CERT mailing list archives

TA13-317A: Microsoft Updates for Multiple Vulnerabilities

From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Sat, 16 Nov 2013 06:06:43 -0600
NCCIC / US-CERT

National Cyber Awareness System:

TA13-317A: Microsoft Updates for Multiple Vulnerabilities [ https://www.us-cert.gov/ncas/alerts/TA13-317A ] 11/13/2013 
07:12 AM EST 
Original release date: November 13, 2013 | Last revised: November 16, 2013

Systems Affected

  * Windows Operating System and Components 
  * Microsoft Office 
  * Internet Explorer 

Overview

Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these 
vulnerabilities.

Description

The Microsoft Security Bulletin Summary for November 2013 [ 
http://technet.microsoft.com/en-us/security/bulletin/ms13-nov ] describes multiple vulnerabilities in Microsoft 
software. Microsoft has released updates to address these vulnerabilities. The November Security Bulletin includes a 
patch for the new “watering hole” campaign which utilizes a US-based website that specializes in domestic and 
international security policy.

Impact

These vulnerabilities could allow remote code execution, elevation of privilege, information disclosure or denial of 
service.

Solution

*Apply Updates*

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for November 2013 [ 
http://technet.microsoft.com/en-us/security/bulletin/ms13-nov ], which describes any known issues related to the 
updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, 
administrators should consider using an automated update distribution system such as Windows Server Update Services [ 
http://www.us-cert.gov/redirect?url=http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Fwsus%2Fdefault.aspx ] (WSUS). Home 
users are encouraged to enable automatic updates [ 
http://www.us-cert.gov/redirect?url=http%3A%2F%2Fwindows.microsoft.com%2Fen-us%2Fwindows-vista%2FTurn-automatic-updating-on-or-off
 ].

References

  * Microsoft Security Bulletin Summary for November 2013 [ 
http://technet.microsoft.com/en-us/security/bulletin/ms13-nov ] 
  * Microsoft Windows Server Update Services [ http://technet.microsoft.com/en-us/windowsserver/bb332157.aspx ] 
  * Turn Automatic Updating On or Off [ 
http://windows.microsoft.com/en-us/windows/turn-automatic-updating-on-off#turn-automatic-updating-on-off=windows-vista 
] 

Revision History

  * November 13, 2013: Initial Release 
________________________________________________________________________

This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ http://www.us-cert.gov/privacy/ ] policy.

________________________________________________________________________

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ] 

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Current thread:

TA13-317A: Microsoft Updates for Multiple Vulnerabilities US-CERT (Nov 16)