Tuesday, December 10, 2013

Microsoft Security Updates for December 2013

Microsoft released eleven (11) bulletins.  Five of the bulletins are identified as Critical with the remaining six bulletins rated Important.

The security updates address twenty-four (24) unique CVEs in Microsoft Windows, Internet Explorer, Office and Exchange.

  • MS13-096 -- Vulnerability in Microsoft Graphics Component Could allow Remote Code Execution (2908005) 
  • MS13-097 -- Cumulative Security Update for Internet Explorer (2898785) 
  • MS13-098 -- Vulnerability in Windows Could Allow Remote Code Execution (2893294)
  • MS13-099 -- Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution (2909158)
  • MS13-105 -- Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2915705)
  • MS13-100 -- Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2904244)
  • MS13-101 -- Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2880430) 
  • MS13-102 -- Vulnerability in LRPC Client Could Allow Elevation of Privilege (2898715) 
  • MS13-103 -- Vulnerability in ASP.NET SignalR Could Allow Elevation of Privilege (2905244)
  • MS13-104 -- Vulnerability in Microsoft Office Could Allow Information Disclosure (2909976)
  • MS13-106 -- Vulnerability in a Microsoft Office Shared Component Could Allow Security Feature Bypass

December Security Advisories


Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.


Users of Windows XP are reminded that support ends for Windows XP on April 8, 2014.  See Tim Rains article, The Countdown Begins: Support for Windows XP Ends on April 8, 2014.

The following additional information is provided in the Security Bulletin:


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: