CTComp November 2013 Patch Management Service Content Update

Eight bulletins were released this month – three Critical and five Important – which address 19 unique CVEs in Microsoft Windows, Internet Explorer, and Office. For those who need to prioritize their deployment planning, Microsoft recommends focusing on MS13-090, MS13-088, and MS13-089.

  • MS13-090 addresses a remote code execution issue in an ActiveX control by providing a kill bit for associated ActiveX controls. We are aware of limited attacks that exploit this issue. The code execution occurs at the level of the logged on user, so non-admin users would face less of an impact.
  • MS13-088 resolves ten privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user.
  • MS13-089 addresses one privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views or opens a specially crafted Windows Write file in WordPad. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.

 

Summary Table

MS Bulletin Systems Affected Details public / Being exploited MS Severity Rating Products Affected
MS13-095 WorkstationsServers No/No Important XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
MS13-093 WorkstationsTerminal ServersServers No/No Important XP
Server 2003
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
MS13-089 Workstations
Terminal Servers
Servers
No/No Critical XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
MS13-091 Workstations
Terminal Servers
No/No Important Office 2003
Office 2007
Microsoft Antigen
Office 2010
Office 2013 RT
Office 2013
MS13-088 Workstations
Terminal Servers
No/No Critical Internet Explorer
MS13-092 Workstations
Virtual Servers
No/No Important Server 2008
Windows 8
MS13-094 Workstations
Terminal Servers
Yes/No Important Office 2007
Office 2010
Office 2013 RT
Office 2013
MS13-090 Workstations
Terminal Servers
No/Yes Critical XP
Vista
Windows 7
Windows 8
Windows RT

 


NOVEMBER 15, 2013

Update Report on Patches MS13-088 to MS13-095

  • MS13-088: Deployed via Kaseya and tested successfully for IE 7, 8, 9, 10, 11 on Windows XP, 2003, Vista, 2008, 7, 2008R2, 8, 8.1. You may begin internal testing of this patch.
  • MS13-089: Deployed via Kaseya and tested successfully on Windows XP, 2003, Vista, 2008, 7, 2008R2, 8, 8.1. You may begin internal testing of this patch.
  • MS13-090: Deployed via Kaseya and tested successfully on Windows XP, 2003, Vista, 2008, 7, 2008R2, 8, 8.1. You may begin internal testing of this patch.
  • MS13-091: Deployed via Kaseya and tested successfully on Office 2003, 2007, 2010, 2013. You may begin internal testing of this patch.
  • MS13-092: ** NOT TESTED ** No patch lab or CTComp production machines are currently running Hyper-V. You may begin internal testing of this patch.
  • MS13-093: Deployed via Kaseya and tested successfully on Windows 2008, 7, 2008R2, 8. You may begin internal testing of this patch.
  • MS13-094: Deployed via Kaseya and tested successfully on Outlook 2007, 2010, 2013. You may begin internal testing of this patch.
  • MS13-095: Deployed via Kaseya and tested successfully on Windows XP, 2003, Vista, 2008, 7, 2008R2, 8, 8.1. You may begin internal testing of this patch.