounter difficulties restarting their computers after applying this security update. Microsoft is researching this problem and will post more information in KB Article 2859537 when the information becomes available.
Q: There seem to be some issues with the Office updates from MS13-067, MS13-072, MS13-073, and MS13-074. After installation, they keep being offered. Are there any known issues with these or other updates?
A: We are aware of issues in the detection logic that causes these updates to appear as needed after installation. This issue is in the detection logic of the update only. The updates themselves do address the issues described in their associated bulletins. These issues have been resolved through revised updates released on September 13, 2013. These are detection changes only. There were no changes to the update files. Customers who have successfully installed the updates do not need to take any action.
Q: Can you address exactly what versions of SharePoint are vulnerable to MS13-067? SUS/SCCM reporting don't seem to line up with what's listed in the 'vulnerable' section of the bulletin.
A: All supported versions of Microsoft SharePoint Server, except Office Services on Microsoft SharePoint Server 2013 and Microsoft Web Apps on Microsoft SharePoint Server 2013, are affected by this issue.
Q: With respect to MS13-067 for Microsoft SharePoint Server - MAC Disabled Vulnerability: can you give more detail around how the vulnerability is exploited? Would these be limited to publishing sites with workflow?
A: We cannot provide any further details on the cause of the RCE in CVE-2013-1330 MAC.
Q: I did not see running PSConfig or the Config wizard mentioned in the install instructions for MS13-067. Can you please confirm if PSConfig is required or not? Will these updates increment the SharePoint build numbers?
A: When updated, the binaries on the machine will be updated however the running binaries and databases will not be. In order to complete the upgrade, PSConfig must be triggered after installing the updates.
Q: Regarding MS13-067, what are the expected build numbers for updated SharePoint Servers with (Get-SPFarm).BuildVersion?
A: The 14 version build numbers are 14.0.7106.5000 and 14.0.7106.5001. The 15 version build numbers are 15.0.4535.1000, 15.0.4535.1002, and 15.0.4535.1003.
Q: Are any of the SharePoint related updates (MS13-067) included in recent CUs?
A: The updates addressed by MS13-067 will appear in a future cumulative update for SharePoint services.
Q: Has it been determined if the SharePoint related vulnerabilities (MS13-067) will be included in the October 2013 Cumulative Updates?
A: If the CU includes the SharePoint packages then the fixes will be included.
Q: After installing the update from MS13-068, we have had some systems getting a warning that the .ost file is being used by another application. We have Outlook 2010 and Lync 2010 installed and have found that if we exit Lync that the .ost file is available and Outlook will then open. Is this a known issue?
A: This is not a known issue. We will investigate.
Q: With respect to MS13-068, are there any concerns if we are using Office 365?
A: Office365 is not impacted. MS13-068 addresses a vulnerability in the client software, it is not a server-side vulnerability, and only customers using affected versions of Microsoft Outlook installed on a user's computer should apply MS13-068.
Q: Does MS13-075 include language packs for Traditional Chinese and Simplified Chinese?
A: Traditional IME is not affected by this issue.
Q: For MS13-075 regarding Microsoft Pinyin IME for Simplified Chinese, is it normal to only be able to download this in SCCM with the language option set to Chinese? SCCM fails to download this update in English/French, which our OS and Office versions installations are. Is this update specific to Chinese versions of Office only or would an English Version of Office with the Chinese language pack installed require this as well?
A: This update only applies to Microsoft Pinyin IME 2010. This input method editor is installed with Chinese versions of Microsoft Office 2010 by default and is also available as an optional component in English and other language versions of Microsoft office 2010. If a customer only has French/English versions of Office without this optional component, the update will not be offered.
Q: Did the MSRC discontinue the Update Tuesday summary and deployment priority videos? I didn’t see it on the website this month.
A: Typically on Update Tuesday the MSRC blog includes a brief overview video highlighting this month’s release, but due to technical difficulties we have not been able to include it yet. A copy of the overview video for this month’s security bulletin release can be viewed here.