Sales
0161 215 3814
0800 953 0642
Support
0800 230 0032
0161 215 3711

July 2013 Microsoft Security Bulletin Release

As mentioned in July’s Advance notification post this month’s security bulletin releases are now confirmed to contain 7 bulletins.  6 bullettins are rated critical and 1 bullettin is rated as important. Microsoft has recommended for all security updates to be installed asap.

The following table shows affected software by bulletin and the likelihood of an Operating System restart being required and hence impacting on services provided:

Bulletin ID Bulletin Title and Executive Summary Maximum Severity Rating and Vulnerability Impact Restart Requirement Affected Software
MS13-052 Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution (2861561)

This security update resolves five privately reported vulnerabilities and two publicly disclosed vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a trusted application uses a particular pattern of code. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Critical
Remote Code Execution
May require restart Microsoft Windows,
Microsoft .NET Framework,
Microsoft Silverlight
MS13-053 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851)

This security update resolves two publicly disclosed and six privately reported vulnerabilities in Microsoft Windows. The most severe vulnerability could allow remote code execution if a user views shared content that embeds TrueType font files. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Critical
Remote Code Execution
Requires restart Microsoft Windows
MS13-054 Vulnerability in GDI+ Could Allow Remote Code Execution (2848295)

This security update resolves a privately reported vulnerability in Microsoft Windows, Microsoft Office, Microsoft Lync, and Microsoft Visual Studio. The vulnerability could allow remote code execution if a user views shared content that embeds TrueType font files.

Critical
Remote Code Execution
May require restart Microsoft Windows,
Microsoft Office,
Microsoft Visual Studio,
Microsoft Lync
MS13-055 Cumulative Security Update for Internet Explorer (2846071) 

This security update resolves seventeen privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Critical
Remote Code Execution
Requires restart Microsoft Windows,
Internet Explorer
MS13-056 Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2845187)

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted image file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Critical
Remote Code Execution
May require restart Microsoft Windows
MS13-057 Vulnerability in Windows Media Format Runtime Could Allow Remote Code Execution (2847883)

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Critical
Remote Code Execution
May require restart Microsoft Windows
MS13-058 Vulnerability in Windows Defender Could Allow Elevation of Privilege (2847927)

This security update resolves a privately reported vulnerability in Windows Defender for Windows 7 and Windows Defender when installed on Windows Server 2008 R2. The vulnerability could allow elevation of privilege due to the pathnames used by Windows Defender. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.

Important
Elevation of Privilege
Does not require restart Microsoft Security Software

 

So in summary, we are likely to see updates requiring reboots of servers this month. (As usual, as a UKFast customer, you benefit from these updates being applied automatically unless you have opted out of this service.)

Share with:

Enjoy this article?