Skip to content

August 2013 Patch Recommendations

8 Security Bulletins were released and 2 were “Unreleased” – 3 Critical, 5 Important, and 0 Moderate

This Month In Brief

We have denied part of MS13-061 update KB2874216 that affects Exchange Server 2013. We have also denied MS13-066. We will release them once Microsoft corrects the problems.

MS13-059, MS13-060 and MS13-061 are rated Critical. After your next patch cycle completes you should follow up and make sure these are installed. MS13-059 fixes 11 remote code execution (RCE) flaws in Internet Explorer. Obviously flaws in Internet Explorer need to be a top priority. MS13-060 only applies to XP and Server 2003. MS13-061 is safe to install on Exchange 2007 and 2010.

MS13-061
Microsoft is aware of problems with update 2874216 that affects Exchange Server 2013. The issue could cause Exchange Server to stop indexing mail on servers. Microsoft has removed the update from Windows Update and the Download Center. Microsoft is researching this problem and will post more information in this article when the information becomes available.
Workaround if already installed:Update 2874216 breaks the content index in Exchange Server 2013 (https://support.microsoft.com/kb/2879739)

MS13-066
Microsoft is aware of problems with the security updates described in MS13-066 that affect Active Directory Federation Services (ADFS) 2.0. The problems could cause ADFS to stop working. Microsoft has removed the updates for ADFS 2.0 from Windows Update and the Download Center. Microsoft is researching this problem and will post more information in this article when the information becomes available.

No out-of-band updates were released during the last month.

Exploitability

Requires Restart

  • Servers: Yes
  • Workstations: Yes

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

MS13-059 Cumulative Security Update for Internet Explorer (2862772) (Internet Explorer) The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
Details
KB in Kaseya: KB2862772
Affected Software: XP, Vista, Windows 7/8, Server 2003, Server 2008/2008R2/2012, Windows RT
Known Issues per MS: https://support.microsoft.com/kb/2862772
MS13-060 Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2850869) (Unicode Scripts Processor) The vulnerability could allow remote code execution if a user viewed a specially crafted document or webpage with an application that supports embedded OpenType fonts.
Details
KB in Kaseya: KB2850869
Affected Software: XP,Server 2003
Known Issues per MS:
MS13-061 Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2876063) (Microsoft Exchange Server) The vulnerabilities exist in the WebReady Document Viewing and Data Loss Prevention features of Microsoft Exchange Server.
Details
KB in Kaseya: KB2866475, KB2873746, KB2874216
Affected Software: Exchange 2007, 2010, 2013
Known Issues per MS: https://support.microsoft.com/kb/2876063

IMPORTANT

MS13-062 Vulnerability in Remote Procedure Call Could Allow Elevation of Privilege (2849470) (Remote Procedure Call) The vulnerability could allow elevation of privilege if an attacker sends a specially crafted RPC request.
Details
KB in Kaseya: KB2849470
Affected Software: XP, Windows 7/8, Server 2003, Server 2008/2008R2/2012, Windows RT
Known Issues per MS: https://support.microsoft.com/kb/2849470
MS13-063 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2859537) (Windows Kernel) The most severe vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application.
Details
KB in Kaseya: KB2859537
Affected Software: XP, Server 2003, Server 2008, Server 2008 R2, Windows 7
Known Issues per MS: https://support.microsoft.com/kb/2859537
MS13-064 Vulnerability in Windows NAT Driver Could Allow Denial of Service (2849568) (Windows NAT Driver) The vulnerability could allow denial of service if an attacker sends a specially crafted ICMP packet to a target server that is running the Windows NAT Driver service.
Details
KB in Kaseya: KB2849568
Affected Software: Server 2012
Known Issues per MS:
MS13-065 Vulnerability in ICMPv6 could allow Denial of Service (2868623) (ICMPv6) The vulnerability could allow a denial of service if the attacker sends a specially crafted ICMP packet to the target system.
Details
KB in Kaseya: KB2868623
Affected Software: Windows 7, Server 2008, Server 2008 R2, Server 2012, Windows RT
Known Issues per MS: https://support.microsoft.com/kb/2868623
MS13-066 Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (2873872) (Active Directory Federation Services) The vulnerability could reveal information pertaining to the service account used by AD FS.
Details
KB in Kaseya: KB2843638, KB2843639, KB2868846
Affected Software: Server 2003, Server 2008, Server 2008 R2, Server 2012
Known Issues per MS: https://support.microsoft.com/kb/2873872
Scroll To Top