Tuesday, November 12, 2013

Microsoft Security Updates for November 2013

Microsoft released eight (8) bulletins.  Three of the bulletins are identified as Critical with the remaining five bulletins rated Important.

The updates address vulnerabilities in Internet Explorer and Microsoft Windows.  Please refer to the MSRC Blog post, Authenticity and the November 2013 Security Updates, for additional information about the updates, including the update to EMET and a new policy for CA's (Certificate Authorities).

The update in MS13-090 addresses CVE-2013-3918 which affects an Internet Explorer ActiveX Control which was publicly disclosed.

  • MS13-088 -- Cumulative Security Update for Internet Explorer (2888505) 
  • MS13-089 -- Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution (2876331)  
  • MS13-090 -- Cumulative Security Update of ActiveX Kill Bits (2900986) 
  • MS13-091 -- Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2885093)
  • MS13-092 -- Vulnerability in Hyper-V Could Allow Elevation of Privilege (2893986) 
  • MS13-094 -- Vulnerability in Microsoft Outlook Could Allow Information Disclosure (2894514) 
  • MS13-095 -- Vulnerability in Digital Signatures Could Allow Denial of Service (2868626) 


Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Two families targeted by the Malicious Software Removal Tool (MSRT) this month are Win32/Napolar and the bitcoin mining family Win32/Deminnix.


Users of Windows XP are reminded that support ends for Windows XP on April 8, 2014.  See Tim Rains article, The Countdown Begins: Support for Windows XP Ends on April 8, 2014.

The following additional information is provided in the Security Bulletin:


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: