Thursday, November 07, 2013

Security Bulletin Advance Notice for November 2013

Security Bulletin
On Tuesday, November 12, 2013, Microsoft is planning to release eight (8) bulletins.  Three of the bulletins are identified as Critical with the remaining five bulletins rated Important.

The Critical updates address vulnerabilities in Internet Explorer and Microsoft Windows. The Important updates will be directed to issues in Windows and Office and most of the updates will require a restart.

Security Advisory 2896666

The issues in Security Advisory 2896666 will not be included in the scheduled updates.  Although Microsoft has only detected only aware of targeted attacks against Office 2007 on Windows XP, the following additional guidance was provided regarding the affected installations by Dustin Childs in the below-linked MSRC post:

"For Office:
  • Office 2003 and Office 2007 are affected regardless of the installed operating system. Currently, we are only aware of targeted attacks against Office 2007 users.
  • Office 2010 is affected only if installed on Windows XP or Windows Server 2003.  Office 2010 is not affected when installed on Windows Vista or newer systems.
  • Office 2013 is not affected, regardless of OS platform.
For Windows:
  • Supported versions of Windows Vista and Windows Server 2008 ship with the affected component but are not known to be under active attack.
  • Other versions of Windows are not directly impacted. Customers who use these systems are only impacted if they have an affected version of Office or Lync.
For Lync clients:
  • All supported versions of Lync client are affected but are not known to be under active attack."
Users of Windows Vista, Windows Server 2008, Lync or the above-described installations of Office are advised to enable the Fix it solution, available from my post here


Users of Windows XP are reminded that support ends for Windows XP on April 8, 2014.  See Tim Rains article, The Risk of Running Windows XP After Support Ends April 2014.

As happens each month, Microsoft will also release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

1 comment:

Giovanni DellaValle said...

Dear Corrine,
I greatly appreciatw your site, so I look at it once a day, at least.
Please, give us informations about the new releases of MS Security Essentials, that is a fundamental tool for the security of our PC's.