7 Security Bulletins were released – 6 Critical, 1 Important, and 0 Moderate
This Month In Brief
We have not uncovered any widespread problems with any of these patches and are releasing all of them.
This is an important patch Tuesday. Although the number of bulletins is not remarkable, 6 of the 7 are rated Critical and no machine will go “untouched”. MS13-053 affect all operating systems. MS13-052 affects Internet Explorer 6 – 10. These two are the top priority. Expect all of you machines to need a reboot after patches are applied.
MS13-053 is the fix for the Tavis Ormandy zero-day flaw that made the news last month after “He made the zero-day flaw public, citing Microsoft as being ‘often very difficult to work with,’ and ‘treat[ing] vulnerability researchers with great hostility.’ ” For more on the unfolding drama see – “Microsoft reports hackings linked to report by Google researcher” (http://www.reuters.com/article/2013/07/09/us-microsoft-google-cybersecurity-idUSBRE9681AP20130709)
- Publically disclosed: MS13-052, MS13-053
- Being exploited: None
- Rated CRITICAL: MS13-052, MS13-053, MS13-054, MS13-055, MS13-056, MS13-057
- (The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating)
- Servers: Yes
- Workstations: Yes
New Security Bulletins
|MS13-052 Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution (2861561)||(NET Framework and Silverlight) The most severe of these vulnerabilities could allow remote code execution if a trusted
|MS13-053 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851)||(Windows Kernel-Mode Drivers) The most severe vulnerability could allow remote code execution if a user views shared content
|MS13-054 Vulnerability in GDI+ Could Allow Remote Code Execution (2848295)||(GDI+) The vulnerability could allow remote code execution if a user views shared content that embeds TrueType font files.
|MS13-055 Cumulative Security Update for Internet Explorer (2846071)||(Internet Explorer) The most severe vulnerabilities could allow remote code execution if a user views a specially crafted
|MS13-056 Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2845187)||(Microsoft DirectShow) The vulnerability could allow remote code execution if a user opens a specially crafted image file.
|MS13-057 Vulnerability in Windows Media Format Runtime Could Allow Remote Code Execution (2847883)||(Windows Media Format) The vulnerability could allow remote code execution if a user opens a specially crafted media file.
|MS13-058 Vulnerability in Windows Defender Could Allow Elevation of Privilege (2847927)||(Windows Defender) The vulnerability could allow elevation of privilege due to the pathnames used by Windows Defender.