CTComp September 2013 Patch Management Service Content Update

Thirteen bulletins have been released this month: four Critical-class and nine Important-class, addressing 47 vulnerabilities in Internet Explorer, Microsoft Windows, Office, and SharePoint. For those who need to prioritize deployment, Microsoft recommends focusing on MS13-067, MS13-068, and MS13-069 first.

  • MS13-068 resolves a vulnerability in Microsoft Outlook which could allow remote code execution if a user views or previews an email carrying a specially crafted S/MIME certificate.
  • MS13-069 resolves 10  issues in Internet Explorer that could allow an attacker to execute arbitrary code in the context of the current user if the user were to visit a specially crafted website.
  • MS13-067 addresses 10 issues, but only CVE-2013-1330 is Critical. With this vulnerability, an attacker could send specially crafted content to an affected server. After a failure to properly validate the input, the attacker could then execute code on the system in the context of the W3WP service account.

Summary Table:

Bulletin System Affected Details public / Being exploited Severity Rating Products Affected
MS13-0732588300 Workstations Terminal Servers No/No Important Office 2003 Office 2007 Excel Viewer Office Compatibility Pack Office 2010 Office 2011 for MAC Office 2013
MS13-0682756473 Workstations Terminal Servers No/No Critical Office 2007 Office 2010
MS13-0782825621 Workstations Servers No/No Important FrontPage 2003
MS13-0672834052 Workstations Terminal Servers Sharepoint Servers Yes/No Critical SharePoint Services 3.0 SharePoint Server 2007 SharePoint Services 2.0 SharePoint Server 2010 SharePoint Server 2013
MS13-072 2845537 Workstations Terminal Servers No/No Important Office 2003 Office 2007 Word Viewer Office Compatibility Pack Office 2010
MS13-0742848637 Workstations Terminal Servers No/No Important Office 2007 Office 2010 Office 2013
MS13-0792853587 Servers Domain Controllers No/No Important Vista Server 2008 Server 2008 R2 Windows 7 Windows 8 Server 2012
MS13-0712864063 Workstations No/No Important XP Vista Server 2003 Windows 8
MS13-0692870699 Workstations Terminal Servers No/No Critical XP Vista Server 2003 Server 2008 Server 2008 R2 Windows 7 Windows 8 Server 2012 Windows RT
MS13-0772872339 Workstations Terminal Servers No/No Important Server 2008 R2 Windows 7
MS13-0702876217 Workstations Servers No/No Critical XP Server 2003
MS13-076 2876315 Workstations Terminal Servers No/No Important XP Vista Server 2003 Server 2008 Server 2008 R2 Windows 7 Windows 8 Server 2012 Windows RT
MS13-0752878687 Workstations Terminal Servers No/No Important Office 2010

MS13-067 to MS13-079 Patch Update Report– Sept. 17, 2013

  • MS13-067: Deployed via Kaseya and tested successfully on SharePoint Server 2010, 2013. You may begin internal testing of this patch.
  • MS13-068: Deployed via Kaseya and tested successfully on Office 2007, 2010. You may begin internal testing of this patch.
  • MS13-069: Deployed via Kaseya and tested successfully on IE 8, 9, 10. You may begin internal testing of this patch.
  • MS13-070: Deployed via Kaseya and tested successfully on Windows XP, 2003. You may begin internal testing of this patch.
  • MS13-071: Deployed via Kaseya and tested successfully on Windows XP, 2003, 2008. You may begin internal testing of this patch.
  • MS13-072: Deployed via Kaseya and tested successfully on Office 2007, 2010. You may begin internal testing of this patch.
  • MS13-073: Deployed via Kaseya and tested successfully on Office 2007, 2010, 2013. You may begin internal testing of this patch.
  • MS13-074: Deployed via Kaseya and tested successfully on Office 2007, 2010, 2013. You may begin internal testing of this patch.
  • MS13-075: ** NOT TESTED ** No patch lab or CCS production machines are currently running the Microsoft Pinyin IME implementation of Office 2010. You may begin internal testing of this patch.
  • MS13-076: Deployed via Kaseya and tested successfully on Windows XP, 7, 8, 2003, 2008, 2008R2. You may begin internal testing of this patch.
  • MS13-077: Deployed via Kaseya and tested successfully on Windows 7, 2008R2. You may begin internal testing of this patch.
  • MS13-078: ** NOT TESTED ** No patch lab or CCS production machines are currently running Microsoft FrontPage 2003. You may begin internal testing of this patch.
  • MS13-079: Deployed via Kaseya and tested successfully on Windows 2008, 2008R2. You may begin internal testing of this patch.