Patch Management Service Content Update from CTCOMP – December 2013

Eleven bulletins were released this month – five Critical and six Important – which address 24 unique CVEs in Microsoft Windows, Internet Explorer, Office, and Exchange. For those who need to prioritize their deployment planning, Microsoft recommends focusing on MS13-096, MS13-097, and MS13-099.

MS13-096 resolves a publicly disclosed vulnerability in Microsoft Windows, Microsoft Office, and Microsoft Lync. The vulnerability could allow remote code execution if a user views content that contains specially crafted TIFF files.

MS13-097 resolves seven privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user.

MS13-099 resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker convinces a user to visit a specially crafted website or a website that hosts specially crafted content. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.

(source: Microsoft Security Response Center)

Summary Table 

MS Bulletin Systems Affected Details public / Being exploited MS Severity Rating Products Affected
MS13-101 Workstations
Terminal Servers
No/No Important XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
MS13-098 Workstations
Terminal Servers
Servers
No/Yes Critical XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
MS13-102 Workstations No/No Important XP
Server 2003
MS13-097 Workstations
Terminal Servers
No/No Critical XP
Vista
Server 2003
Server 2008
Internet Explorer
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
MS13-100 Sharepoint Servers No/No Important SharePoint Server 2010
SharePoint Server 2013
Office 2013 Web Apps
MS13-106 Workstations
Terminal Servers
No/Yes Important Office 2007
Office 2013 RT
Office 2013
MS13-103 Web Servers No/No Important ASP.NET SignalR
Visual Studio TFS 2013
MS13-096 Workstations
Terminal Servers
Servers
No/Yes Critical Vista
Office 2003
Office 2007
Word Viewer
Excel Viewer
Office Compatibility Pack
Server 2008
Office 2010
Lync 2010
Lync 2013
Powerpoint Viewer 2010
MS13-099 Workstations
Terminal Servers
Servers
No/No Critical XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows RT 8.1
MS13-104 Workstations
Terminal Servers
No/Yes Important Office 2013 RT
Office 2013
MS13-105 Exchange Servers No/No Critical Exchange 2007
Exchange 2010
Exchange 2013

 

DECEMBER 18, 2013

Update Report on Patches MS13-096 to MS13-106

MS13-096: Deployed via Kaseya and tested successfully on Office 2003, 2007, 2010; Lync 2013; Windows Vista, 2008. You may begin internal testing of this patch.

MS13-097: Deployed via Kaseya and tested successfully on IE 7, 8, 9, 10, 11; Windows XP, 2003, Vista, 2008, 7, 2008R2, 8, 8.1. You may begin internal testing of this patch.

MS13-098: Deployed via Kaseya and tested successfully on Windows XP, 2003, Vista, 2008, 7, 2008R2, 8, 8.1. You may begin internal testing of this patch.

MS13-099: Deployed via Kaseya and tested successfully on Windows XP, 2003, Vista, 2008, 7, 2008R2, 8, 8.1. You may begin internal testing of this patch.

MS13-100: ** NOT TESTED ** No patch lab or CCS production machines are currently running the specific SharePoint components that are affected. You may begin internal testing of this patch.

MS13-101: Deployed via Kaseya and tested successfully on Windows XP, 2003, Vista, 2008, 7, 2008R2, 8, 8.1. You may begin internal testing of this patch.

MS13-102: Deployed via Kaseya and tested successfully on Windows XP, 2003. You may begin internal testing of this patch.

MS13-103: ** NOT TESTED ** No patch lab or CCS production machines are currently running ASP.NET SignalR. You may begin internal testing of this patch.

MS13-104: Deployed via Kaseya and tested successfully on Office 2013. You may begin internal testing of this patch.

MS13-105: Deployed via Kaseya and tested successfully on Exchange 2007, 2010. You may begin internal testing of this patch.

MS13-106: Deployed via Kaseya and tested successfully on Office 2007, 2010. You may begin internal testing of this patch.