Microsoft released eleven (11) bulletins. Five of the bulletins are identified as Critical with the remaining six bulletins rated Important.
The security updates address twenty-four (24) unique CVEs in Microsoft Windows, Internet Explorer, Office and Exchange.
- MS13-096 -- Vulnerability in Microsoft Graphics Component Could allow Remote Code Execution (2908005)
- MS13-097 -- Cumulative Security Update for Internet Explorer (2898785)
- MS13-098 -- Vulnerability in Windows Could Allow Remote Code Execution (2893294)
- MS13-099 -- Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution (2909158)
- MS13-105 -- Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2915705)
- MS13-100 -- Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2904244)
- MS13-101 -- Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2880430)
- MS13-102 -- Vulnerability in LRPC Client Could Allow Elevation of Privilege (2898715)
- MS13-103 -- Vulnerability in ASP.NET SignalR Could Allow Elevation of Privilege (2905244)
- MS13-104 -- Vulnerability in Microsoft Office Could Allow Information Disclosure (2909976)
- MS13-106 -- Vulnerability in a Microsoft Office Shared Component Could Allow Security Feature Bypass
December Security Advisories
- Security Advisory 2905247 – Insecure ASP.NET Site Configuration Could Allow Elevation of Privilege
- Security Advisory 2871690 – Update to Revoke Non-compliant UEFI Modules
- Security Advisory 2915720 – Changes in Windows Authenticode Signature Verification
MSRTMicrosoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.
SupportUsers of Windows XP are reminded that support ends for Windows XP on April 8, 2014. See Tim Rains article, The Countdown Begins: Support for Windows XP Ends on April 8, 2014.
The following additional information is provided in the Security Bulletin:
- The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
- Security solutions for IT professionals: TechNet Security Troubleshooting and Support
- Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center
- Local support according to your country: International Support
- MSRC: Omphaloskepsis and the December 2013 Security Update Release
- TechNet: Microsoft Security Bulletin for December 2013