Advance notice of Microsoft patches for November – to be released on November 12
Microsoft has just released the advance notice of the November patches scheduled to be released on November 12. The notification is available at http://technet.microsoft.com/security/bulletin/ms13-nov
Eight patches are being released by Microsoft for November. Three patches are designated as CRITICAL and five are designated as IMPORTANT. The breakdown of what applications and operating systems are affected are as follows:
Bulletin #1 – CRITICAL – Remote Code Execution
Bulletin #1 for November affects all current versions of Internet Explorer on workstation operating systems and is assigned a CRITICAL designation. For server operating systems, an IMPORTANT classification is assigned for Internet Explorer versions 6-10 on Windows Server 2003-2012 and a MODERATE classification is assigned for Internet Explorer version 11 on Windows Server 2012R2.
Bulletin #2 – CRITICAL – Remote Code Execution
Bulletin #2 for November affects all current workstation AND server operating systems and is assigned a CRITICAL designation in all environments. That includes even server core only installations of Server 2008, Server 2008R2, Server 2012 and Server 2012R2.
Bulletin #3 – CRITICAL – Remote Code Execution
Bulletin #3 for November affects all current workstation operating systems and is assigned a designation of CRITICAL. For server operating systems the bulletin is assigned a MODERATE classification. The bulletin is not applicable for Server Core installations of server operating systems.
Bulletin #4 – IMPORTANT – Remote Code Execution
Bulletin #4 for November affects all current versions of MS-Office and is assigned a IMPORTANT designation for Office 2003, Office 2007, both 32 and 64 bit versions of Office 2010sp1 and also Office 2013 including runtime (or RT).
Note: No designation is assigned to Office 2010 service pack 2.
Bulletin #5 – IMPORTANT – Elevation of Privilege
Bulletin #5 for November only affects 64 bit versions of Windows 8 and is assigned an IMPORTANT designation. Windows Server 2012 full and Server 2012 server core installs are also affected and assigned an IMPORTANT designation for bulletin #5
Bulletin #6 – IMPORTANT – Information Disclosure
Bulletin #6 for November is assigned an IMPORTANT designation and applies to the following products: Windows XP 64 bit, Windows Vista 64 bit, Windows 7 64 bit, Server 2003 64 bit, Server 2003 for Itanium, Server 2008 64 bit and Server 2008 for Itanium, Server 2008R2 and 2008R2 for Itanium, and Server 2012. The important designation is also applicable for server core installations of Server 2008, 2008R2 and 2012.
Bulletin #7 – IMPORTANT – Information Disclosure
Bulletin #7 for November is assigned an IMPORTANT designation and affects the following versions of MS-Outlook: Outlook 2007sp3, Outlook 2010sp1 and sp2 (both 32 and 64 bit versions), and also all versions of Outlook 2013 included the Runtime (or RT).
Bulletin #8 – IMPORTANT – Denial of Service
Bulletin #8 for November is assigned an IMPORTANT designation and affects the following workstation operating systems: Windows XP (32 and 64 bit versions), Windows Vista (32 and 64 bit versions), Windows 7 (32 and 64 bit versions), Windows 8 and Windows 8.1 (32 and 64 bit versions) and also the Windows Runtime (RT) version.
The bulletin also applies to the following server operating systems: Server 2003 (32 and 64 bit versions), Server 2008 (32. 64 bit and Itanium versions), Server 2008R2 (64 and Itanium versions), Server 2012 and 2012R2. Bulletin #8 also applies to server core only installations of the following Windows Server operating systems: Server 2008, Server 2008R2, Server 2012 and Server 2012R2 and also is assigned an IMPORTANT designation.
Update November 13 8:45 a.m.
Microsoft released additional details about the patches for November. As previously indicated, eight bulletins were released by Microsoft on November 12. Three of the bulletins are classified as CRITICAL, the remaining five are classified as IMPORTANT.
The CRITICAL bulletins address a total of 10 privately reported vulnerabilities in Internet Explorer, a single privately reported vulnerability in the Graphics Device Interface (GDI) for Windows, and a single privately reported (that is currently being exploited) in the InformationCardSigninHelper Class ActiveX control.
As malicious code is expected to be deployed within the next 30 days for the Internet Explorer vulnerabilities and also for the GDI and ActiveX vulnerabilities, it is recommended that workstations be patched as soon as possible.
Adobe also issued an update for Flash on November 12. The current version for Windows, and Mac OS-X is 11.9.900.152
Tags: microsoft november