Advance notice of October Microsoft patches – to be released on Oct 8

Microsoft has just released their advance notice of the October Operating system and application patches to be released on Oct 8.  The details are available at –

http://technet.microsoft.com/en-gb/security/bulletin/ms13-oct

There are a total of eight patches scheduled to be released. Four of those patches are identified as CRITICAL and apply to the following products:

Bulletin  #1

  •    All current versions of Internet Explorer (versions 6-11) installed on workstations

Bulletin #2

  •   All Windows workstation OS versions excluding Windows RT* – Windows XP, Windows Vista, Windows 7, Windows 8
  •   All Windows Server OS versions – Windows server 2003, Server 2008, Server 2008R2, and Server 2012
  •   All server core installs of Server 2008, 2008R2 and 2012

 Bulletin #3

  •   All Windows workstation OS versions – Windows XP, Windows Vista, Windows 7, Windows 8 and Windows RT
  •   All Windows Server OS versions (with the exception of Itanium systems**) – Windows Server 2003, Server 2008, Server 2008R2, Server 2012

Bulletin #4

  •   All 64 bit versions of Windows workstation OS (except WinRT) – Windows XP-64, Windows Vista-64bit, Windows 7-64 bit, Windows 8 – 64bit.
  •   All 64 bit versions of Windows Server OS  – Windows server 2003, Server 2008, Server 2008R2, and Server 2012

 

*Note – Bulletin #2 is designated as IMPORTANT on Windows RT

**Note – Bulletin #3 is designated as IMPORTANT for the following Server operating systems in the Itanium platform – Server 2003, Server 2008, and Server 2008R2

Bulletins 5-8 are designated as IMPORTANT and apply to the following Microsoft products:

Bulletin#5 –

  •    Windows SharePoint services 3.0
  •    Windows SharePoint Foundation 2010
  •    Windows SharePoint Server 2013

 

Bulletin #6

  •    Microsoft Office 2007 – Excel 2007Sp3
  •    Microsoft Office 2010 – Excel 2010sp1 and sp2 (32 and 64 bit versions)
  •    Microsoft Office 2013 – Excel 2013 (32 and 64 bit versions)
  •    Microsoft Office 2013 – Excel 2013 RT
  •    Microsoft Office for Mac 2011
  •    Microsoft Office Compatibility pack SP3
  •    Office Excel viewer

Bulletin #7

  •  Microsoft Office 2003sp3 – Word 2003sp3
  •  Microsoft Office 2007sp3 – Word 2007sp3
  •  Microsoft Office Compatibility pack SP2

Bulletin #8

  •  Microsoft Silverlight 5

 

Additionally, Adobe is scheduled to release a security update for Adobe Reader and Acrobat on Tuesday, October 8. See the following URL for additional details.

http://www.adobe.com/support/security/bulletins/apsb13-25.html

Prenotification Security Advisory for Adobe Reader and Acrobat

 

Update 3:00 pm. Oct 8

Microsoft has just released the October patches.  Additional details are available at –  http://technet.microsoft.com/en-gb/security/bulletin/ms13-oct

 

The most significant issue is the Internet Explorer vulnerabilities being addressed in MS13-080 – http://technet.microsoft.com/en-us/security/bulletin/ms13-080  .  The MS13-080 patch addresses one vulnerability that had previously been publically disclosed and nine vulnerabilities that had only been disclosed privately prior to 10/8.  The publically disclosed vulnerability was originally identified in an out of band advisory issued by Microsoft on Sept 17.

 

As exploit code has been previously identified for the Internet Explorer vulnerabilities, the AgriLife ISO recommendation is to patch workstations immediately and servers as soon as possible.

Patches MS13-081/MS13-083 are also identified as CRITICAL but have a much smaller scope than Internet Explorer vulnerabilities.

  •  Patch MS13-81 is associated with seven privately reported vulnerabilities in Kernel mode drivers that could allow remote code execution if exploited. Microsoft has indicated that reliable exploit code has yet to be made available, but it is expected to be released within the next 30 days.
  • Patch MS13-82 is associated with two privately and one publically reported vulnerabilities in .NET framework that could allow remote code execution if exploited.  Microsoft has indicated that reliable exploit code is not expected to materialize in the next 30 days.
  • Patch MS13-83 is associated with a single privately reported vulnerability in 64 bit versions (32 bit versions are not affected) of Windows Common Control Library  that could allow remote code execution if exploited. Microsoft indicated that reliable exploit code has not been made available but it is expected to materialize within the next 30 days.

NOTE: This patch should be applied to servers as soon as possible

 

IMPORTANT patches

Patch MS13-84 is associated with a two privately reported vulnerabilities in 2007-2013 SharePoint servers that could allow remote code execution if exploited. As of Oct 8, exploit code has yet to be identified and Microsoft has indicated that reliable exploit code is expected to be difficult to develop.

NOTE: This patch should be applied to servers as soon as possible

  • Patch MS13-85 is associated with two privately reported vulnerabilities in all current versions of Excel. The vulnerability could allow remote code execution if exploited but as of this time, Microsoft has indicated reliable exploit code would be difficult to develop.

 

  • Patch MS13-86 is associated with two privately reported vulnerabilities in Word 2003 and Word 2007. The vulnerability could allow remote code execution if exploited. As of this time, no exploit code has been identified, but it is expected to materialize within the next 30 days.

 

As a reminder, Adobe issued an update to Flash on Oct 8. The current version of flash for Windows and Macintosh web browsers is 11.9.900.117. The current version for Linux web browsers is 11.9.900.117 for Chrome and 11.2.202.310 for Firefox/Thunderbird and SeaMonkey.

Tags:

Categories: Uncategorized