Microsoft Security Updates for October 2013

Microsoft released eight (8) bulletins.  Four of the bulletins are identified as Critical with the remaining four bulletins rated Important.

The updates address 26 unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight.

The updates to Windows and Internet Explorer require a restart.  For those people who run into problems with .NET Framework updates, it is recommended that the update be installed separately with a restart between other updates.

The Critical update for Internet Explorer addresses the publicly disclosed issue described in Security Advisory 2887505.  From the MS13-080 Update FAQ:

"If I applied the automated Microsoft Fix it solution for Internet Explorer previously described in Microsoft Security Advisory 2887505, do I need to undo the workaround before or after applying this update?

No. Customers who implemented the Microsoft Fix it solution, "CVE-2013-3893 MSHTML Shim Workaround," previously described in Microsoft Security Advisory 2887505, do not need to undo the Microsoft Fix it solution before or after applying this update.

Note Although it is not necessary to undo the Microsoft Fix it solution, customers can follow the steps in Microsoft Knowledge Base Article 2879017 to undo the Microsoft Fix it solution."

Critical:

• MS13-080 -- Cumulative Security Update for Internet Explorer (2879017)
• MS13-081 -- Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008)
• MS13-082 -- Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2878890)
• MS13-083 -- Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2864058)

Important:

• MS13-084 -- Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2885089)
• MS13-085 -- Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080)
• MS13-086 -- Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2885084)  
• MS13-087 -- Vulnerability in Silverlight Could Allow Information Disclosure (2890788)

Users of Windows XP are reminded that support ends for Windows XP on April 8, 2014.  See Tim Rains article, The Countdown Begins: Support for Windows XP Ends on April 8, 2014.

Support

The following additional information is provided in the Security Bulletin:

• The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
• Security solutions for IT professionals: TechNet Security Troubleshooting and Support
• Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center
• Local support according to your country: International Support

References

• MSRC: The October 2013 Security Updates
• TechNet: Microsoft Security Bulletin Summary for October 2013

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...