July 2013 Patch Recommendations

7 Security Bulletins were released – 6 Critical, 1 Important, and 0 Moderate

This Month In Brief

We have not uncovered any widespread problems with any of these patches and are releasing all of them.

This is an important patch Tuesday. Although the number of bulletins is not remarkable, 6 of the 7 are rated Critical and no machine will go “untouched”. MS13-053 affect all operating systems. MS13-052 affects Internet Explorer 6 – 10. These two are the top priority. Expect all of you machines to need a reboot after patches are applied.

MS13-053 is the fix for the Tavis Ormandy zero-day flaw that made the news last month after “He made the zero-day flaw public, citing Microsoft as being ‘often very difficult to work with,’ and ‘treat[ing] vulnerability researchers with great hostility.’ ” For more on the unfolding drama see – “Microsoft reports hackings linked to report by Google researcher” (http://www.reuters.com/article/2013/07/09/us-microsoft-google-cybersecurity-idUSBRE9681AP20130709)

 

Exploitability

Requires Restart

  • Servers: Yes
  • Workstations: Yes

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

MS13-052 Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution (2861561) (NET Framework and Silverlight) The most severe of these vulnerabilities could allow remote code execution if a trusted
Details
KB in Kaseya: KB2832407, KB2832411, KB2832412, KB2832414, KB2832418, KB2833940, KB2833941, KB2833946, KB2833947, KB2833949, KB2833951, KB2833957, KB2833958, KB2833959, KB2835393, KB2835622, KB2840628, KB2840629, KB2840631, KB2840632, KB2840633, KB2840642, KB2844285, KB2844286, KB2844287, KB2844289
Affected Software: XP, Vista, Windows 7/8/RT, Server 2003, Server 2008/2008R2/2012
Known Issues per MS: https://support.microsoft.com/kb/2861561
MS13-053 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851) (Windows Kernel-Mode Drivers) The most severe vulnerability could allow remote code execution if a user views shared content
Details
KB in Kaseya: KB2850851
Affected Software: XP, Vista, Windows 7/8/RT, Server 2008/2008R2/2012
Known Issues per MS: https://support.microsoft.com/kb/2850851
MS13-054 Vulnerability in GDI+ Could Allow Remote Code Execution (2848295) (GDI+) The vulnerability could allow remote code execution if a user views shared content that embeds TrueType font files.
Details
KB in Kaseya: KB2687276, KB2687309, KB2817465, KB2817480, KB2834886, KB2835361, KB2835364, KB2843160, KB2843162, KB2843163, KB2856545
Affected Software: XP, Vista, Windows 7/8/RT, Server 2003, Server 2008/2008R2/2012, Microsoft Office 2003/2007/2010, Visual Studio .NET 2003, Microsoft Lync 2010/2013
Known Issues per MS: https://support.microsoft.com/kb/2848295
MS13-055 Cumulative Security Update for Internet Explorer (2846071) (Internet Explorer) The most severe vulnerabilities could allow remote code execution if a user views a specially crafted
Details
KB in Kaseya: KB2846071
Affected Software: XP, Vista, Windows 7/8/RT, Server 2003, Server 2008/2008R2/2012
Known Issues per MS: https://support.microsoft.com/kb/2846071
MS13-056 Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2845187) (Microsoft DirectShow) The vulnerability could allow remote code execution if a user opens a specially crafted image file.
Details
KB in Kaseya: KB2845187
Affected Software: XP, Vista, Windows 7/8, Server 2003, Server 2008/2008R2/2012
Known Issues per MS:
MS13-057 Vulnerability in Windows Media Format Runtime Could Allow Remote Code Execution (2847883) (Windows Media Format) The vulnerability could allow remote code execution if a user opens a specially crafted media file.
Details
KB in Kaseya: KB2803821, KB2834902, KB2834903, KB2834904, KB2834905, KB2845142
Affected Software: XP, Vista, Windows 7/8/RT, Server 2003, Server 2008/2008R2/2012
Known Issues per MS: https://support.microsoft.com/kb/2847883

IMPORTANT

MS13-058 Vulnerability in Windows Defender Could Allow Elevation of Privilege (2847927) (Windows Defender) The vulnerability could allow elevation of privilege due to the pathnames used by Windows Defender.
Details
KB in Kaseya: KB2847927
Affected Software: Windows 7, Server 2008 R2
Known Issues per MS:

Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4