microsoft_patch_tuesday

It is that time of the month again, Microsoft’s Patch Tuesday, where they release a group of security patches and bugfixes through Windows Update. Make sure you have your updates set to automatic, or be sure to manually check for them after these roll out. For the IT admin, its that time of month to do your testing and roll them out to your workstations!

Security Patches

This month’s updates affect various versions of Windows, Office, Visual Studio, Lync, Internet Explorer, and Windows Defender, as well as the .NET Framework and Silverlight. All but one may require a restart of the computer after installation.

MS13-052/KB2861561 – Vulnerabilities in .NET Framework and Silverlight

(Windows XP, Vista, Windows 7, Windows 8, Windows RT, Server 2003, 2008, 2008 R2 and 2012, including Server Core installations; Microsoft Silverlight 5 and Silverlight 5 Developer Runtime when installed on Windows clients, Windows servers and Mac systems). This update addresses seven vulnerabilities in the .NET Framework and Silverlight on all supported versions of Windows, which could allow remote code execution if a trusted application uses a particular code pattern. It is rated critical for later versions of .NET Framework and important for some earlier versions. A restart may be required after installation.

MS13-053/KB2850851 – Vulnerabilities in Windows Kernel-Mode Drivers

(Windows XP, Vista, Windows 7, Windows 8, Windows RT, Windows Server 2003, 2008, 2008 R2 and 2012, including Server Core installations). This update is rated critical and affects all supported versions and editions of Microsoft Windows. It addresses eight vulnerabilities, based on the way Windows handles True Type Font (TTF) files and objects in memory. An exploit could result in remote code execution if a user views shared content with embedded TTF files. A restart may be required after installation.

MS13-054/KB2848295 – Vulnerability in GDI+

(Windows XP, Vista, Windows 7, Windows 8, Windows RT, Windows Server 2003, 2008, 2008 R2 and 2012, including Server Core installations; Microsoft Office 2003, 2007 and 2010, Visual Studio .NET 2003 and Lync 2010 and 2013). This update addresses one vulnerability in Windows, Office, Visual Studio, and Lync, which could allow remote code execution if a user views shared content that embeds True Type Font (TTF) files. It’s rated critical for Windows and Lync, and important for Office and Visual Studio. It does not affect Office 2013/2013 RT, nor Visual Studio versions 2005 and later. It also does not affect Communicator, Live Communications Server, Speech Server, Live Meeting Console, Lync 2010, Lync Web Access, or Lync for Mac 2011. A restart may be required after installation.

MS13-055/KB2846071 – Cumulative Security Update for Internet Explorer

(Internet Explorer 6, 7, 8, 9 and 10 running on all supported versions and editions of Microsoft Windows). This update addresses seventeen vulnerabilities that impact all supported versions of IE, the most severe of which could allow remote code execution upon viewing of a specially crafted web page in IE. It needs to be applied on all machines except those running Server Core installations. Rating is critical for Windows clients and moderate for Windows servers. A restart is required after installation.

MS13-056/KB2845187 – Vulnerability in Microsoft DirectShow

(Windows XP, Vista, Windows 7, Windows 8, Windows Server 2003, 2008, 2008 R2 SP1 and 2012). This update addresses one vulnerability in the way the DirectShow component opens GIF files, which could allow remote code execution if a specially crafted GIF image file is opened. This vulnerability does not affect Windows RT, Windows Server 2008, and 2008 R2 for Itanium-based systems, or Server Core installations. A restart may be required after installation.

MS13-057/KB2847883 – Vulnerability in Windows Media Format Runtime

(Windows XP, Vista, Windows 7, Windows 8, Windows RT, Windows Server 2003, 2008, 2008 R2 SP1 and 2012). This update addresses one vulnerability in the way Windows Media Player opens certain media files, which could allow remote code execution if a specially crafted media file is opened. This vulnerability does not affect Windows Server 2008 and 2008 R2 for Itanium-based systems, or Server Core installations. A restart may be required after installation.

MS13-058/KB2847927 – Vulnerabilities in Windows Defender

(Windows 7 and Windows Server 2008 R2). This update addresses one vulnerability in Windows Defender running on Windows 7 or Windows Server 2008 R2 and the way it uses pathnames, which could allow elevation of privilege by which an attacker could take control of the system. However, the attacker must obtain valid logon credentials in order to exploit the vulnerability, thus it’s rated important. No restart is required.

Other Updates/Releases

KB2607607 – Language packs for Windows 8 and Windows RT. New language packs are available for Windows 8/RT for the following languages: Turkmen, Maori, Kannada, Norwegian, Konkani, Irish, Maltese, Urdu, Tatar, Assamese, Bangla.

KB2829104 – Teluga characters not displayed correctly in Nirmala UI font. (Windows 7 and Windows Server 2008 R2). This update addresses a problem of incorrect character display in Word 2013 on a computer running Windows 7 or Server 2008 R2.

KB2836945 – Update for .NET Framework 2.0 SP2. (Windows Server 2008 SP2). This update resolves two issues with ASP.NET based web pages.

KB2855336 – Update Rollup. (Windows 8, Windows RT and Server 2012). This update addresses an issue that can result in SD cards no longer being detected if the system transitions between different power states, along with nineteen other issues affecting these operating systems.

KB2859541 – Update to support new camera models. (Windows 8, Windows RT). This update adds codecs to provide support for seventeen new models of cameras from Canon, Epson, Nikon, Olympus, Panasonic, Pentax and Sony.

KB890830 – Windows Malicious Software Removal Tool – July 2013 (Windows XP, Vista, Windows 7, Windows 8, Windows Server 2003, 2008, 2008 R2, and 2012). This is the regular monthly updated version of the Malicious Software Removal Tool (MSRT).

Windows 8.1 Preview Updates

The following updates were also released for those of you running Windows 8.1 Preview
• KB2863147: No notification about the expiration date of Windows 8.1 Preview
• KB2865946: Smart card PIN disclosure after an automatic restart for Windows Update in Windows 8.1 Preview
• KB2866512: Internet Explorer 11 Preview freezes or crashes while loading a webpage that contains widgets
• KB2866518: Can’t view OWA inbox in Internet Explorer 11 Preview
• KB2866537: Windows Store app instability after an app update in Windows 8.1 Preview