Home > Microsoft Security > Microsoft Security Newsletter - January 2013

Microsoft Security Newsletter - January 2013

Contents

For more information, see the following:Microsoft Knowledge Base Article 2920727Microsoft Knowledge Base Article 2881029Microsoft Knowledge Base Article 2881067Microsoft Knowledge Base Article 3039794Microsoft Knowledge Base Article 3124585 Page generated 2016-02-22 10:14-08:00. Please try again now or at a later time. This update fixes an issue wherein IE 10 doesn’t save credentials for a website after you log off or restart a computer running the named operating systems.KB2786400 - Update for Windows The Software Update Management in System Center Configuration Manager is built on Microsoft Windows Software Update Services (WSUS), a time-tested update infrastructure that is familiar to IT administrators worldwide. http://splashwebservices.com/microsoft-security/microsoft-security-bulletin-for-january-10-2012.php

Review the whole column for each bulletin identifier that is listed to verify the updates that you have to install, based on the programs or components that you have installed on Review each of the assessments below, in accordance with your specific configuration, to prioritize your deployment of this month's updates. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. This update makes Windows 7 compliant with game ratings issued by various countries and adds new rating systems in Australia, Brazil, South Africa and New Zealand.KB2785094 - Update for Windows 8, read review

Microsoft Patch Tuesday

Security updates are also available at the Microsoft Download Center. You’ll be auto redirected in 1 second. Its end-to-end tools provide consistent policy enforcement, quick troubleshooting of security events, and summarized reports from across the security deployment. For more information about what these ratings mean, and how they are determined, please see Microsoft Exploitability Index.

This important update addresses one vulnerability in SSL/TLS in virtually all supported versions of Windows with the exception of Windows XP SP3 and Server 2003 SP2. Like the update above, this fixes some reliability, compatibility, performance and stability issues in .NET Framework 4.5 for the named operating systems.KB2763674 - Update for Windows Server 2008 and Windows Vista. Further, the impact ranges from moderate to critical, depending on the OS/software affected. Microsoft Security Bulletin July 2016 See the other tables in this section for additional affected software.   Microsoft Enterprise Resource Planning (ERP) Solutions Microsoft Dynamics AX 4.0 Bulletin Identifier MS14-004 Aggregate Severity Rating Important Microsoft Dynamics

This documentation is archived and is not being maintained. Microsoft Patches Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.Overview of affected Windows systems and their severity rating.Windows XP SP 3 - 1 Best practices recommend that systems connected directly to the Internet have a minimal number of ports exposed.MS13-002 - Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (2756145) - https://technet.microsoft.com/en-us/library/security/ms16-jan.aspx Microsoft Baseline Security Analyzer (MBSA) lets administrators scan local and remote systems for missing security updates and common security misconfigurations.

You can obtain the MSRC public PGP key at https://technet.microsoft.com/security/bulletin/pgp. Microsoft Security Bulletin September 2016 You should review each software program or component listed to see whether any security updates pertain to your installation. Security solutions for IT professionals: TechNet Security Troubleshooting and Support Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center Local support according to The automated vulnerability assessment in System Center Configuration Manager discovers needs for updates and reports on recommended actions.

Microsoft Patches

Had that happen once before a few months back ... https://www.cnet.com/forums/discussions/microsoft-security-bulletin-summary-for-january-2013-582490/ Gee thanx Microsoft, ever hear of error checking?But the final straw was Friday, after playing a game where I shut down a lot of stuff before I play I did a Microsoft Patch Tuesday LandzDown Team Articles OEM Supported Systems for Windows 10 Upgrade "So how did I get infected in the first place?" Using a Standard/Limited User Account Java, The Never-Ending Saga Understanding Microsoft Microsoft Security Bulletin October 2016 No updated version of the Microsoft Windows Malicious Software Removal Tool is available for out-of-band security bulletin releases.

Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. http://splashwebservices.com/microsoft-security/microsoft-security-essentials-icon.php The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Cisco Identity Services Engine gathers information from users, devices, infrastructure, and network services to enable organizations to enforce contextual-based business policies across the network. Microsoft Patch Tuesday October 2016

Track this discussion and email me when there are updates If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and The .NET Framework version 4 redistributable packages are available in two profiles: .NET Framework 4 and .NET Framework 4 Client Profile. .NET Framework 4 Client Profile is a subset of .NET Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion http://splashwebservices.com/microsoft-security/microsoft-security-essentails-64-bit.php For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications.

Use these tables to learn about the security updates that you may need to install. Patch Tuesday July 2016 Security Advisories and Bulletins Security Bulletin Summaries 2016 2016 MS16-JAN MS16-JAN MS16-JAN MS16-DEC MS16-NOV MS16-OCT MS16-SEP MS16-AUG MS16-JUL MS16-JUN MS16-MAY MS16-APR MS16-MAR MS16-FEB MS16-JAN TOC Collapse the table of content Expand We remain committed to working closely with Adobe to deliver quality protections that are aligned with Adobe's update process.Security Advisory 973811This advisory is being revised to add a Fix it that

The most severe of these vulnerabilities could allow elevation of privilege if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs).

Bulletin Information Executive Summaries The following table summarizes the security bulletins for this month in order of severity. See the other tables in this section for additional affected software.   Microsoft Developer Tools and Software Microsoft Silverlight Bulletin Identifier              MS16-006 Aggregate Severity Rating                                                      Critical Microsoft Silverlight 5 Microsoft Silverlight After this date, this webcast is available on-demand. Ms16-063 For more information, see the MSDN article, Installing the .NET Framework.   Microsoft Office Suites and Software Microsoft Office Suites and Components Bulletin Identifier MS13-002 Aggregate Severity Rating Critical Microsoft Office

See the other tables in this section for additional affected software. Disruptive posting: Flaming or offending other usersIllegal activities: Promote cracked software, or other illegal contentOffensive: Sexually explicit or offensive languageSpam: Advertisements or commercial links Submit report Cancel report Track this discussion This critical update addresses one vulnerability present in Windows 7 and Server 2008 R2 that could be exploited to allow an attack to remotely execute code on the computer by sending http://splashwebservices.com/microsoft-security/microsoft-security-bulletin-s-for-march-8.php Preview post Submit post Cancel post You are reporting the following post: Microsoft Security Bulletin Summary for January 2013 This post has been flagged and will be reviewed by our staff.

Obtaining Other Security Updates Updates for other security issues are available from the following locations: Security updates are available from Microsoft Download Center. Use these tables to learn about the security updates that you may need to install. Obtaining Other Security Updates Updates for other security issues are available from the following locations: Security updates are available from Microsoft Download Center. In the columns below, "Latest Software Release" refers to the subject software, and "Older Software Releases" refers to all older, supported releases of the subject software, as listed in the "Affected

See Microsoft Knowledge Base Article 3114503 for more information. Executive Summaries The following table summarizes the security bulletins for this month in order of severity. The vulnerabilities could allow an attacker to execute arbitrary code, conduct cross-site scripting attacks, gain access to sensitive information, bypass security controls, cause a denial of service condition, or gain elevated Register now for the January Security Bulletin Webcast.

If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. Please refer to our CNET Forums policies for details. Maximum Security Impact: Security Feature Bypass Aggregate Severity Rating: Important Maximum Exploitability Index: Not Applicable Maximum Denial of Service Exploitability Index: Not applicable Affected Products: Windows Vista, Windows Server 2008, Windows Most of the different updates here were included in your list.

See the other tables in this section for additional affected software.   Microsoft Office Services and Web Apps Microsoft SharePoint Server 2010 Bulletin Identifier MS14-001 Aggregate Severity Rating Important Microsoft SharePoint Some security updates require administrative rights following a restart of the system. MS13-007 Replace Denial of Service Vulnerability CVE-2013-0005 3 - Exploit code unlikely 3 - Exploit code unlikelyTemporaryThis is a denial of service vulnerability. Some software updates may not be detected by these tools.

The update requires you to restart the system.MS13-007/KB2769327 - Vulnerability in Open Data Protocol Could Allow Denial of Service (Windows XP SP3, Windows XP Pro x64 SP2, all editions of Windows