Microsoft Security Bulletin Re-Releases/Advisories

********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: June 12, 2012
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS12-020 - Critical
* MS12-025 - Critical

Bulletin Information:
=====================

* MS12-020 - Critical

- http://technet.microsoft.com/security/bulletin/MS12-020
- Reason for Revision: V2.0 (June 12, 2012): Bulletin rereleased to
reoffer security update KB2667402 on all supported editions of
Windows 7 and Windows Server 2008 R2. Customers using Windows 7
or Windows Server 2008 R2, including those who have already
successfully installed the update originally offered on
March 13, 2012, should install the reoffered update. See the
Update FAQ for details.
- Originally posted: March 13, 2012
- Updated: June 12, 2012
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS12-025 - Critical

- http://technet.microsoft.com/security/bulletin/MS12-025
- Reason for Revision: V2.0 (June 12, 2012): Bulletin rereleased to
reoffer the update for all affected software. Customers who have
already successfully installed the update originally offered on
April 10, 2012 are encouraged to install the reoffered update.
See the Update FAQ for details.
- Originally posted: April 10, 2012
- Updated: June 12, 2012
- Bulletin Severity Rating: Critical
- Version: 2.0

 

Microsoft Security Bulletin(s) for July 10, 2012
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

http://technet.microsoft.com/en-us/security/bulletin/ms12-jul

Critical (3)

Microsoft Security Bulletin MS12-043 - Critical
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479)
Published: Tuesday, July 10, 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-043

Microsoft Security Bulletin MS12-044 - Critical
Cumulative Security Update for Internet Explorer (2719177)
Published: Tuesday, July 10, 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-044

Microsoft Security Bulletin MS12-045 - Critical
Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2698365)
Published: Tuesday, July 10, 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-045

Important (6)

Microsoft Security Bulletin MS12-046 - Important
Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960)
Published: Tuesday, July 10, 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-046

Microsoft Security Bulletin MS12-047 - Important
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2718523)
Published: Tuesday, July 10, 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-047

Microsoft Security Bulletin MS12-048 - Important
Vulnerability in Windows Shell Could Allow Remote Code Execution (2691442)
Published: Tuesday, July 10, 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-048

Microsoft Security Bulletin MS12-049 - Important
Vulnerability in TLS Could Allow Information Disclosure (2655992)
Published: Tuesday, July 10, 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-049

Microsoft Security Bulletin MS12-050 - Important
Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502)
Published: Tuesday, July 10, 2012 | Updated: Tuesday, July 10, 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-050

Microsoft Security Bulletin MS12-051 - Important
Vulnerability in Microsoft Office for Mac Could Allow Elevation of Privilege (2721015)
Published: Tuesday, July 10, 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-051

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

********************************************************************
Title: Microsoft Security Bulletin Minor Revisions
Issued: July 10, 2012
********************************************************************

Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.


* MS11-044 - Critical
* MS11-078 - Critical
* MS11-100 - Critical
* MS12-016 - Critical
* MS12-035 - Critical
* MS12-036 - Critical
* MS12-050 - Important
* MS12-JUL



Bulletin Information:
=====================

* MS11-044 - Critical

- http://technet.microsoft.com/security/bulletin/ms11-044
- Reason for Revision: V1.3 (July 10, 2012): Microsoft revised
this bulletin to communicate a minor detection change for
KB2518864 for Microsoft .NET Framework 2.0 Service Pack 2 and
Microsoft .NET Framework 3.5 Service Pack 1 to correct an
offering issue. There were no changes to the security update
files. Customers who have already successfully updated their
systems do not need to take any action.
- Originally posted: June 14, 2011
- Updated: July 10, 2012
- Bulletin Severity Rating: Critical
- Version: 1.3

* MS11-078 - Critical

- http://technet.microsoft.com/security/bulletin/ms11-078
- Reason for Revision: V1.3 (July 10, 2012): Microsoft revised
this bulletin to communicate a minor detection change for
KB2572073 for Microsoft .NET Framework 2.0 Service Pack 2 to
correct an offering issue. There were no changes to the security
update files. Customers who have already successfully updated
their systems do not need to take any action.
- Originally posted: October 11, 2011
- Updated: July 10, 2012
- Bulletin Severity Rating: Critical
- Version: 1.3

* MS11-100 - Critical

- http://technet.microsoft.com/security/bulletin/ms11-100
- Reason for Revision: V1.6 (July 10, 2012): Microsoft revised
this bulletin to communicate a minor detection change for
KB2657424 for Microsoft .NET Framework 3.5 Service Pack 1 to
correct an offering issue. There were no changes to the security
update files. Customers who have already successfully updated
their systems do not need to take any action.
- Originally posted: December 29, 2011
- Updated: Tuesday, July 10, 2012
- Bulletin Severity Rating: Critical
- Version: 1.6

* MS12-016 - Critical

- http://technet.microsoft.com/security/bulletin/ms12-016
- Reason for Revision: V1.3 (July 10, 2012): Microsoft revised
this bulletin to communicate a minor detection change for
KB2633880 for Microsoft .NET Framework 2.0 Service Pack 2 to
correct an offering issue. There were no changes to the security
update files. Customers who have already successfully updated
their systems do not need to take any action.
- Originally posted: February 14, 2012
- Updated: July 10, 2012
- Bulletin Severity Rating: Critical
- Version: 1.3

* MS12-035 - Critical

- http://technet.microsoft.com/security/bulletin/ms12-035
- Reason for Revision: V2.2 (July 10, 2012): Microsoft revised
this bulletin to communicate a minor detection change for
KB2604111 for Microsoft .NET Framework 3.5 Service Pack 1 to
correct an offering issue. There were no changes to the security
update files. Customers who have already successfully updated
their systems do not need to take any action.
- Originally posted: May 08, 2012
- Updated: Tuesday, July 10, 2012
- Bulletin Severity Rating: Critical
- Version: 2.2

* MS12-036 - Critical

- http://technet.microsoft.com/security/bulletin/ms12-036
- Reason for Revision: V1.2 (July 10, 2012): Removed MS11-065 as
a bulletin replaced by the KB2685939 update for Windows XP
Service Pack 3, Windows XP Professional x64 Edition Service
Pack 2, Windows Server 2003 Service Pack 2, Windows Server
2003 x64 Edition Service Pack 2, and Windows Server 2003
with SP2 for Itanium-based Systems. This is an informational
change only. There were no changes to the detection logic or
the update files.
- Originally posted: June 12, 2012
- Updated: July 10, 2012
- Bulletin Severity Rating: Critical
- Version: 1.2

* MS12-050 - Important

- http://technet.microsoft.com/security/bulletin/ms12-050
- Reason for Revision: V1.1 (July 10, 2012): Downgraded the
severity rating for the SharePoint Search Scope Vulnerability,
CVE-2012-1860, from Important to Moderate for all affected
software. This is an informational change only.
- Originally posted: July 10, 2012
- Updated: July 10, 2012
- Bulletin Severity Rating: Important
- Version: 1.1

* MS12-JUL

- http://technet.microsoft.com/security/bulletin/ms12-JUL
- Reason for Revision: V1.1 (July 10, 2012): Removed
CVE-2012-1860 from the Exploitability Index because the
vulnerability has a Moderate severity rating. Only
vulnerabilities that have a severity rating of Critical or
Important in the bulletins are included in the
Exploitability Index.
- Originally posted: July 10, 2012
- Updated: July 10, 2012
- Version: 1.1

 

Microsoft Security Bulletin(s) for August 14 2012
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

http://technet.microsoft.com/en-us/security/bulletin/ms12-aug

Critical (5)

Microsoft Security Bulletin MS12-052
Cumulative Security Update for Internet Explorer (2722913)
http://technet.microsoft.com/en-us/security/bulletin/ms12-052

Microsoft Security Bulletin MS12-053
Vulnerability in Remote Desktop Could Allow Remote Code Execution (2723135)
http://technet.microsoft.com/en-us/security/bulletin/ms12-053

Microsoft Security Bulletin MS12-054
Vulnerabilities in Windows Networking Components Could Allow Remote Code Execution (2733594)
http://technet.microsoft.com/en-us/security/bulletin/ms12-054

Microsoft Security Bulletin MS12-060
Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2720573)
http://technet.microsoft.com/en-us/security/bulletin/ms12-060

Microsoft Security Bulletin MS12-058
Vulnerabilities in Microsoft Exchange Server WebReady Document Viewing Could Allow Remote Code Execution (2740358)
http://technet.microsoft.com/en-us/security/bulletin/ms12-058



Important (4)

Microsoft Security Bulletin MS12-055
Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2731847)
http://technet.microsoft.com/en-us/security/bulletin/ms12-055

Microsoft Security Bulletin MS12-056
Vulnerability in JScript and VBScript Engines Could Allow Remote Code Execution (2706045)
http://technet.microsoft.com/en-us/security/bulletin/ms12-056

Microsoft Security Bulletin MS12-057
Vulnerability in Microsoft Office Could Allow Remote Code Execution (2731879)
http://technet.microsoft.com/en-us/security/bulletin/ms12-057

Microsoft Security Bulletin MS12-059
Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2733918)
http://technet.microsoft.com/en-us/security/bulletin/ms12-059


Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Microsoft Security Bulletin(s) for September 11 2012
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

http://technet.microsoft.com/en-us/security/bulletin/ms12-sep

Critical (0)


Important (2)


Microsoft Security Bulletin MS12-061 - Important

Vulnerability in Visual Studio Team Foundation Server Could Allow Elevation of Privilege (2719584)

Published: Tuesday, September 11, 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-061



Microsoft Security Bulletin MS12-062 - Important

Vulnerability in System Center Configuration Manager Could Allow Elevation of Privilege (2741528)

Published: Tuesday, September 11, 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-062


Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Microsoft out-of-band security bulletin September 21, 2012

Microsoft Security Bulletin MS12-063 - Critical

Cumulative Security Update for Internet Explorer (2744842)

Published: Friday, September 21, 2012

Version: 1.0


General Information

Executive Summary

This security update resolves one publicly disclosed and four privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows servers. Internet Explorer 10 is not affected. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

This security update also addresses the vulnerability first described in Microsoft Security Advisory 2757760.
http://technet.microsoft.com/en-us/security/advisory/2757760

Recommendation. Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

See also the section, Detection and Deployment Tools and Guidance, later in this bulletin.

Known Issues. None

http://technet.microsoft.com/en-us/security/bulletin/ms12-063

 

Security Advisory 2755801 addresses Adobe Flash Player issues - MSRC - Site Home - TechNet Blogs:
http://blogs.technet.com/b/msrc/arc...5801-addresses-adobe-flash-player-issues.aspx

Today we released Security Advisory 2755801
http://technet.microsoft.com/en-us/security/advisory/2755801
that
addresses vulnerabilities in Adobe Flash Player in Internet Explorer 10
on Windows 8. The majority of customers have automatic updates enabled
and will not need to take any action because protections will be
downloaded and installed automatically. Customers who do not use
automatic updates should apply the guidance in the advisory immediately
using update management software, or by checking the Microsoft Update
service, to help ensure protection.

We recognize there has been some discussion about our update process as
it relates to Adobe Flash Player. Microsoft is committed to taking the
appropriate actions to help protect our customers and we are working
closely with Adobe to deliver quality protections that are aligned with
Adobe’s update process.

With respect to Adobe Flash Player in Internet Explorer 10, customers
can expect the following:

* On a quarterly basis when Adobe normally issues Flash Player
updates, we will coordinate on disclosure and release timing.
* When the threat landscape requires action outside of Adobe’s normal
update cadence, we will also work to align our release schedules.
For example, this may mean that in some cases we will issue updates
outside of our regular monthly security bulletin release.

As always, we recommend customers visit the Advisory for more
information and make sure the update is deployed as soon as possible to
help ensure that they are protected.

Yunsun Wee
Director
Microsoft Trustworthy Computing

 

Microsoft Security Bulletin(s) for October 9 2012
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
http://technet.microsoft.com/en-us/security/bulletin/ms12-oct



Critical (1)
Microsoft Security Bulletin MS12-064
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2742319)
http://technet.microsoft.com/en-us/security/bulletin/ms12-064


Important (6)
Microsoft Security Bulletin MS12-065
Vulnerability in Microsoft Works Could Allow Remote Code Execution (2754670)
http://technet.microsoft.com/en-us/security/bulletin/ms12-065


Microsoft Security Bulletin MS12-066
Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2741517)
http://technet.microsoft.com/en-us/security/bulletin/ms12-066

Microsoft Security Bulletin MS12-067
Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2742321)
http://technet.microsoft.com/en-us/security/bulletin/ms12-067

Microsoft Security Bulletin MS12-068
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2724197)
http://technet.microsoft.com/en-us/security/bulletin/ms12-068

Microsoft Security Bulletin MS12-069
Vulnerability in Kerberos Could Allow Denial of Service (2743555)
http://technet.microsoft.com/en-us/security/bulletin/ms12-069

Microsoft Security Bulletin MS12-070
Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849)
http://technet.microsoft.com/en-us/security/bulletin/ms12-070



Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Microsoft Security Bulletin Re-Releases - Oct. 9, 2012
Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS12-043 - Critical
* MS12-053 - Critical
* MS12-054 - Critical
* MS12-055 - Important
* MS12-058 - Critical
* MS12-JUL
* MS12-AUG

Bulletin Information:

* MS12-043 - Critical
http://technet.microsoft.com/security/bulletin/MS12-043

- Reason for Revision: V3.0 (October 9, 2012): Added Microsoft
XML Core Services 4.0 when installed on supported editions of
Windows 8 and Windows Server 2012 to affected software and
announced a corresponding detection change for the KB2721691
update package. Customers who have installed Microsoft XML
Core Services 4.0 on systems running Windows 8 or Windows
Server 2012 need to install the KB2721691 update to be
protected from the vulnerability described in this bulletin.
See the update FAQ for details.
- Originally posted: July 10, 2012
- Updated: October 9, 2012
- Bulletin Severity Rating: Critical
- Version: 3.0

* MS12-053 - Critical
http://technet.microsoft.com/security/bulletin/MS12-053

- Reason for Revision: V2.0 (October 9, 2012): Revised bulletin
to offer the rerelease of the KB723135 update for Windows XP.
Customers need to apply the rereleased update packages to
avoid an issue with digital certificates described in
Microsoft Security Advisory 2749655.
- Originally posted: August 14, 2012
- Updated: October 9, 2012
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS12-054 - Critical
http://technet.microsoft.com/security/bulletin/MS12-054

- Reason for Revision: V2.0 (October 9, 2012): Revised
bulletin to offer the rerelease of the KB2705219 update
for Windows XP, Windows Server 2003, Windows Vista, Windows
Server 2008, Windows 7, and Windows Server 2008 R2. Customers
need to apply the rereleased update packages to avoid an issue
with digital certificates described in Microsoft Security
Advisory 2749655.
- Originally posted: August 14, 2012
- Updated: October 9, 2012
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS12-055 - Important
http://technet.microsoft.com/security/bulletin/MS12-055

- Reason for Revision: V2.0 (October 9, 2012): Revised
bulletin to offer the rerelease of the KB2731847 update
for Windows XP, Windows Server 2003, Windows Vista, Windows
Server 2008, Windows 7, and Windows Server 2008 R2. Customers
need to apply the rereleased update packages to avoid an
issue with digital certificates described in Microsoft
Security Advisory 2749655.
- Originally posted: August 14, 2012
- Updated: October 9, 2012
- Bulletin Severity Rating: Important
- Version: 2.0

* MS12-058 - Critical
http://technet.microsoft.com/security/bulletin/MS12-058

- Reason for Revision: V2.0 (October 9, 2012): Revised bulletin
to offer the rerelease of updates for Microsoft Exchange Server
2007 Service Pack 3 (KB2756496), Microsoft Exchange Server 2010
Service Pack 1 (KB2756497), and Microsoft Exchange Server 2010
Service Pack 2 (KB2756485). Customers need to apply the
rereleased updates to avoid an issue with digital certificates
described in Microsoft Security Advisory 2749655.
- Originally posted: August 14, 2012
- Updated: October 9, 2012
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS12-JUL
http://technet.microsoft.com/en-us/security/bulletin/ms12-043

- Reason for Revision: V3.0 (October 9, 2012): For MS12-043,
added Microsoft XML Core Services 4.0 when installed on
supported editions of Windows 8 and Windows Server 2012
to affected software. See the MS12-043 bulletin for details.
- Originally posted: July 10, 2012
- Updated: October 9, 2012
- Version: 3.0

* MS12-AUG
http://technet.microsoft.com/security/bulletin/ms12-JUL

- Reason for Revision: V2.0 (October 9, 2012): Bulletin
Summary revised to coincide with the rerelease of update
packages in MS12-053, MS12-054, MS12-055, and MS12-058.
Customers need to apply the rereleased update packages
to avoid an issue with digital certificates described in
Microsoft Security Advisory 2749655. See the bulletins
for more information.
- Updated: October 9, 2012
- Version: 3.0

 

Microsoft Security Bulletin Minor Revisions - Oct 23, 2012
Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS12-043
* MS12-066
* MS12-OCT

Bulletin Information:
=====================

* MS12-043 - Important

http://technet.microsoft.com/security/bulletin/ms12-043
- Reason for Revision: V3.1 (October 23, 2012): Added the
KB2721691 update to the Bulletin FAQ that explains which
updates are available for Windows 8 Release Preview and
Windows Server 2012 Release Candidate.
- Originally posted: July 10, 2012
- Updated: October 23, 2012
- Bulletin Severity Rating: Critical
- Version: 3.1

* MS12-066 - Important

http://technet.microsoft.com/security/bulletin/ms12-066
- Reason for Revision: V1.3 (October 23, 2012): Added Microsoft
Windows SharePoint Services 3.0 Service Pack 3 (32-bit version)
and Microsoft Windows SharePoint Services 3.0 Service Pack 3
(64-bit version) to the Affected Software section. This is a
bulletin change only. There were no changes to the detection
logic or security update files.
- Originally posted: October 9, 2012
- Updated: October 23, 2012
- Bulletin Severity Rating: Important
- Version: 1.3

* MS12-OCT

http://technet.microsoft.com/security/bulletin/ms12-oct
- Reason for Revision: V1.3 (October 23, 2012): For MS12-066,
added Microsoft Windows SharePoint Services 3.0 Service Pack 3
(32-bit version) and Microsoft Windows SharePoint Services 3.0
Service Pack 3 (64-bit version) to the Affected Software and
Download Locations section. This is an informational change
only. There were no changes to the detection logic or security
update files.
- Originally posted: October 9, 2012
- Updated: October 23, 2012
- Version: 1.3

 

Microsoft Security Bulletin(s) for November 13 2012
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

http://technet.microsoft.com/en-us/security/bulletin/ms12-NOV


Critical (4)

Microsoft Security Bulletin MS12-071 - Critical
Cumulative Security Update for Internet Explorer (2761451)
Published: Tuesday, November 13, 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-071


Microsoft Security Bulletin MS12-072 - Critical
Vulnerabilities in Windows Shell Could Allow Remote Code Execution (2727528)
Published: Tuesday, November 13, 2012
https://technet.microsoft.com/en-us/security/bulletin/ms12-072


Microsoft Security Bulletin MS12-074 - Critical
Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2745030)
Published: Tuesday, November 13, 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-074


Microsoft Security Bulletin MS12-075 - Critical
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2761226)
Published: Tuesday, November 13, 2012
https://technet.microsoft.com/en-us/security/bulletin/ms12-075



Important (1)

Microsoft Security Bulletin MS12-076 - Important
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2720184)
Published: Tuesday, November 13, 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-076

Moderate (1)

Microsoft Security Bulletin MS12-073 - Moderate
Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Information Disclosure (2733829)
Published: Tuesday, November 13, 2012
https://technet.microsoft.com/en-us/security/bulletin/ms12-073




Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: December 11, 2012
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS12-043 - Critical
* MS12-050 - Important
* MS12-057 - Important
* MS12-059 - Important
* MS12-060 - Important
* MS12-JUL
* MS12-AUG


Bulletin Information:
=====================

* MS12-043 - Critical

- http://technet.microsoft.com/security/bulletin/MS12-043
- Reason for Revision: V4.0 (December 11, 2012): Rereleased
bulletin to replace the KB2687324 update with the KB2687627
update for Microsoft XML Core Services 5.0 when installed on
Microsoft Office 2003 Service Pack 3, and to replace the
KB2596679 update with the KB2687497 update for Microsoft XML
Core Services 5.0 when installed with all affected editions
of Microsoft Groove 2007, Microsoft Groove Server 2007, and
Microsoft Office SharePoint Server 2007. See the update
FAQ for details.
- Originally posted: July 10, 2012
- Updated: December 11, 2012
- Bulletin Severity Rating: Critical
- Version: 4.0

* MS12-050 - Important

- http://technet.microsoft.com/security/bulletin/MS12-050
- Reason for Revision: V2.0 (December 11, 2012): Rereleased
this bulletin to announce availability of an update for
Microsoft Windows SharePoint Services 2.0. No other update
packages are affected by this rerelease.
- Originally posted: July 10, 2012
- Updated: December 11, 2012
- Bulletin Severity Rating: Important
- Version: 2.0

* MS12-057 - Important

- http://technet.microsoft.com/security/bulletin/MS12-057
- Reason for Revision: V2.0 (December 11, 2012): Rereleased
bulletin to replace the KB2553260 and KB2589322 updates
with the KB2687501 and KB2687510 updates respectively for
Microsoft Office 2010 Service Pack 1. See the update FAQ
for details.
- Originally posted: August 14, 2012
- Updated: December 11, 2012
- Bulletin Severity Rating: Important
- Version: 2.0

* MS12-059 - Important

- http://technet.microsoft.com/security/bulletin/MS12-059
- Reason for Revision: V2.0 (December 11, 2012): Rereleased
bulletin to replace the KB2597171 update with the
KB2687508 update for all affected editions of Microsoft
Visio 2010.
- Originally posted: August 14, 2012
- Updated: December 11, 2012
- Bulletin Severity Rating: Important
- Version: 2.0

* MS12-060 - Critical

- http://technet.microsoft.com/security/bulletin/MS12-060
- Reason for Revision: V2.0 (December 11, 2012): Rereleased
bulletin to replace the KB2687323 update with the
KB2726929 update for Windows common controls on all
affected variants of Microsoft Office 2003, Microsoft
Office 2003 Web Components, and Microsoft SQL Server 2005.
- Originally posted: August 14, 2012
- Updated: December 11, 2012
- Bulletin Severity Rating: Important
- Version: 2.0

* MS12-Jul

- http://technet.microsoft.com/security/bulletin/ms12-Jul
- Reason for Revision: V5.0 (December 11, 2012): For MS12-043,
replaced the KB2687324 update with the KB2687627 update for
Microsoft XML Core Services 5.0 when installed on Microsoft
Office 2003 Service Pack 3, and replaced the KB2596679 update
with the KB2687497 update for Microsoft XML Core Services 5.0
when installed with all affected editions of Microsoft Groove
2007, Microsoft Groove Server 2007, and Microsoft Office
SharePoint Server 2007. See the MS12-043 bulletin for details.
- Originally posted: July 10, 2012
- Updated: December 11, 2012
- Version: 5.0

* MS12-Aug

- http://technet.microsoft.com/security/bulletin/ms12-Aug
- Reason for Revision: V3.0 (December 11, 2012): For MS12-057,
replaced the KB2553260 and KB2589322 updates with the
KB2687501 and KB2687510 updates respectively for all affected
editions of Microsoft Office 2010. For MS12-059, replaced the
KB2597171 update with the KB2687508 update for all affected
editions of Microsoft Visio 2010. For MS12-060, replaced the
KB2687323 update with the KB2726929 update for Windows common
controls on all affected variants of Microsoft Office 2003,
Microsoft Office 2003 Web Components, and Microsoft SQL
Server 2005.
- Originally posted: August 14, 2012
- Updated: December 11, 2012
- Version: 3.0

 

Microsoft Security Bulletin(s) for December 11 2012
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
http://technet.microsoft.com/en-us/security/bulletin/ms12-dec



Critical (5)

Microsoft Security Bulletin MS12-077
Cumulative Security Update for Internet Explorer (2761465)
http://technet.microsoft.com/en-us/security/bulletin/ms12-077

Microsoft Security Bulletin MS12-078
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534)
http://technet.microsoft.com/en-us/security/bulletin/ms12-078

Microsoft Security Bulletin MS12-079
Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642)
http://technet.microsoft.com/en-us/security/bulletin/ms12-079

Microsoft Security Bulletin MS12-080
Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126)
http://technet.microsoft.com/en-us/security/bulletin/ms12-080

Microsoft Security Bulletin MS12-081
Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857)
http://technet.microsoft.com/en-us/security/bulletin/ms12-081





Important (2)

Microsoft Security Bulletin MS12-082
Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660)
http://technet.microsoft.com/en-us/security/bulletin/ms12-082

Microsoft Security Bulletin MS12-083
Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (2765809)
http://technet.microsoft.com/en-us/security/bulletin/ms12-083






Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

: Microsoft Security Bulletin Re-Releases
Issued: December 20, 2012
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS12-078 - Critical
* MS12-dec


Bulletin Information:
=====================

* MS12-078 - Critical

- http://technet.microsoft.com/security/bulletin/MS12-078
- Reason for Revision: V2.0 (December 20, 2012): Rereleased
update KB2753842 to resolve an issue with OpenType fonts not
properly rendering after the original update was installed.
Customers who have successfully installed the original KB2753842
update need to install the rereleased update.
- Originally posted: December 11, 2012
- Updated: December 20, 2012
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS12-dec

- http://technet.microsoft.com/security/bulletin/ms12-dec
- Reason for Revision: V2.0 (December 20, 2012): For MS12-078,
rereleased update KB2753842 to resolve an issue with OpenType
fonts not properly rendering after the original update was
installed. Customers who have successfully installed the
original KB2753842 update need to install the rereleased update.
- Originally posted: December 11, 2012
- Updated: December 20, 2012
- Version: 2.0

 

Microsoft Security Advisory (2794220)

Vulnerability in Internet Explorer Could Allow Remote Code Execution

Published: Saturday, December 29, 2012

Version: 1.0
http://technet.microsoft.com/en-us/security/advisory/2794220

 

Microsoft Security Advisory (2798897)
Fraudulent Digital Certificates Could Allow Spoofing
Published or Last Updated: Thursday, January 03, 2013

http://technet.microsoft.com/en-us/security/advisory/2798897

 

Microsoft Security Bulletin(s) for January 8 2013
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
http://technet.microsoft.com/en-us/security/bulletin/ms13-jan

Critical (2)
Microsoft Security Bulletin MS13-001
Vulnerability in Windows Print Spooler Components Could Allow Remote Code Execution (2769369)
http://go.microsoft.com/fwlink/?LinkId=273848

Microsoft Security Bulletin MS13-002
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (2756145)
http://go.microsoft.com/fwlink/?LinkId=264923

Important (5)
Microsoft Security Bulletin MS13-003
Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege (2748552)
http://go.microsoft.com/fwlink/?LinkId=261863

Microsoft Security Bulletin MS13-004
Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2769324)
http://go.microsoft.com/fwlink/?LinkId=268279

Microsoft Security Bulletin MS13-005
Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778930)
http://go.microsoft.com/fwlink/?LinkId=273826

Microsoft Security Bulletin MS13-006
Vulnerability in Microsoft Windows Could Allow Security Feature Bypass (2785220)
http://go.microsoft.com/fwlink/?LinkId=273872

Microsoft Security Bulletin MS13-007 -
Vulnerability in Open Data Protocol Could Allow Denial of Service (2769327)
http://go.microsoft.com/fwlink/?LinkId=268284


Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Microsoft Security Advisory (973811)
Extended Protection for Authentication
Published or Last Updated: Tuesday, January 08, 2013
http://technet.microsoft.com/en-us/security/advisory/973811

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
Published or Last Updated: Tuesday, January 08, 2013
http://technet.microsoft.com/en-us/security/advisory/2755801

 

Out of band for IE security issue

 

Microsoft out-of-band security bulletin for January 2013
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
http://technet.microsoft.com/en-us/security/bulletin/ms13-jan

Critical (1)

Security Update for Internet Explorer (2799329)

This security update resolves one publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
http://technet.microsoft.com/en-us/security/advisory/2794220


Important (0)


Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Title: Microsoft Security Bulletin Re-Releases
Issued: January 22, 2013
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS13-004 - Important
* MS13-jan


Bulletin Information:
=====================

* MS13-004 - Important

- http://technet.microsoft.com/security/bulletin/MS13-004
- Reason for Revision: V2.0 (January 22, 2013): Bulletin
rereleased to reoffer security update KB2756920 for Windows 7
and Windows Server 2008 R2 to systems that are running in
specific configurations known to have potential compatibility
issues. Customers who are reoffered the update should
reinstall this update. See the update FAQ for more
information.
- Originally posted: January 8, 2013
- Updated: January 22, 2013
- Bulletin Severity Rating: Important
- Version: 2.0

* MS13-jan

- http://technet.microsoft.com/security/bulletin/ms12-jan
- Reason for Revision: V3.0 (January 22, 2013): For MS13-004,
bulletin rereleased to reoffer the KB2756920 update for
Windows 7 and Windows Server 2008 R2 to systems that are
running in specific configurations known to have potential
compatibility issues. See the bulletin for more information.
- Originally posted: January 8, 2013
- Updated: January 22, 2013
- Version: 3.0


Other Information
=================

Follow us on Twitter for the latest information and updates:
http://twitter.com/msftsecresponse

Recognize and avoid fraudulent email to Microsoft customers:
=============================================================
If you receive an email message that claims to be distributing
a Microsoft security update, it is a hoax that may contain
malware or pointers to malicious websites. Microsoft does
not distribute security updates via email.

The Microsoft Security Response Center (MSRC) uses PGP to digitally
sign all security notifications. However, it is not required to read
security notifications, security bulletins, security advisories, or
install security updates. You can obtain the MSRC public PGP key at
https://technet.microsoft.com/security/bulletin/pgp.

 

Microsoft Security Bulletin Minor Revisions - Jan 30, 2013
Summary
=======
The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS12-043
* MS12-057
* MS12-060

Bulletin Information:
=====================

* MS12-043 - Critical
http://technet.microsoft.com/security/bulletin/ms12-043
- Reason for Revision: V4.1 (January 30, 2013): Clarified that
customers with the KB2687324 and KB2596679 updates will be
offered the KB2687627 and KB2687497 updates respectively for
Microsoft XML Core Services 5.0. See the update FAQ for
details.
- Originally posted: July 10, 2012
- Updated: January 30, 2013
- Bulletin Severity Rating: Critical
- Version: 4.1

* MS12-057 - Important
http://technet.microsoft.com/security/bulletin/ms12-057

- Reason for Revision: V2.1 (January 30, 2013): Clarified
that customers with the KB2553260 and KB2589322 updates
will be offered the KB2687501 and KB2687510 updates
respectively for Microsoft Office 2010 Service Pack 1.
See the update FAQ for details.
- Originally posted: August 14, 2012
- Updated: January 30, 2013
- Bulletin Severity Rating: Important
- Version: 2.1

* MS12-060 - Critical

http://technet.microsoft.com/security/bulletin/ms12-060
- Reason for Revision: V2.1 (January 30, 2013): Clarified
that customers with the KB2687323 update will be offered
the KB2726929 update for Windows common controls on all
affected variants of Microsoft Office 2003, Microsoft Office
2003 Web Components, and Microsoft SQL Server 2005.
See the update FAQ for details.
- Originally posted: August 14, 2012
- Updated: January 30, 2013
- Bulletin Severity Rating: Critical
- Version: 2.1

 

Microsoft Security Bulletin(s) for February 12, 2013
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
http://technet.microsoft.com/en-us/security/bulletin/ms13-feb


Critical (5)
Microsoft Security Bulletin MS13-009
Cumulative Security Update for Internet Explorer (2792100)
http://technet.microsoft.com/en-us/security/bulletin/ms13-009

Microsoft Security Bulletin MS13-010
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2797052)
http://technet.microsoft.com/en-us/security/bulletin/ms13-010

Microsoft Security Bulletin MS13-011
Vulnerability in Media Decompression Could Allow Remote Code Execution (2780091)
http://technet.microsoft.com/en-us/security/bulletin/ms13-011

Microsoft Security Bulletin MS13-012
Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2809279)
http://technet.microsoft.com/en-us/security/bulletin/ms13-012

Microsoft Security Bulletin MS13-020
Vulnerability in OLE Automation Could Allow Remote Code Execution (2802968)
http://technet.microsoft.com/en-us/security/bulletin/ms13-020


Important (7)
Microsoft Security Bulletin MS13-013
Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2784242)
http://technet.microsoft.com/en-us/security/bulletin/ms13-013

Microsoft Security Bulletin MS13-014
Vulnerability in NFS Server Could Allow Denial of Service (2790978)
http://technet.microsoft.com/en-us/security/bulletin/ms13-014

Microsoft Security Bulletin MS13-015
Vulnerability in .NET Framework Could Allow Elevation of Privilege (2800277)
http://technet.microsoft.com/en-us/security/bulletin/ms13-015

Microsoft Security Bulletin MS13-016
Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778344)
http://technet.microsoft.com/en-us/security/bulletin/ms13-016

Microsoft Security Bulletin MS13-017
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2799494)
http://technet.microsoft.com/en-us/security/bulletin/ms13-017

Microsoft Security Bulletin MS13-018
Vulnerability in TCP/IP Could Allow Denial of Service (2790655)
http://technet.microsoft.com/en-us/security/bulletin/ms13-018

Microsoft Security Bulletin MS13-019
Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2790113)
http://technet.microsoft.com/en-us/security/bulletin/ms13-019

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Microsoft Security Bulletin Minor Revisions - Feb 13, 2013
Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS13-012
* MS13-020
* MS13-feb

Bulletin Information:

* MS13-012 - Critical

http://technet.microsoft.com/security/bulletin/ms13-012
- Reason for Revision: V1.1 (February 13, 2013): Clarified that
Microsoft Exchange Server 2010 Service Pack 3 is not affected
by the vulnerabilities described in this bulletin. This is
an informational change only.
- Originally posted: February 12, 2013
- Updated: February 13, 2013
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS13-020 - Critical

http://technet.microsoft.com/security/bulletin/ms13-020
- Reason for Revision: V1.1 (February 13, 2012): Clarified
in the vulnerability FAQ what systems are primarily at risk
for CVE-2013-1313. This is an informational change only.
- Originally posted: February 12, 2013
- Updated: February 13, 2013
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS13-feb

http://technet.microsoft.com/security/bulletin/ms13-feb
- Reason for Revision: V1.2 (February 13, 2013): For
MS13-014, corrected the Exploitability Assessment for
Latest Software Release in the Exploitability Index for
CVE-2013-1281.
- Originally posted: February 12, 2013
- Updated: February 13, 2013
- Version: 1.2

 

********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: March 12, 2013
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS13-003 - Important
* MS13-jan


Bulletin Information:
=====================

* MS13-003 - Important

- http://technet.microsoft.com/security/bulletin/MS13-003
- Reason for Revision: V2.0 (March 12, 2013): Rereleased this
bulletin to announce availability of an update for Microsoft
System Center Operations Manager 2007 Service Pack 1. No other
update packages are affected by this rerelease.
- Originally posted: January 8, 2013
- Updated: March 12, 2013
- Bulletin Severity Rating: Important
- Version: 2.0

* MS13-jan

- http://technet.microsoft.com/security/bulletin/ms12-jan
- Reason for Revision: V4.0 (March 12, 2013): For MS13-003,
bulletin rereleased to announce the availability of an update for
Microsoft System Center Operations Manager 2007 Service Pack 1.
No other update packages are affected by this rerelease. See the
bulletin for more information.
- Originally posted: January 8, 2013
- Updated: March 12, 2013
- Version: 4.0

 

Microsoft security bulletin for March 12 2013
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
http://technet.microsoft.com/en-us/security/bulletin/ms13-mar


Critical (4)

Microsoft Security Bulletin MS13-021 - Critical
Cumulative Security Update for Internet Explorer (2809289)
https://technet.microsoft.com/en-us/security/bulletin/ms13-021

Microsoft Security Bulletin MS13-022 - Critical
Vulnerability in Silverlight Could Allow Remote Code Execution (2814124)
http://technet.microsoft.com/en-us/security/bulletin/ms13-022

Microsoft Security Bulletin MS13-023 - Critical
Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2801261)
http://technet.microsoft.com/en-us/security/bulletin/ms13-023

Microsoft Security Bulletin MS13-024 - Critical
Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2780176)
http://technet.microsoft.com/en-us/security/bulletin/ms13-024



Important (3)
Microsoft Security Bulletin MS13-025- important
Vulnerability in Microsoft OneNote Could Allow Information Disclosure (2816264)
http://go.microsoft.com/fwlink/?LinkId=282355

Microsoft Security Bulletin MS13-026-important
Vulnerability in Office Outlook for Mac Could Allow Information Disclosure (2813682)
http://go.microsoft.com/fwlink/?LinkId=280673

Microsoft Security Bulletin MS13-027 - Important
Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2807986)
http://technet.microsoft.com/en-us/security/bulletin/MS13-027


Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

********************************************************************
Title: Microsoft Security Bulletin Re-Releases
Issued: March 12, 2013
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS13-003 - Important
* MS13-jan


Bulletin Information:
=====================

* MS13-003 - Important

- http://technet.microsoft.com/security/bulletin/MS13-003
- Reason for Revision: V2.0 (March 12, 2013): Rereleased this
bulletin to announce availability of an update for Microsoft
System Center Operations Manager 2007 Service Pack 1. No other
update packages are affected by this rerelease.
- Originally posted: January 8, 2013
- Updated: March 12, 2013
- Bulletin Severity Rating: Important
- Version: 2.0

* MS13-jan

- http://technet.microsoft.com/security/bulletin/ms12-jan
- Reason for Revision: V4.0 (March 12, 2013): For MS13-003,
bulletin rereleased to announce the availability of an update for
Microsoft System Center Operations Manager 2007 Service Pack 1.
No other update packages are affected by this rerelease. See the
bulletin for more information.
- Originally posted: January 8, 2013
- Updated: March 12, 2013
- Version: 4.0

 

Microsoft Security Advisory (2819682)

Security Updates for Microsoft Windows Store Applications

Published: Tuesday, March 26, 2013

Version: 1.0


Executive Summary

Microsoft is announcing the availability of security updates for Windows Store applications running on Windows 8, Windows RT, and Windows Server 2012 (Windows Server 2012 Server Core installations are not affected). The updates address vulnerabilities that are detailed in the Knowledge Base articles associated with each update.

Latest Security Updates

Security Update 2832006 for Windows Modern Mail

On March 26, 2013, Microsoft released a security update on the Windows Store for Windows Modern Mail. Microsoft recommends that customers running this software apply the update as soon as possible using the Windows Store Apps update feature. For more information about this update, see Microsoft Knowledge Base Article 2832006.
http://technet.microsoft.com/en-us/security/advisory/2819682

 

Microsoft Security Bulletin Minor Revisions - April 3, 2013
Summary

The following bulletins have undergone minor revision increments.
Please see the bulletin for more details.

* MS13-007
* MS13-022

Bulletin Information:


* MS13-007 - Important
http://technet.microsoft.com/security/bulletin/ms13-007
- Reason for Revision: V1.1 (April 3, 2013): Added a mitigation
to CVE-2013-0005 for systems running Windows Server 2012.
- Originally posted: January 8, 2013
- Updated: April 3, 2013
- Bulletin Severity Rating: Important
- Version: 1.1

* MS13-022 - Important
http://technet.microsoft.com/security/bulletin/ms13-022
- Reason for Revision: V1.2 (April 3, 2013): Updated the Known
Issues entry in the Knowledge Base Article section from "None"
to "Yes" and clarified that installing the update will upgrade
previous versions of Silverlight to Silverlight version
5.1.20125.0.
- Originally posted: March 12, 2013
- Updated: April 3, 2013
- Bulletin Severity Rating: Important
- Version: 1.2
--

 

Microsoft security bulletin for April 9 2013
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
http://technet.microsoft.com/en-us/security/bulletin/ms13-apr


Critical (2)
Microsoft Security Bulletin MS13-028
Cumulative Security Update for Internet Explorer (2817183)
http://technet.microsoft.com/en-us/security/bulletin/ms13-028

Microsoft Security Bulletin MS13-029
Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2828223)
http://technet.microsoft.com/en-us/security/bulletin/ms13-029


Important (7)
Microsoft Security Bulletin MS13-030
Vulnerability in SharePoint Could Allow Information Disclosure (2827663)
http://technet.microsoft.com/en-us/security/bulletin/ms13-030

Microsoft Security Bulletin MS13-031
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2813170)
http://technet.microsoft.com/en-us/security/bulletin/ms13-031

Microsoft Security Bulletin MS13-032
Vulnerability in Active Directory Could Lead to Denial of Service (2830914)
http://technet.microsoft.com/en-us/security/bulletin/ms13-032

Microsoft Security Bulletin MS13-033
Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2820917)
http://technet.microsoft.com/en-us/security/bulletin/ms13-033

Microsoft Security Bulletin MS13-034
Vulnerability in Microsoft Antimalware Client Could Allow Elevation of Privilege (2823482)
http://technet.microsoft.com/en-us/security/bulletin/ms13-034

Microsoft Security Bulletin MS13-035
Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2821818)
http://technet.microsoft.com/en-us/security/bulletin/ms13-035

Microsoft Security Bulletin MS13-036
Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege (2829996)
http://technet.microsoft.com/en-us/security/bulletin/ms13-036

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Microsoft Security Bulletin Minor Revisions - Apr 10, 2013
Summary

The following bulletins have undergone minor revision increments.
Please see the bulletin for more details.

* MS13-029
* MS13-apr

Bulletin Information:

* MS13-029 - Critical
http://technet.microsoft.com/security/bulletin/ms13-029

- Reason for Revision: V1.1 (April 10, 2013): Corrected the
version number for Remote Desktop Connection Client on
Windows 7 Service Pack 1 and Windows Server 2008 R2 Service
Pack 1 from 7.0 to 7.1. This is an informational change only.
There were no changes to security update files.
- Originally posted: April 9, 2013
- Updated: April 10, 2013
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS13-apr
http://technet.microsoft.com/security/bulletin/ms13-apr
- Reason for Revision: V1.1 (April 10, 2013): For MS13-029,
corrected the version number for Remote Desktop Connection
Client on Windows 7 Service Pack 1 and Windows Server 2008
R2 Service Pack 1 from 7.0 to 7.1. This is an informational
change only. There were no changes to security update files.
- Originally posted: April 9, 2013
- Updated: April 10, 2013
- Version: 1.1

 

Microsoft Security Advisory (2847140)

Vulnerability in Internet Explorer Could Allow Remote Code Execution

Published: Friday, May 03, 2013

Version: 1.0


General Information

Executive Summary

Microsoft is investigating public reports of a vulnerability in Internet Explorer 8. Microsoft is aware of attacks that attempt to exploit this vulnerability.

Internet Explorer 6, Internet Explorer 7, Internet Explorer 9, and Internet Explorer 10 are not affected by the vulnerability.

This is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. In addition, we are actively working with partners to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability.

Microsoft continues to encourage customers to follow the guidance in the Microsoft Safety & Security Center of enabling a firewall, applying all software updates, and installing antimalware software.
https://technet.microsoft.com/en-us/security/advisory/2847140

 

Microsoft security bulletin for may 14 2013
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
http://technet.microsoft.com/en-us/security/bulletin/ms13-may


Critical (2)
Microsoft Security Bulletin MS13-037
Cumulative Security Update for Internet Explorer (2829530)
https://technet.microsoft.com/security/bulletin/ms13-037

Microsoft Security Bulletin MS13-038
Security Update for Internet Explorer (2847204)
https://technet.microsoft.com/security/bulletin/ms13-038


Important (8)
Microsoft Security Bulletin MS13-039
Vulnerability in HTTP.sys Could Allow Denial of Service (2829254)
https://technet.microsoft.com/security/bulletin/MS13-039

Microsoft Security Bulletin MS13-040
Vulnerabilities in .NET Framework Could Allow Spoofing (2836440)
http://technet.microsoft.com/security/bulletin/MS13-040

Microsoft Security Bulletin MS13-041
Vulnerability in Lync Could Allow Remote Code Execution (2834695)
https://technet.microsoft.com/security/bulletin/ms13-041

Microsoft Security Bulletin MS13-042
Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2830397)
https://technet.microsoft.com/security/bulletin/ms13-042

Microsoft Security Bulletin MS13-043
Vulnerability in Microsoft Word Could Allow Remote Code Execution (2830399)
https://technet.microsoft.com/security/bulletin/ms13-043

Microsoft Security Bulletin MS13-044
Vulnerability in Microsoft Visio Could Allow Information Disclosure (2834692)
https://technet.microsoft.com/security/bulletin/ms13-044

Microsoft Security Bulletin MS13-045
Vulnerability in Windows Essentials Could Allow Information Disclosure (2813707)
https://technet.microsoft.com/security/bulletin/ms13-045

Microsoft Security Bulletin MS13-046
Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2840221)
https://technet.microsoft.com/security/bulletin/ms13-046


Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Microsoft Security Bulletin Minor Revisions - May 22, 2013
Summary

The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS12-081
* MS13-037
* MS13-MAY

Bulletin Information:

* MS12-081 - Critical

http://technet.microsoft.com/security/bulletin/ms12-081
- Reason for Revision: V1.1 (May 22, 2013): Added a link to
Microsoft Knowledge Base Article 2758857 under Known Issues
in the Executive Summary.
- Originally posted: December 11, 2012
- Updated: May 22, 2013
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS13-037 - Critical
http://technet.microsoft.com/security/bulletin/ms13-037

- Reason for Revision: V1.1 (May 22, 2013): Corrected the
Common Vulnerabilities and Exposures number for
CVE-2013-3140. This is an informational change only.
- Originally posted: May 14, 3013
- Updated: May 22, 2013
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS13-MAY

http://technet.microsoft.com/security/bulletin/ms13-MAY
- Reason for Revision: V1.1 (May 22, 2013): For MS13-037,
corrected the Common Vulnerabilities and Exposures number
for CVE-2013-3140. This is an informational change only.
- Originally posted: May 14, 3013
- Updated: May 22, 2013
- Version: 1.1

 

Microsoft security bulletin for June 11 2013
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
http://technet.microsoft.com/en-us/security/bulletin/ms13-047


Critical (1)
Microsoft Security Bulletin MS13-047
Cumulative Security Update for Internet Explorer (2838727)
http://technet.microsoft.com/en-us/security/bulletin/ms13-047


Important (4)
Microsoft Security Bulletin MS13-048
Vulnerability in Windows Kernel Could Allow Information Disclosure (2839229)
http://technet.microsoft.com/en-us/security/bulletin/ms13-048

Microsoft Security Bulletin MS13-049
Vulnerability in Kernel-Mode Driver Could Allow Denial of Service (2845690)
http://technet.microsoft.com/en-us/security/bulletin/ms13-049

Microsoft Security Bulletin MS13-050
Vulnerability in Windows Print Spooler Components Could Allow Elevation of Privilege (2839894)
http://technet.microsoft.com/en-us/security/bulletin/ms13-050

Microsoft Security Bulletin MS13-051
Vulnerability in Microsoft Office Could Allow Remote Code Execution (2839571)
http://technet.microsoft.com/en-us/security/bulletin/ms13-051

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Microsoft security bulletin for July 9 2013
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
http://technet.microsoft.com/en-us/security/bulletin/ms13-jul


Critical (6)
Microsoft Security Bulletin MS13-053 - Critical
Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution (2861561)
http://go.microsoft.com/fwlink/?LinkID=299844

Microsoft Security Bulletin MS13-054 - Critical
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851)
https://technet.microsoft.com/en-us/security/bulletin/ms13-053

Microsoft Security Bulletin MS13-054 - Critical
Vulnerability in GDI+ Could Allow Remote Code Execution (2848295)
https://technet.microsoft.com/en-us/security/bulletin/ms13-054

Microsoft Security Bulletin MS13-055 - Critical
Cumulative Security Update for Internet Explorer (2846071)
https://technet.microsoft.com/en-us/security/bulletin/ms13-055

Microsoft Security Bulletin MS13-056 - Critical
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2845187)
https://technet.microsoft.com/en-us/security/bulletin/ms13-056

Microsoft Security Bulletin MS13-057 - Critical
Vulnerability in Windows Media Format Runtime Could Allow Remote Code Execution (2847883)
https://technet.microsoft.com/en-us/security/bulletin/ms13-057




Important (1)
Microsoft Security Bulletin MS13-058 - Important
Vulnerability in Windows Defender Could Allow Elevation of Privilege (2847927)
https://technet.microsoft.com/en-us/security/bulletin/ms13-058

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Microsoft security bulletin for August 13 2013
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
http://technet.microsoft.com/en-us/security/bulletin/ms13-aug


Critical (3)

Microsoft Security Bulletin MS13-059
Cumulative Security Update for Internet Explorer (2862772)
http://technet.microsoft.com/en-us/security/bulletin/ms13-059

Microsoft Security Bulletin MS13-060
Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2850869)
http://technet.microsoft.com/en-us/security/bulletin/ms13-060

Microsoft Security Bulletin MS13-061
Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2876063)
http://technet.microsoft.com/en-us/security/bulletin/ms13-061



Important (5)

Microsoft Security Bulletin MS13-062
Vulnerability in Remote Procedure Call Could Allow Elevation of Privilege (2849470)
http://technet.microsoft.com/en-us/security/bulletin/ms13-062

Microsoft Security Bulletin MS13-063
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2859537)
http://technet.microsoft.com/en-us/security/bulletin/ms13-063

Microsoft Security Bulletin MS13-064
Vulnerability in Windows NAT Driver Could Allow Denial of Service (2849568)
http://technet.microsoft.com/en-us/security/bulletin/ms13-064

Microsoft Security Bulletin MS13-065
Vulnerability in ICMPv6 could allow Denial of Service (2868623)
http://technet.microsoft.com/en-us/security/bulletin/ms13-065

Microsoft Security Bulletin MS13-066
Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (2873872)
http://technet.microsoft.com/en-us/security/bulletin/ms13-066
Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Title: Microsoft Security Bulletin Re-Releases
Issued: August 19, 2013
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS13-066 - Important
* MS13-aug


Bulletin Information:
=====================

* MS13-066 - Important

- https://technet.microsoft.com/security/bulletin/MS13-066
- Reason for Revision: V3.0 (August 19, 2013): Rereleased bulletin
to announce the reoffering of the 2843638 update for Active
Directory Federation Services 2.0 on Windows Server 2008
and Windows Server 2008 R2. See the Update FAQ for details.
- Originally posted: August 13, 2013
- Updated: August 19, 2013
- Bulletin Severity Rating: Important
- Version: 3.0

* MS13-aug

- https://technet.microsoft.com/security/bulletin/MS13-aug
- Reason for Revision: V2.0 (August 19, 2013): For MS13-066,
bulletin revised to announce the reoffering of the 2843638
update for Active Directory Federation Services 2.0 on
Windows Server 2008 and Windows Server 2008 R2. See the
bulletin for details.
- Originally posted: August 13, 2013
- Updated: August 19, 2013
- Version: 2.0

 

Title: Microsoft Security Bulletin Re-Releases
Issued: August 27, 2013
********************************************************************

Summary
=======
The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS13-057 - Critical
* MS13-061 - Critical
* MS13-jul
* MS13-aug


Bulletin Information:
=====================

MS13-057 - Critical

- https://technet.microsoft.com/security/bulletin/MS13-057
- Reason for Revision: V3.0 (August 27, 2013): Bulletin revised to
rerelease security update 2803821 for Windows XP,
Windows Server 2003, Windows Vista, and Windows Server 2008;
security update 2834902 for Windows XP and Windows Server 2003;
security update 2834903 for Windows XP; security update 2834904
for Windows XP and Windows Server 2003; and security update
2834905 for Windows XP. Windows XP, Windows Server 2003,
Windows Vista, and Windows Server 2008 customers should install
the rereleased updates. See the Update FAQ for more information.
- Originally posted: July 9, 2013
- Updated: August 27, 2013
- Bulletin Severity Rating: Critical
- Version: 3.0

MS13-061 - Critical

- https://technet.microsoft.com/security/bulletin/MS13-061
- Reason for Revision: V3.0 (August 27, 2013): Rereleased bulletin
to announce the reoffering of the 2874216 update for Microsoft
Exchange Server 2013 Cumulative Update 1 and Microsoft Exchange
Server 2013 Cumulative Update 2. See the Update FAQ for details.
- Originally posted: August 13, 2013
- Updated: August 27, 2013
- Bulletin Severity Rating: Critical
- Version: 3.0

* MS13-jul

- https://technet.microsoft.com/security/bulletin/ms13-jul
- Reason for Revision: V3.0 (August 27, 2013): For MS13-057,
bulletin revised to rerelease security update 2803821 for
Windows XP, Windows Server 2003, Windows Vista, and
Windows Server 2008; security update 2834902 for Windows XP and
Windows Server 2003; security update 2834903 for Windows XP;
security update 2834904 for Windows XP and Windows Server 2003;
and security update 2834905 for Windows XP. Windows XP,
Windows Server 2003, Windows Vista, and Windows Server 2008
customers should install the rereleased updates that apply to
their systems. See the bulletin for details.
- Originally posted: July 9, 2013
- Updated: August 27, 2013
- Version: 3.0

* MS13-aug

- https://technet.microsoft.com/security/bulletin/ms13-aug
- Reason for Revision: V3.0 (August 27, 2013): For MS13-061,
bulletin revised to announce the reoffering of the 2874216
update for Microsoft Exchange Server 2013 Cumulative Update 1
and Microsoft Exchange Server 2013 Cumulative Update 2.
See the bulletin for details
- Originally posted: August 13, 2013
- Updated: August 27, 2013
- Version: 3.0

 

Microsoft security bulletin for September 10 2013
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).
http://technet.microsoft.com/en-us/security/bulletin/ms13-sep

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:



Critical (4)

Microsoft Security Bulletin MS13-067 - Critical
Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052)
http://go.microsoft.com/fwlink/?LinkId=293350

Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2756473)
http://go.microsoft.com/fwlink/?LinkID=307055

Microsoft Security Bulletin MS13-069 - Critical
Cumulative Security Update for Internet Explorer (28706990)
https://technet.microsoft.com/en-us/security/bulletin/ms13-069

Microsoft Security Bulletin MS13-070 - Critical
Vulnerability in OLE Could Allow Remote Code Execution (2876217)
https://technet.microsoft.com/en-us/security/bulletin/ms13-070




Important (9)

Vulnerability in Windows Theme File Could Allow Remote Code Execution (2864063)
http://go.microsoft.com/fwlink/?LinkID=314046

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537)
http://go.microsoft.com/fwlink/?LinkId=299217

Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2858300)
http://go.microsoft.com/fwlink/?LinkId=293351

Vulnerabilities in Microsoft Access Could Allow Remote Code Execution (2848637)
http://go.microsoft.com/fwlink/?LinkId=308989

Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2878687)
http://go.microsoft.com/fwlink/?LinkId=318022

Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2876315)
http://go.microsoft.com/fwlink/?LinkID=320624

Vulnerability in Windows Service Control Manager Could Allow Elevation of Privilege (2872339)
http://go.microsoft.com/fwlink/?LinkID=320630

Vulnerability in FrontPage Could Allow Information Disclosure (2825621)
http://go.microsoft.com/fwlink/?LinkId=318021

Vulnerability in Active Directory Could Allow Denial of Service (2853587)
http://go.microsoft.com/fwlink/?LinkID=320666
Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Microsoft Security Advisory (2755801)

Update for Vulnerabilities in Adobe Flash Player in Internet Explorer

Published: Friday, September 21, 2012 | Updated: Tuesday, September 10, 2013

Version: 15.0


General Information

Executive Summary

Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, and Windows RT. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11.

Advisory Details

Current Update

Microsoft recommends that customers apply the current update immediately using update management software, or by checking for updates using the Microsoft Update service. Since the update is cumulative, only the current update will be offered. Customers do not need to install previous updates as a prerequisite for installing the current update.
On September 10, 2013, Microsoft released an update (2880289) for Internet Explorer 10 on all supported editions of Windows 8, Windows Server 2012, and Windows RT. The update addresses the vulnerabilities described in Adobe Security bulletin APSB13-21. For more information about this update, including download links, see Microsoft Knowledge Base Article 2880289.

Notes The update for Windows RT is available via Windows Update only.
The update is also available for Internet Explorer 11 Preview in Windows 8.1 Preview and Windows RT 8.1 Preview releases, as well as for Internet Explorer 11 in Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 releases. The update is available via Windows Update.

http://technet.microsoft.com/en-us/security/advisory/2755801

 

Microsoft Security Bulletin Minor Revisions - Sep 13, 2013

Summary

The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS13-063
* MS13-067
* MS13-072
* MS13-073
* MS13-074

Bulletin Information:

* MS13-063 - Important

- »technet.microsoft.com/security/b···ms13-063
- Reason for Revision: V1.2 (September 13, 2013): Corrected
update replacement for all affected software excluding Windows XP
and Windows 8. This is an informational change only.
- Originally posted: August 13, 2013
- Updated: September 13, 2013
- Bulletin Severity Rating: Important
- Version: 1.2

* MS13-067 - Critical

https://technet.microsoft.com/security/bulletin/ms13-063
- Reason for Revision: V1.2 (September 13, 2013): Revised
bulletin to announce a detection change for the Excel Services
on Microsoft SharePoint Server 2007 update (2760589).
This is a detection change only. There were no changes to
the update files. Customers who have successfully installed
the update do not need to take any action.
- Originally posted: September 10, 2013
- Updated: September 13, 2013
- Bulletin Severity Rating: Critical
- Version: 1.2

* MS13-072 - Important
https://technet.microsoft.com/security/bulletin/ms13-067

- Reason for Revision: V1.1 (September 13, 2013): Revised
bulletin to announce detection changes for the Microsoft
Office 2007 update (2760411) and the Microsoft Word 2010
update (2767913). These are detection changes only. There
were no changes to the update files. Customers who have
successfully installed the updates do not need to take
any action. Also updated the Known Issues entry in the
Knowledge Base Article section from "Yes" to "None".
- Originally posted: September 10, 2013
- Updated: September 13, 2013
- Bulletin Severity Rating: Important
- Version: 1.1

* MS13-073 - Important
https://technet.microsoft.com/security/bulletin/ms13-072

- Reason for Revision: V1.1 (September 13, 2013): Revised
bulletin to announce detection changes for the Microsoft
Excel 2003 update (2810048), Microsoft Excel 2007 update
(2760583), Microsoft Office Excel Viewer update (2760590),
and Microsoft Office Compatibility Pack update (2760588).
These are detection changes only. There were no changes
to the update files. Customers who have successfully
installed the updates do not need to take any action.
Also updated the Known Issues entry in the Knowledge
Base Article section from "Yes" to "None".
- Originally posted: September 10, 2013
- Updated: September 13, 2013
- Bulletin Severity Rating: Important
- Version: 1.1

* MS13-074 - Important
https://technet.microsoft.com/security/bulletin/ms13-073

- Reason for Revision: V1.1 (September 13, 2013): Revised
bulletin to announce a detection change for the Microsoft
Access 2013 (64-bit editions) update (2810009). This is a
detection change only. There were no changes to the update
files. Customers who have successfully installed the
update do not need to take any action.
- Originally posted: September 10, 2013
- Updated: September 13, 2013
- Bulletin Severity Rating: Important
- Version: 1.1

 

Microsoft security bulletin for October 8 2013
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).
http://technet.microsoft.com/en-us/security/bulletin/ms13-oct

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

Critical (4)
Microsoft Security Bulletin MS13-080
Cumulative Security Update for Internet Explorer (2879017)
http://technet.microsoft.com/en-us/security/bulletin/ms13-080

Microsoft Security Bulletin MS13-081
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008)
http://technet.microsoft.com/en-us/security/bulletin/ms13-081

Microsoft Security Bulletin MS13-082
Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2878890)
http://technet.microsoft.com/en-us/security/bulletin/ms13-082

Microsoft Security Bulletin MS13-083
Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2864058)
http://technet.microsoft.com/en-us/security/bulletin/ms13-083





Important (4)
Microsoft Security Bulletin MS13-084
Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2885089)
http://technet.microsoft.com/en-us/security/bulletin/ms13-084

Microsoft Security Bulletin MS13-085
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080)
http://technet.microsoft.com/en-us/security/bulletin/ms13-085

Microsoft Security Bulletin MS13-086
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2885084)
http://technet.microsoft.com/en-us/security/bulletin/ms13-086

Microsoft Security Bulletin MS13-087
Vulnerability in Silverlight Could Allow Information Disclosure (2890788)
http://technet.microsoft.com/en-us/security/bulletin/ms13-087


Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Microsoft Security Bulletin Minor Revisions - Oct 10, 2013

Summary

The following bulletins have undergone minor revision increments.
Please see the bulletins for more details.

* MS13-080
* MS13-082
* MS13-oct

Bulletin Information:

* MS13-080 - Critical

https://technet.microsoft.com/security/bulletin/ms13-080
- Reason for Revision: V1.3 (October 10, 2013): Bulletin
revised to remove CVE-2013-3871 from the vulnerabilities
addressed by this update. Including this CVE in the
original security bulletin text was a documentation error.
CVE-2013-3871 is scheduled to be addressed in a future
security update. This is an informational change only.
Customers who have already successfully updated their
systems do not need to take any action.
- Originally posted: October 8, 2013
- Updated: October 10, 2013
- Bulletin Severity Rating: Critical
- Version: 1.3

* MS13-082 - Critical

https://technet.microsoft.com/security/bulletin/ms13-082
- Reason for Revision: V1.1 (October 10, 2013): Bulletin
revised to indicate that Server Core installations of
Windows Server 2012 are affected by the vulnerability
addressed in the 2861194 update. This is an informational
change only. There were no changes to the detection logic
or the security update files. Customers who have already
successfully updated their systems do not need to take
any action.
- Originally posted: October 8, 2013
- Updated: October 10, 2013
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS13-oct

https://technet.microsoft.com/security/bulletin/ms13-oct
- Reason for Revision: V1.1 (October 10, 2013): For MS13-080,
removed Exploitability Assessment in the Exploitability
Index for CVE-2013-3871. Including this CVE in the original
Exploitability Index was a documentation error. CVE-2013-
3871 is scheduled to be addressed in a future security
update. This is an informational change only. For MS13-082,
revised bulletin to indicate that Server Core installations
of Windows Server 2012 are affected by the vulnerability
addressed in the 2861194 update. There were no changes to
the detection logic or the security update files. Customers
who have already successfully updated their systems do not
need to take any action.
- Originally posted: October 8, 2013
- Updated: October 10, 2013
- Version: 1.1
--

 

Microsoft security bulletin for November 12 2013
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).


Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

http://technet.microsoft.com/en-us/security/bulletin/ms13-nov

Critical (3)

Microsoft Security Bulletin MS13-088 - Critical

Cumulative Security Update for Internet Explorer (2888505)

Published: Tuesday, November 12, 2013
https://technet.microsoft.com/en-us/security/bulletin/ms13-088



Microsoft Security Bulletin MS13-089 - Critical

Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution (2876331)

Published: Tuesday, November 12, 2013
https://technet.microsoft.com/en-us/security/bulletin/ms13-089


Microsoft Security Bulletin MS13-090 - Critical

Cumulative Security Update of ActiveX Kill Bits (2900986)

Published: Tuesday, November 12, 2013
https://technet.microsoft.com/en-us/security/bulletin/ms13-090



Important (5)


Microsoft Security Bulletin MS13-091 - Important

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2885093)

Published: Tuesday, November 12, 2013
https://technet.microsoft.com/en-us/security/bulletin/ms13-091


Microsoft Security Bulletin MS13-092 - Important

Vulnerability in Hyper-V Could Allow Elevation of Privilege (2893986)

Published: Tuesday, November 12, 2013
https://technet.microsoft.com/en-us/security/bulletin/ms13-092


Microsoft Security Bulletin MS13-093 - Important

Vulnerability in Windows Ancillary Function Driver Could Allow Information Disclosure (2875783)

Published: Tuesday, November 12, 2013
https://technet.microsoft.com/en-us/security/bulletin/ms13-093


Microsoft Security Bulletin MS13-094 - Important

Vulnerability in Microsoft Outlook Could Allow Information Disclosure (2894514)

Published: Tuesday, November 12, 2013
http://technet.microsoft.com/en-us/security/bulletin/ms13-094


Microsoft Security Bulletin MS13-095 - Important

Vulnerability in Digital Signatures Could Allow Denial of Service (2868626)

Published: Tuesday, November 12, 2013
https://technet.microsoft.com/en-us/security/bulletin/ms13-095


Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Microsoft Security Advisory (2914486)

Vulnerability in Microsoft Windows Kernel Could Allow Elevation of Privilege

Published: Wednesday, November 27, 2013


Revisions
V1.0 (November 27, 2013): Advisory published.
https://technet.microsoft.com/en-us/security/advisory/2914486

 

Microsoft security bulletin for December 10 2013
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).


Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

http://technet.microsoft.com/en-us/security/bulletin/ms13-dec

Critical (5)

Microsoft Security Bulletin MS13-096
Vulnerability in Microsoft Graphics Component Could allow Remote Code Execution (2908005)
http://technet.microsoft.com/en-us/security/bulletin/ms13-096

Microsoft Security Bulletin MS13-097
Cumulative Security Update for Internet Explorer (2898785)
http://technet.microsoft.com/en-us/security/bulletin/ms13-097

Microsoft Security Bulletin MS13-098
Vulnerability in Windows Could Allow Remote Code Execution (2893294)
http://technet.microsoft.com/en-us/security/bulletin/ms13-098

Microsoft Security Bulletin MS13-099
Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution (2909158)
http://technet.microsoft.com/en-us/security/bulletin/ms13-099

Microsoft Security Bulletin MS13-105
Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2915705)
http://technet.microsoft.com/en-us/security/bulletin/ms13-105





Important (6)



Microsoft Security Bulletin MS13-100
Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2904244)
http://technet.microsoft.com/en-us/security/bulletin/ms13-100

Microsoft Security Bulletin MS13-101
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2880430)
http://technet.microsoft.com/en-us/security/bulletin/ms13-101

Microsoft Security Bulletin MS13-102
Vulnerability in LRPC Client Could Allow Elevation of Privilege (2898715)
http://technet.microsoft.com/en-us/security/bulletin/ms13-102

Microsoft Security Bulletin MS13-103
Vulnerability in ASP.NET SignalR Could Allow Elevation of Privilege (2905244)
http://technet.microsoft.com/en-us/security/bulletin/ms13-103

Microsoft Security Bulletin MS13-104
Vulnerability in Microsoft Office Could Allow Information Disclosure (2909976)
http://technet.microsoft.com/en-us/security/bulletin/ms13-104

Microsoft Security Bulletin MS13-106
Vulnerability in a Microsoft Office Shared Component Could Allow Security Feature Bypass (2905238)
http://technet.microsoft.com/en-us/security/bulletin/ms13-106

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Title: Microsoft Security Advisory Notification
Issued: December 13, 2013
********************************************************************

Security Advisories Updated or Released Today ==============================================

* Microsoft Security Advisory (2915720)
- Title: Changes in Windows Authenticode Signature Verification
- https://technet.microsoft.com/security/advisory/2915720
- Revision Note: V1.1 (December 13, 2013): Corrected the registry
key information in the Test the Improvement to Authenticode
Signature Verification suggested action. Customers who have
applied or plan to apply the suggested action should review
the revised information.
http://technet.microsoft.com/en-us/security/advisory/2915720

 

Microsoft security bulletin for January 14 2014
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).


Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

http://technet.microsoft.com/en-us/security/bulletin/ms14-jan

Critical (0)






Important (4)

Microsoft Security Bulletin MS14-001 - Important

Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605)

Published: Tuesday, January 14, 2014
https://technet.microsoft.com/en-us/security/bulletin/ms14-001



Microsoft Security Bulletin MS14-002 - Important

Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2914368)

Published: Tuesday, January 14, 2014
https://technet.microsoft.com/en-us/security/bulletin/ms14-002



Microsoft Security Bulletin MS14-003 - Important

Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2913602)

Published: Tuesday, January 14, 2014
https://technet.microsoft.com/en-us/security/bulletin/ms14-003



Microsoft Security Bulletin MS14-004 - Important

Vulnerability in Microsoft Dynamics AX Could Allow Denial of Service (2880826)

Published: Tuesday, January 14, 2014
https://technet.microsoft.com/en-us/security/bulletin/ms14-004



Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.

 

Microsoft security bulletin for February 11 2014
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).


Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

http://technet.microsoft.com/en-us/security/bulletin/ms14-feb

Critical (4)

Microsoft Security Bulletin MS14-010
Cumulative Security Update for Internet Explorer (2909921)
http://technet.microsoft.com/en-us/security/bulletin/ms14-010

Microsoft Security Bulletin MS14-011
Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390)
http://technet.microsoft.com/en-us/security/bulletin/ms14-011

Microsoft Security Bulletin MS14-007
Vulnerability in Direct2D Could Allow Remote Code Execution (2912390)
http://technet.microsoft.com/en-us/security/bulletin/ms14-007

Microsoft Security Bulletin MS14-008
Vulnerability in Microsoft Forefront Protection for Exchange Could Allow Remote Code Execution (2927022)
http://technet.microsoft.com/en-us/security/bulletin/ms14-008




Important (3)

Microsoft Security Bulletin MS14-009
Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2916607)
http://technet.microsoft.com/en-us/security/bulletin/ms14-009

Microsoft Security Bulletin MS14-005
Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2916036)
http://technet.microsoft.com/en-us/security/bulletin/ms14-005

Microsoft Security Bulletin MS14-006
Vulnerability in IPv6 Could Allow Denial of Service (2904659)
http://technet.microsoft.com/en-us/security/bulletin/ms14-006

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.