Virtual Administrator’s December 2013 Patch Recommendations

10 Security Bulletins were released – 5 Critical, 5 Important, and 0 Moderate

This Month In Brief

11 Security Bulletins were released 5 Critical, 6 Important

We have decided to deny KB2887069 (MS13-101) at this time.

There are a number of reports that anti-virus can interfere with KB2887069’s installation and the update gets stuck during the installation process. We have decided to wait until the problem is corrected before allowing it in our patch policy. KB2887069 is rated Important and per Microsoft An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

Of the 5 Critical patches this month MS13-096 and MS13-097 (KB2898785) should be your top priority. MS13-096 addresses what became known as the TIFF zero-day detailed in Microsoft Security Advisory (2896666). That vulnerability was discovered a few days before November’s Patch Tuesday and was not ready in time. MS13-097 patches a vulnerability in Internet Explorer 6, 7, 8, 9, 10, and 11. After your next patch cycle completes you should follow up and make sure these are installed.

For those keeping count Microsoft issued 106 total software update bulletins in 2013. This is up from the 83 we saw in 2012 but in line with the 100+ we’ve seen in previous years. So on average 100 bulletins per year is what we have seen and will most likely continue to see in upcoming years.

Exploitability

• Publically disclosed: None
• Being exploited: MS13-096, MS13-098, MS13-104, MS13-106
• Rated CRITICAL: MS13-096, MS13-097, MS13-098, MS13-099, MS13-100
• (The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating)

Requires Restart

• Servers: Yes
• Workstations: Yes

New Security Bulletins

(MS#/Affected Software/Type)

CRITICAL

	MS13-096 Vulnerability in Microsoft Graphics Component Could allow Remote Code Execution (2908005)	(GDI+) The vulnerability could allow remote code execution if a user views content that contains specially crafted TIFF files. Details KB in Kaseya: KB2817641, KB2817670, KB2850047, KB2901674 Affected Software: Vista, Office 2003/2007/2010, Word/Excel Viewer, Office Compatibility Pack, Server 2008, Lync 2010/2013, Powerpoint Viewer 2010 Known Issues per MS:
	MS13-097 Cumulative Security Update for Internet Explorer (2898785)	(Internet Explorer) The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. Details KB in Kaseya: KB2898785 Affected Software: XP, Vista, Windows 7/8, Server 2003, Server 2008/2008R2/2012, Windows RT Known Issues per MS:
	MS13-098 Vulnerability in Windows Could Allow Remote Code Execution (2893294)	(Windows) The vulnerability could allow remote code execution if a user or application runs or installs a specially crafted, signed portable executable (PE) file on an affected system. Details KB in Kaseya: KB2893294 Affected Software: XP, Vista, Windows 7/8, Server 2003, Server 2008/2008R2/2012, Windows RT Known Issues per MS:
	MS13-099 Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution (2909158)	(Windows) The vulnerability could allow remote code execution if an attacker convinces a user to visit a specially crafted website or a website that hosts specially crafted content. Details KB in Kaseya: KB2892074, KB2892075, KB2892076 Affected Software: XP, Vista, Windows 7/8, Server 2003, Server 2008/2008R2/2012, Windows RT Known Issues per MS:
	MS13-100 Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2915705)	(SharePoint Server) These vulnerabilities could allow remote code execution if an authenticated attacker sends specially crafted page content to a SharePoint server. Details KB in Kaseya: KB2880833, KB2903903, KB2903911, KB2905616 Affected Software: Exchange 2007/2010/2013 Known Issues per MS: https://support.microsoft.com/kb/2915705

IMPORTANT

	MS13-101 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2904244)	(Kernel-Mode Drivers) The more severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. Details KB in Kaseya: KB2553298, KB2837629, KB2837631, KB2910228 Affected Software: SharePoint Server 2010/2013, Office 2013 Web Apps Known Issues per MS:
	MS13-102 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2880430)	(LRPC) The vulnerability could allow elevation of privilege if an attacker spoofs an LRPC server and sends a specially crafted LPC port message to any LRPC client. Details KB in Kaseya: KB2887069, KB2893984 Affected Software: XP, Vista, Windows 7/8, Server 2003, Server 2008/2008R2/2012, Windows RT Known Issues per MS:
	MS13-103 Vulnerability in LRPC Client Could Allow Elevation of Privilege (2898715)	(ASP.NET SignalR) The vulnerability could allow elevation of privilege if an attacker reflects specially crafted JavaScript back to the browser of a targeted user. Details KB in Kaseya: KB2898715 Affected Software: XP,Server 2003 Known Issues per MS:
	MS13-104 Vulnerability in ASP.NET SignalR Could Allow Elevation of Privilege (2905244)	(Office) An attacker who successfully exploited this vulnerability could ascertain access tokens used to authenticate the current user on a targeted SharePoint or other Microsoft Office server site. Details KB in Kaseya: KB2903566, KB2903919 Affected Software: ASP.NET SignalR, Visual Studio TFS 2013 Known Issues per MS:
	MS13-106 Vulnerability in Microsoft Office Could Allow Information Disclosure (2909976)	(Office) The vulnerability could allow security feature bypass if a user views a specially crafted webpage in a web browser capable of instantiating COM components, such as Internet Explorer. Details KB in Kaseya: KB2850064 Affected Software: Office 2013/2013RT Known Issues per MS: