Patch Management Service Content Update from CTCOMP – October 2013

Eight bulletins were released this month – four Critical and four Important – which address 25 unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight. For those who need to prioritize their deployment planning, Microsoft recommends focusing on MS13-080, MS13-081, and MS13-083.

 

MS13-080 resolves 9 issues in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer, as described in Microsoft Security Advisory 2887505. An attacker who successfully exploited these vulnerabilities could gain the same rights as the current user running Internet Explorer.

 

MS13-081 resolves 7 issues in Microsoft Windows. The most severe vulnerability could allow remote code execution if a user views a malicious webpage with specially crafted OpenType fonts. This release also addresses vulnerabilities that could allow elevation of privilege if an attacker gains access to a system; in some cases physical access to a USB port is required.

 

MS13-083 resolves one issue in Microsoft Windows. The vulnerability could allow remote code execution if an affected system is accessible via an ASP.NET web application and can receive a specifically crafted request. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.

(source: Microsoft Security Response Center)

 

Summary Table

 

MS   Bulletin Systems Affected Details public / Being exploited MS Severity Rating Products Affected
MS13-083 Web Servers No/No Critical Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
MS13-081 Workstations
Terminal Servers
No/No Critical XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
MS13-082 Workstations
Servers
Yes/No Critical XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
MS13-080 Workstations
Terminal Servers
Yes/Yes Critical XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Windows 8
Server 2012
Windows RT
MS13-085 Workstations
Terminal Servers
No/No Important Office 2007
Excel Viewer
Office Compatibility Pack
Office 2010
Office 2011 for MAC
Office 2013 RT
Office 2013
MS13-086 Workstations
Terminal Servers
No/No Important Office 2003
Office 2007
Office Compatibility Pack
MS13-084 Workstations
Terminal Servers
No/No Important SharePoint Server 2007
Web Apps
SharePoint Server 2010
SharePoint Server 2013
MS13-087 Workstations
Terminal Servers
No/No Important Silverlight 5

 

 

OCTOBER 16, 2013

Update Report on Patches MS13-080 to MS13-087

 

MS13-080: Deployed via Kaseya and tested successfully for IE 7, 8, 9, 10 on Windows XP, 2003, Vista, 2008, 7, 2008R2, 8. You may begin internal testing of this patch.

MS13-081: Deployed via Kaseya and tested successfully on Windows XP, 2003, Vista, 2008, 7, 2008R2, 8. You may begin internal testing of this patch.

MS13-082: Deployed via Kaseya and tested successfully on Windows XP, 2003, Vista, 2008, 7, 2008R2, 8. You may begin internal testing of this patch.

MS13-083: Deployed via Kaseya and tested successfully on Windows 2003, Vista, 2008, 7, 2008R2, 8. You may begin internal testing of this patch.

MS13-084: ** NOT TESTED ** No patch lab or CCS production machines are currently running the specific SharePoint components affected by this vulnerability. You may begin internal testing of this patch.

MS13-085: Deployed via Kaseya and tested successfully on Office 2010, 2013.

MS13-086: Deployed via Kaseya and tested successfully on Office 2003, 2007.

MS13-087: Deployed via Kaseya and tested successfully for Silverlight on Windows XP, 2003, Vista, 2008, 7, 2008R2, 8. You may begin internal testing of this patch.