September 2013 Patch Recommendations

13 Security Bulletins were released – 4 Critical, 9 Important, and 0 Moderate

This Month In Brief

KB2817630 (a non-security update for Microsoft Office 2013) has been denied in all patch policies. Details are below.

All security updates have been approved.

13 Security Bulletins makes this the largest Patch Tuesday of 2013 so far. On top of that there known reporting issues with MS13-072 and MS13-073.

Top priority for servers is SharePoint MS13-067. While this vulnerability is public, Microsoft reports it is difficult to exploit. MS13-068 and MS13-069 are fixes for Internet Explorer and Outlook. These apply to all versions of Internet Explorer and Outlook 2007/2010 and will consequently affect a large number of machines.

Installations Issues

MS13-072 and MS13-073 were approved by VA because the installation problems do not affect the performance of the end points. KB2760411, KB2760588, and KB2760583 are parts of the MS13-072 and MS13-073. In some case they appear to be causing an installation loop. This is a reporting issue. The patches are installed however they may be reported as missing. Hopefully Microsoft will resolve this shortly but in the meantime do not be too concerned if these patches appear missing. You can check Add/Remove on the Kaseya Audit tab to verify they are installed.

Microsoft was slow to acknowledge this but finally posted:
“You may be repeatedly offered this update even though it is already installed. Microsoft is researching this problem and will post more information in this article when the information becomes available.”

MS13-073: Description of the security update for Microsoft Excel 2007 (xlconv-x-none.msp): September 10, 2013
(http://support.microsoft.com/kb/2760588/en-us)

MS13-072: Description of the security update for 2007 Office system (MSO): September 10, 2013
(http://support.microsoft.com/kb/2760411/en-us)

MS13-073: Description of the security update for Microsoft Office Excel 2007: September 10, 2013
(http://support.microsoft.com/kb/2760583/en-us)

This is a good thread for all the latest action – http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/updates-trying-to-install-over-and-over-again/2a624908-f4b1-46d8-87ed-caa09674ff4f

KB2817630 Denied

Update for Microsoft Office 2013 (KB2817630) This update was removed by Microsoft within 3 hours of its release last Tuesday – “Outlook 2013 Folder Pane Disappears After Installing September 2013 Public Update” (http://blogs.technet.com/b/office_sustained_engineering/archive/2013/09/11/outlook-folder-pane-disappears-after-installing-september-2013-public-update.aspx)
If you have machines that are not configured to use Kaseya Patch Management and KB2817630 was installed, the above link offers guidance.

Exploitability

• Publically disclosed: MS13-067
• Being exploited: None
• Rated CRITICAL: MS13-067, MS13-068, MS13-069, MS13-070
• (The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating)

Requires Restart

• Servers: Yes
• Workstations: Yes

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

	MS13-067 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052)	(SharePoint Server) The most severe vulnerability could allow remote code execution in the context of the W3WP service account if an attacker sends specially crafted content to the affected server. Details KB in Kaseya: KB2553408, KB2760420, KB2760594, KB2760595, KB2760589, KB2760755, KB2810061, KB2810067, KB2817305, KB2817315, KB2817372, KB2817393 Affected Software: SharePoint Services 2.0/3.0,SharePoint Server 2007/2010/02013 Known Issues per MS: https://support.microsoft.com/kb/2834052
	MS13-068 Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2756473)	(Outlook) The vulnerability could allow remote code execution if a user opens or previews a specially crafted email message using an affected edition of Microsoft Outlook. Details KB in Kaseya: KB2825999, KB2794707 Affected Software: Office 2007/2010 Known Issues per MS:
	MS13-069 Cumulative Security Update for Internet Explorer (2870699)	(Internet Explorer) The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. Details KB in Kaseya: KB2870699 Affected Software: XP, Vista, Windows 7/8, Server 2003, Server 2008/2008R2/2012, Windows RT Known Issues per MS:
	MS13-070 Vulnerability in OLE Could Allow Remote Code Execution (2876217)	(OLE) The vulnerability could allow remote code execution if a user opens a file that contains a specially crafted OLE object. Details KB in Kaseya: KB2876217 Affected Software: XP, Server 2003 Known Issues per MS:

IMPORTANT

	MS13-071 Vulnerability in Windows Theme File Could Allow Remote Code Execution (2864063)	(Windows Theme File) The vulnerability could allow remote code execution if a user applies a specially crafted Windows theme on their system. Details KB in Kaseya: KB2864063 Affected Software: XP, Vista, Windows 8, Server 2003 Known Issues per MS:
	MS13-072 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537)	(Office) The most severe vulnerabilities could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Office software. Details KB in Kaseya: KB2760411, KB2760769, KB2760823, KB2767773, KB2767913, KB2817474, KB2817682, KB2817683 Affected Software: Office 2003/2007/2010, Word Viewer, Office Compatibility Pack Known Issues per MS: https://support.microsoft.com/kb/2845537 and http://support.microsoft.com/kb/2760411/en-us
	MS13-073 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2858300)	(Excel) The most severe vulnerabilities could allow remote code execution if a user opens a specially crafted Office file with an affected version of Microsoft Excel or other affected Microsoft Office software. Details KB in Kaseya: KB2760583, KB2760588, KB2760590, KB2760597, KB2768017, KB2810048, KB2877813 Affected Software: Office 2003/2007/2010/2013, Excel Viewer, Office Compatibility Pack, Office 2011 for MAC Known Issues per MS: https://support.microsoft.com/kb/2858300 and http://support.microsoft.com/kb/2760583/en-us and http://support.microsoft.com/kb/2760588/en-us
	MS13-074 Vulnerabilities in Microsoft Access Could Allow Remote Code Execution (2848637)	(Access) The vulnerabilities could allow remote code execution if a user opens a specially crafted Access file with an affected version of Microsoft Access. Details KB in Kaseya: KB2596825, KB2687423, KB2810009 Affected Software: Office 2007/2010/2013 Known Issues per MS:
	MS13-075 Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2878687)	(Office IME (Chinese)) The vulnerability could allow elevation of privilege if a logged on attacker launches Internet Explorer from the toolbar in Microsoft Pinyin IME for Simplified Chinese. Details KB in Kaseya: KB2687413 Affected Software: Office 2010 Known Issues per MS:
	MS13-076 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2876315)	(Kernel-Mode Drivers) The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. Details KB in Kaseya: KB2876315 Affected Software: XP, Vista, Windows 7/8, Server 2003, Server 2008/2008R2/2012, Windows RT Known Issues per MS:
	MS13-077 Vulnerability in Windows Service Control Manager Could Allow Elevation of Privilege (2872339)	(Service Control Manager ) The vulnerability could allow elevation of privilege if an attacker convinces an authenticated user to execute a specially crafted application. Details KB in Kaseya: KB2872339 Affected Software: Server 2008 R2, Windows 7 Known Issues per MS: https://support.microsoft.com/kb/2872339
	MS13-078 Vulnerability in FrontPage Could Allow Information Disclosure (2825621)	(FrontPage) The vulnerability could allow information disclosure if a user opens a specially crafted FrontPage document. Details KB in Kaseya: KB2825621 Affected Software: Frontpage 2003 Known Issues per MS:
	MS13-079 Vulnerability in Active Directory Could Allow Denial of Service (2853587)	(Active Directory) The vulnerability could allow denial of service if an attacker sends a specially crafted query to the Lightweight Directory Access Protocol (LDAP) service. Details KB in Kaseya: KB2853587 Affected Software: Vista, Windows 7/8, Server 2008/2008R2/2012 Known Issues per MS: