September 2013 Patch Recommendations

13 Security Bulletins were released – 4 Critical, 9 Important, and 0 Moderate

This Month In Brief

KB2817630 (a non-security update for Microsoft Office 2013) has been denied in all patch policies. Details are below.

All security updates have been approved.

13 Security Bulletins makes this the largest Patch Tuesday of 2013 so far. On top of that there known reporting issues with MS13-072 and MS13-073.

Top priority for servers is SharePoint MS13-067. While this vulnerability is public, Microsoft reports it is difficult to exploit. MS13-068 and MS13-069 are fixes for Internet Explorer and Outlook. These apply to all versions of Internet Explorer and Outlook 2007/2010 and will consequently affect a large number of machines.

Installations Issues

MS13-072 and MS13-073 were approved by VA because the installation problems do not affect the performance of the end points. KB2760411, KB2760588, and KB2760583 are parts of the MS13-072 and MS13-073. In some case they appear to be causing an installation loop. This is a reporting issue. The patches are installed however they may be reported as missing. Hopefully Microsoft will resolve this shortly but in the meantime do not be too concerned if these patches appear missing. You can check Add/Remove on the Kaseya Audit tab to verify they are installed.

Microsoft was slow to acknowledge this but finally posted:
“You may be repeatedly offered this update even though it is already installed. Microsoft is researching this problem and will post more information in this article when the information becomes available.”

MS13-073: Description of the security update for Microsoft Excel 2007 (xlconv-x-none.msp): September 10, 2013
(http://support.microsoft.com/kb/2760588/en-us)

MS13-072: Description of the security update for 2007 Office system (MSO): September 10, 2013
(http://support.microsoft.com/kb/2760411/en-us)

MS13-073: Description of the security update for Microsoft Office Excel 2007: September 10, 2013
(http://support.microsoft.com/kb/2760583/en-us)

This is a good thread for all the latest action – http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/updates-trying-to-install-over-and-over-again/2a624908-f4b1-46d8-87ed-caa09674ff4f

KB2817630 Denied

Update for Microsoft Office 2013 (KB2817630) This update was removed by Microsoft within 3 hours of its release last Tuesday – “Outlook 2013 Folder Pane Disappears After Installing September 2013 Public Update” (http://blogs.technet.com/b/office_sustained_engineering/archive/2013/09/11/outlook-folder-pane-disappears-after-installing-september-2013-public-update.aspx)
If you have machines that are not configured to use Kaseya Patch Management and KB2817630 was installed, the above link offers guidance.

Exploitability

Requires Restart

  • Servers: Yes
  • Workstations: Yes

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

MS13-067 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052) (SharePoint Server) The most severe vulnerability could allow remote code execution in the context of the W3WP service account if an attacker sends specially crafted content to the affected server.
Details
KB in Kaseya: KB2553408, KB2760420, KB2760594, KB2760595, KB2760589, KB2760755, KB2810061, KB2810067, KB2817305, KB2817315, KB2817372, KB2817393
Affected Software: SharePoint Services 2.0/3.0,SharePoint Server 2007/2010/02013
Known Issues per MS: https://support.microsoft.com/kb/2834052
MS13-068 Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2756473) (Outlook) The vulnerability could allow remote code execution if a user opens or previews a specially crafted email message using an affected edition of Microsoft Outlook.
Details
KB in Kaseya: KB2825999, KB2794707
Affected Software: Office 2007/2010
Known Issues per MS:
MS13-069 Cumulative Security Update for Internet Explorer (2870699) (Internet Explorer) The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
Details
KB in Kaseya: KB2870699
Affected Software: XP, Vista, Windows 7/8, Server 2003, Server 2008/2008R2/2012, Windows RT
Known Issues per MS:
MS13-070 Vulnerability in OLE Could Allow Remote Code Execution (2876217) (OLE) The vulnerability could allow remote code execution if a user opens a file that contains a specially crafted OLE object.
Details
KB in Kaseya: KB2876217
Affected Software: XP, Server 2003
Known Issues per MS:

IMPORTANT

MS13-071 Vulnerability in Windows Theme File Could Allow Remote Code Execution (2864063) (Windows Theme File) The vulnerability could allow remote code execution if a user applies a specially crafted Windows theme on their system.
Details
KB in Kaseya: KB2864063
Affected Software: XP, Vista, Windows 8, Server 2003
Known Issues per MS:
MS13-072 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537) (Office) The most severe vulnerabilities could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Office software.
Details
KB in Kaseya: KB2760411, KB2760769, KB2760823, KB2767773, KB2767913, KB2817474, KB2817682, KB2817683
Affected Software: Office 2003/2007/2010, Word Viewer, Office Compatibility Pack
Known Issues per MS: https://support.microsoft.com/kb/2845537 and http://support.microsoft.com/kb/2760411/en-us
MS13-073 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2858300) (Excel) The most severe vulnerabilities could allow remote code execution if a user opens a specially crafted Office file with an affected version of Microsoft Excel or other affected Microsoft Office software.
Details
KB in Kaseya: KB2760583, KB2760588, KB2760590, KB2760597, KB2768017, KB2810048, KB2877813
Affected Software: Office 2003/2007/2010/2013, Excel Viewer, Office Compatibility Pack, Office 2011 for MAC
Known Issues per MS: https://support.microsoft.com/kb/2858300 and http://support.microsoft.com/kb/2760583/en-us and http://support.microsoft.com/kb/2760588/en-us
MS13-074 Vulnerabilities in Microsoft Access Could Allow Remote Code Execution (2848637) (Access) The vulnerabilities could allow remote code execution if a user opens a specially crafted Access file with an affected version of Microsoft Access.
Details
KB in Kaseya: KB2596825, KB2687423, KB2810009
Affected Software: Office 2007/2010/2013
Known Issues per MS:
MS13-075 Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2878687) (Office IME (Chinese)) The vulnerability could allow elevation of privilege if a logged on attacker launches Internet Explorer from the toolbar in Microsoft Pinyin IME for Simplified Chinese.
Details
KB in Kaseya: KB2687413
Affected Software: Office 2010
Known Issues per MS:
MS13-076 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2876315) (Kernel-Mode Drivers) The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.
Details
KB in Kaseya: KB2876315
Affected Software: XP, Vista, Windows 7/8, Server 2003, Server 2008/2008R2/2012, Windows RT
Known Issues per MS:
MS13-077 Vulnerability in Windows Service Control Manager Could Allow Elevation of Privilege (2872339) (Service Control Manager ) The vulnerability could allow elevation of privilege if an attacker convinces an authenticated user to execute a specially crafted application.
Details
KB in Kaseya: KB2872339
Affected Software: Server 2008 R2, Windows 7
Known Issues per MS: https://support.microsoft.com/kb/2872339
MS13-078 Vulnerability in FrontPage Could Allow Information Disclosure (2825621) (FrontPage) The vulnerability could allow information disclosure if a user opens a specially crafted FrontPage document.
Details
KB in Kaseya: KB2825621
Affected Software: Frontpage 2003
Known Issues per MS:
MS13-079 Vulnerability in Active Directory Could Allow Denial of Service (2853587) (Active Directory) The vulnerability could allow denial of service if an attacker sends a specially crafted query to the Lightweight Directory Access Protocol (LDAP) service.
Details
KB in Kaseya: KB2853587
Affected Software: Vista, Windows 7/8, Server 2008/2008R2/2012
Known Issues per MS: