On Tuesday, November 12, 2013, Microsoft is planning to release eight (8) bulletins. Three of the bulletins are identified as Critical with the remaining five bulletins rated Important.
The Critical updates address vulnerabilities in Internet Explorer and Microsoft Windows. The Important updates will be directed to issues in Windows and Office and most of the updates will require a restart.
Security Advisory 2896666The issues in Security Advisory 2896666 will not be included in the scheduled updates. Although Microsoft has only detected only aware of targeted attacks against Office 2007 on Windows XP, the following additional guidance was provided regarding the affected installations by Dustin Childs in the below-linked MSRC post:
"For Office:Users of Windows Vista, Windows Server 2008, Lync or the above-described installations of Office are advised to enable the Fix it solution, available from my post here.
- Office 2003 and Office 2007 are affected regardless of the installed operating system. Currently, we are only aware of targeted attacks against Office 2007 users.
- Office 2010 is affected only if installed on Windows XP or Windows Server 2003. Office 2010 is not affected when installed on Windows Vista or newer systems.
- Office 2013 is not affected, regardless of OS platform.
For Lync clients:
- Supported versions of Windows Vista and Windows Server 2008 ship with the affected component but are not known to be under active attack.
- Other versions of Windows are not directly impacted. Customers who use these systems are only impacted if they have an affected version of Office or Lync.
- All supported versions of Lync client are affected but are not known to be under active attack."
ReminderUsers of Windows XP are reminded that support ends for Windows XP on April 8, 2014. See Tim Rains article, The Risk of Running Windows XP After Support Ends April 2014.
As happens each month, Microsoft will also release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.
- MSRC: Clarification on Security Advisory 2896666 and the ANS for the November 2013 Security Bulletin Release
- TechNet: Microsoft Security Bulletin Summary for November 2013