Tuesday, July 09, 2013

Microsoft Security Updates for July 2013

Microsoft released seven (7) bulletins.  Six of the bulletins are identified as Critical with one bulletin rated Important.

The bulletins address 34 vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Silverlight, GDI+ and Windows Defender.

The updates to IE and Windows require a restart.  In addition, with .NET Framework included in the updates, users who have had problems with .NET Framework in the past are reminded to install MS13-052 separately with a shutdown/restart between other updates.

New Security Policy for Store Apps

Microsoft announced a new security policy for apps available through the Windows Store, Windows Phone Store, Office Store, and Azure Marketplace.  Effective immediately, developers are required to submit an updated app within 180 days of being notified of a Critical or Important security vulnerability.

In the event you discover a vulnerability in a store application and have no success working with the developer, contact secure@microsoft.com for assistance.

Bulletin ID
Bulletin Title
Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution (2861561).
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851).
Vulnerability in GDI+ Could Allow Remote Code Execution (2848295)
Cumulative Security Update for Internet Explorer (2846071)
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2845187)
Vulnerability in Windows Media Format Runtime Could Allow Remote Code Execution (2847883)
Vulnerability in Windows Defender Could Allow Elevation of Privilege (2847927)

Users of Windows XP are reminded that support ends for Windows XP on April 8, 2014.  See Tim Rains article, The Countdown Begins: Support for Windows XP Ends on April 8, 2014.


The following additional information is provided in the Security Bulletin:


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: