CERT mailing list archives
TA13-317A: Microsoft Updates for Multiple Vulnerabilities
From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Sat, 16 Nov 2013 06:06:43 -0600
NCCIC / US-CERT National Cyber Awareness System: TA13-317A: Microsoft Updates for Multiple Vulnerabilities [ https://www.us-cert.gov/ncas/alerts/TA13-317A ] 11/13/2013 07:12 AM EST Original release date: November 13, 2013 | Last revised: November 16, 2013 Systems Affected * Windows Operating System and Components * Microsoft Office * Internet Explorer Overview Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities. Description The Microsoft Security Bulletin Summary for November 2013 [ http://technet.microsoft.com/en-us/security/bulletin/ms13-nov ] describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address these vulnerabilities. The November Security Bulletin includes a patch for the new “watering hole” campaign which utilizes a US-based website that specializes in domestic and international security policy. Impact These vulnerabilities could allow remote code execution, elevation of privilege, information disclosure or denial of service. Solution *Apply Updates* Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for November 2013 [ http://technet.microsoft.com/en-us/security/bulletin/ms13-nov ], which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services [ http://www.us-cert.gov/redirect?url=http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Fwsus%2Fdefault.aspx ] (WSUS). Home users are encouraged to enable automatic updates [ http://www.us-cert.gov/redirect?url=http%3A%2F%2Fwindows.microsoft.com%2Fen-us%2Fwindows-vista%2FTurn-automatic-updating-on-or-off ]. References * Microsoft Security Bulletin Summary for November 2013 [ http://technet.microsoft.com/en-us/security/bulletin/ms13-nov ] * Microsoft Windows Server Update Services [ http://technet.microsoft.com/en-us/windowsserver/bb332157.aspx ] * Turn Automatic Updating On or Off [ http://windows.microsoft.com/en-us/windows/turn-automatic-updating-on-off#turn-automatic-updating-on-off=windows-vista ] Revision History * November 13, 2013: Initial Release ________________________________________________________________________ This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy & Use [ http://www.us-cert.gov/privacy/ ] policy. ________________________________________________________________________ OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ http://www.us-cert.gov/related-resources ] STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Current thread:
- TA13-317A: Microsoft Updates for Multiple Vulnerabilities US-CERT (Nov 16)