Jump to content
nsane.forums
Sign in to follow this  
Matsuda

Microsoft Patch Tuesday November 2013 - Overview

Recommended Posts

Matsuda

windows8patchtuesday_r1_c1_0.jpg

Microsoft is about to release this month's security updates and patches for Windows client and server operating systems.

A total of eight bulletins are released this month. Three of the bulletins have received a critical severity rating, the highest possible rating. The remaining five bulletins received a rating of important, the second highest rating.

The eight bulletins patch a total of 19 different vulnerabilities in Microsoft products.

As far as the affected software is concerned, six of the bulletins address issues in Microsoft Windows, and the remaining two vulnerabilities in Microsoft Office.

You find detailed information about the bulletins below. This includes the operating system and Office distribution, deployment suggestions, links to each bulletin to look up additional information, information about non-security updates that were released since the last Patch Day, and finally instructions on how to download those updates to your PC.

Operating System Distribution

The following list displays the bulletin distribution for each client and server operating system that Microsoft is supporting right now.

On the client side, Windows RT takes the crown once again with the least amount of vulnerabilities, followed by Windows 7 and earlier versions of Windows. Windows 8 and Windows 8.1 are affected more than any other client operating system this time.

On the server side of things, all Windows Server versions are affected in the same way by this month's security bulletins.

  • Windows XP: 3 critical, 2 important
  • Windows Vista: 3 critical, 2 important
  • Windows 7: 3 critical, 2 important
  • Windows 8: 3 critical, 3 important
  • Windows 8.1: 3 critical, 3 important
  • Windows RT: 3 critical, 1 important
  • Windows RT 8.1: 3 critical, 1 important
  • Windows Server 2003: 1 critical, 3 important, 1 moderate
  • Windows Server 2008: 1 critical, 3 important, 1 moderate
  • Windows Server 2008 R2: 1 critical, 3 important, 1 moderate
  • Windows Server 2012: 1 critical, 3 important, 1 moderate

Office Distribution

Office 2003 is only affected by one bulletin rated important, while all newer versions of Office are affected by an additional bulletin.

  • Microsoft Office 2003: 1 important
  • Microsoft Office 2007: 2 important
  • Microsoft Office 2010: 2 important
  • Microsoft Office 2013: 2 important

Deployment Guide

Microsoft releases a deployment guide on each Patch Day that offers suggestions for administrators and individual users about the order of deployment of the released Windows updates.

Priorities are assigned to each bulletin using several factors including a bulletins severity rating, whether it is exploited in the wild, and other factors.

While this may not be an issue at all on individual systems, as patches can be installed in a heartbeat on them, companies who do testing before patches are applied may use the information to test and deploy patches in optimal order using the guide.

bulletin-deployment-priority-660x371.jpg

  • Tier 1 updates: MS13-090 ActiveX Kill Bits, MS13-088 Internet Explorer and MS13-089 Windows GDI
  • Tier 2 updates: MS13-091 Office, MS13-092 Hyper-V and MS13-093 Windows AFD
  • Tier 3 updates: MS13-094 Outlook and MS13-096 XML Digital Signatures

severity-index-660x371.jpg

Security Bulletins

The first three are the critically rated bulletins, the remaining five have all been rated important.

  • MS13-088 Cumulative Security Update for Internet Explorer (2888505)
  • MS13-089 Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution (2876331)
  • MS13-090 Cumulative Security Update of ActiveX Kill Bits (2900986)
  • MS13-091 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2885093)
  • MS13-092 Vulnerability in Hyper-V Could Allow Elevation of Privilege (2893986)
  • MS13-093 Vulnerability in Windows Ancillary Function Driver Could Allow Information Disclosure (2875783)
  • MS13-094 Vulnerability in Microsoft Outlook Could Allow Information Disclosure (2894514)
  • MS13-095 Vulnerability in Digital Signatures Could Allow Denial of Service

Other Security related updates / changes

  • MS13-081: Security Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB2862330)

Non-security related updates

  • Update for Windows 7 and Windows Server 2008 R2 (KB2830477)
  • Language Packs for Windows 8.1 and Windows RT 8.1 (KB2839636)
  • Update for Windows 8, Windows RT, and Windows Server 2012 (KB2882780)
  • Update for Windows Small Business Server 2011 Essentials (KB2885313)
  • Update for Windows Home Server 2011 (KB2885314)
  • Update for Windows Storage Server 2008 R2 Essentials (KB2885315)
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2887595)
  • Update for Windows 8, Windows RT, and Windows Server 2012 (KB2889784)
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2890140)
  • Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2890141)
  • Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2890142)
  • Update for Windows 8, Windows RT, Windows Server 2012, Windows 7, and Windows Server 2008 R2 (KB2893519)
  • Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2897942)
  • Dynamic Update for Windows Server 2012 R2 (KB2902816)
  • Update for Windows RT 8.1 (KB2903601)
  • Update for Windows 8.1 (KB2904594)
  • Update for Windows RT 8.1 (KB2905029)
  • Windows Malicious Software Removal Tool - November 2013 (KB890830)/Windows Malicious Software Removal Tool - November 2013 (KB890830) - Internet Explorer Version
  • Update for Root Certificates for Windows 8.1, Windows 8, Windows 7, Windows Vista, and Windows XP (KB931125)
  • System Update Readiness Tool for Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista (KB947821) [November 2013]
  • Update for Windows 7 and Windows Server 2008 R2 (KB2515325)
  • Update for Windows 7 and Windows Server 2008 R2 (KB2647753)
  • Update for Windows 8, Windows RT, and Windows Server 2012 (KB2883201)
  • Internet Explorer 11 for Windows 7 and Windows Server 2008 R2 (KB2841134)
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2902892)
  • Update for Windows RT (KB2885699)
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2901549)
  • Dynamic Update for Windows RT 8.1 (KB2901630)
  • Language Packs for Windows RT (KB2607607)
  • Update for Windows 8 (KB2885699)
  • Update for Windows 8, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP (KB2890882)
  • Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update (KB951847) x86
  • Dynamic Update for Windows 8.1, Windows Server 2012 R2 and Windows RT 8.1 (KB2882342)
  • Dynamic Update for Windows 8.1, Windows Server 2012 R2 and Windows RT 8.1 (KB2882351)
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2883200)
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2884846)
  • Dynamic Update for Windows 8.1, Windows Server 2012 R2 and Windows RT 8.1 (KB2890139)
  • Dynamic Update for Windows 8.1 and Windows Server 2012 R2 (KB2890660)
  • Dynamic Update for Windows 8.1, Windows Server 2012 R2 and Windows RT 8.1 (KB2891213)
  • Dynamic Update for Windows 8.1, Windows Server 2012 R2 and Windows RT 8.1 (KB2891214)
  • Dynamic Update for Windows 8.1, Windows Server 2012 R2 and Windows RT 8.1 (KB2892082)
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2895219)
  • Dynamic Update for Windows 8.1, Windows Server 2012 R2 and Windows RT 8.1 (KB2895233)
  • Update for Windows 8.1 (KB2895586)
  • Update for Windows 8.1 (KB2895592)
  • Update for Windows 8.1 (KB2895614)
  • Dynamic Update for Windows 8.1 and Windows Server 2012 R2 (KB2898464)
  • Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update (KB951847)

Additional information

The Microsoft Security Bulletin Summary for this month is available here. All bulletins are described here in an overview, and with links that you can follow for additional information.

You may also want to check out this month's patch day overview on the Microsoft Security Response Center. Here you may find additional information about the patches.




search_button.gifSource

Edited by Matsuda

Share this post


Link to post
Share on other sites
Gamkutopolowk

we couldn't complete the updates - undoing changes :pos:

Edited by Gamkutopolowk

Share this post


Link to post
Share on other sites
eurobyn

be sure to turn off (Always) the antivirus software before updating windows !

otherwise it will have problems.

Share this post


Link to post
Share on other sites
janedoe

IE11 for Windows7 worth upgrading?

Absolutely, even IMO if you don't use IE. Since it's such an integral OS component better to keep it updated always, and anyway it is much improved now (although some sites/webdevs don't seem to have got the message yet unfortunately).

be sure to turn off (Always) the antivirus software before updating windows !

otherwise it will have problems.

I've never once bothered to turn off my AV before running WU and have never faced any issues. If an AV causes problems with WU then such a useless piece of s...oftware should be uninstalled immediately. Anyone with problems should try to narrow down which particular update is failing, what the error code is (refer to event logs and WU log files) and so on.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×