dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2360
share rss forum feed


NICK ADSL UK
Premium,MVM
join:2004-02-22
kudos:16
Reviews:
·Zen Internet

1 edit

4 recommendations

Microsoft out-of-band security bulletin for January 2013

Microsoft out-of-band security bulletin for January 2013
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
»technet.microsoft.com/en-us/secu···ms13-jan

Critical (1)

Security Update for Internet Explorer (2799329)

This security update resolves one publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
»technet.microsoft.com/en-us/secu···/2794220

Important (0)

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.
--
Wilders Security Forum Admin
Microsoft MVP - Consumer Security



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 recommendation

»Microsoft Security Bulletin Advance Notification for 14th!
--
Don't feed trolls--it only makes them grow!


dp
Premium,MVM
join:2000-12-08
Greensburg, PA
kudos:7

1 recommendation

reply to NICK ADSL UK
Thank you Nick


NICK ADSL UK
Premium,MVM
join:2004-02-22
kudos:16
Reviews:
·Zen Internet
reply to NICK ADSL UK
TechNet Webcast: Information About the January Out of Band Security Bulletin Release

Event ID: 1032541648


Starts: Monday, January 14, 2013 1:00 PM
Time zone: (GMT-08:00) Pacific Time (US & Canada)
Duration: 1 hour(s)

Language(s): English.


Product(s): computer security and information security.

Audience(s): IT Decision Maker, IT Implem_IT Generalist and IT Manager.

Information about the January 2013 Out-of-Band Security Bulletin Webcast

Presented by:

Dustin Childs, Group Manager, Response Communications, Microsoft Corporation

and

Jonathan Ness, Security Development Manager, Microsoft Corporation

Register now for the January Out of Band Security Bulletin Release Monday, January 14, 2013 1:00 PM webcast.
--
Wilders Security Forum Admin
Microsoft MVP - Consumer Security


Jrb2
Premium
join:2001-08-31
kudos:3

1 recommendation

reply to NICK ADSL UK

art22gg
Premium
join:2005-02-16
Courtenay, BC
kudos:6

1 recommendation

reply to NICK ADSL UK
Thanks Nick...


chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS

2 recommendations

reply to NICK ADSL UK
Thanks Nick.

Internet Explorer 9 and 10 are not vulnerable to this exploit.

"If you applied the Fix it released in Security Advisory 2794220, you won’t need to uninstall it before applying the security update": »blogs.technet.com/b/msrc/archive···ted=true

"However, the Fix it is no longer needed after the security update is installed, so we are recommending that you uninstall it after you have applied the update to your system"..»blogs.technet.com/b/msrc/archive···ted=true

It won't hurt to leave it be, if so inclined.


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17

However, the Fix it is no longer needed after the security update is installed, so we are recommending that you uninstall it after you have applied the update to your system.



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
Curious as to how one does this? I looked under add/remove programs (and updates) and didn't see the FixIt. The FixIt itself seems to have been removed from Microsoft's site.
--
Don't feed trolls--it only makes them grow!


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
This is curious. Will have to ask around to see if others are seeing the same as you.
Perhaps the FixIt does not appear when enabled under Add | Remove Programs. More as I know more.



Smokey Bear
veritas odium parit
Premium
join:2008-03-15
Annie's Pub
kudos:4

1 recommendation

reply to chachazz
said by chachazz:
"However, the Fix it is no longer needed after the security update is installed, so we are recommending that you uninstall it after you have applied the update to your system"..»blogs.technet.com/b/msrc/archive···ted=true

It won't hurt to leave it be, if so inclined.

Thanks chachazz See Profile, it will indeed not hurt to leave the Fix-it, because MS explained in FAQ Microsoft Security Bulletin MS13-008 - Critical - Security Update for Internet Explorer (2799329):

quote:
If I applied the automated Microsoft Fix it solution for Internet Explorer in Microsoft Security Advisory 2794220, do I need to undo the workaround before applying this update?

Customers who implemented the Microsoft Fix it solution, "MSHTML Shim Workaround," in Microsoft Security Advisory 2794220, do not need to undo the Microsoft Fix it solution.
»technet.microsoft.com/en-us/secu···ms13-008
--
»bit.ly/gUqYaH - C. Brian Smith: Think of the exclamation point as a car horn: a little goes a long way. Lay on it too hard and everyone’s going to think you’re a moron.

redwolfe_98
Premium
join:2001-06-11
kudos:1
Reviews:
·Time Warner Cable

1 edit

1 recommendation

reply to StuartMW
said by StuartMW:

The FixIt itself seems to have been removed from Microsoft's site

if you look at the MS webpage for the IE-update, then go to "security update deployment", then "file information", the webpage that that takes you to has the "fixit's", along with the "file information" for the update..

microsoft always has one file for installing a "fixit" and one file for uninstalling the "fixit".. i don't think you would see an uninstall for a "fixit" in windows "add/remove"..

incidentally, i thought it was odd that the "file information" for the IE-update was tacked onto the webpages for the "fixit's"..

here is a link for the webpage for the IE-update:

»technet.microsoft.com/en-us/secu···ms13-008

here is the webpage with the "fixit's" and the file-information for the IE-update:

»support.microsoft.com/kb/2799329


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
Thanks. Got the "Disable" FixIt (MicrosoftFixit50972.msi).
--
Don't feed trolls--it only makes them grow!


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
said by StuartMW:

Thanks. Got the "Disable" FixIt (MicrosoftFixit50972.msi).

You're welcome


Corrine
Premium
join:2004-08-27
kudos:2
reply to Smokey Bear
The rest of the FAQ in »technet.microsoft.com/en-us/secu···ms13-008 includes:

However, since the workaround is no longer needed, customers may wish to undo the workaround after installing this update. See the vulnerability workarounds in this bulletin for more information on how to undo this workaround.
--
Microsoft MVP; Admin Council & Charter Member ASAP;
Visit the Security Garden, Where Everything is Coming up Roses"


chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS
reply to Smokey Bear
said by Smokey Bear:

said by chachazz:
"However, the Fix it is no longer needed after the security update is installed, so we are recommending that you uninstall it after you have applied the update to your system"..»blogs.technet.com/b/msrc/archive···ted=true

It won't hurt to leave it be, if so inclined.

Thanks chachazz See Profile, it will indeed not hurt to leave the Fix-it, because MS explained in FAQ Microsoft Security Bulletin MS13-008 - Critical - Security Update for Internet Explorer (2799329):

quote:
If I applied the automated Microsoft Fix it solution for Internet Explorer in Microsoft Security Advisory 2794220, do I need to undo the workaround before applying this update?

Customers who implemented the Microsoft Fix it solution, "MSHTML Shim Workaround," in Microsoft Security Advisory 2794220, do not need to undo the Microsoft Fix it solution.
»technet.microsoft.com/en-us/secu···ms13-008

Great, thanks for clarifying, Smokey Bear See Profile.

That's what users really need to know.


therube

join:2004-11-11
Randallstown, MD
reply to NICK ADSL UK
Updated 3 computers, through automatic updates, seemingly without incident.

(IE itself is only used on 1 of the 3.)


Smokey Bear
veritas odium parit
Premium
join:2008-03-15
Annie's Pub
kudos:4
reply to chachazz
said by chachazz :

Great, thanks for clarifying, Smokey Bear See Profile.

That's what users really need to know.

I have to thank YOU for posting the correct info concerning the fix-it, I (better say MS) only confirmed
--
»bit.ly/gUqYaH - C. Brian Smith: Think of the exclamation point as a car horn: a little goes a long way. Lay on it too hard and everyone’s going to think you’re a moron.


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

1 recommendation

reply to StuartMW
Per the Webcast Information About the January Out of Band Security Bulletin Release
quote:
Remove MS FixIt 50971 post patching. It will slow down the launching of IE/browsing.
Noteworthy comments here: »Re: Microsoft Security Bulletin Advance Notification for 14th!

Libra
Premium
join:2003-08-06
USA
kudos:1
Reviews:
·Verizon FiOS

1 recommendation

Thank you for alerting us to the out-of-bands security update.

I was finding the directions regarding the removal of the fixit prior to the security update curious. I recall the fixit advisory said to remove the fixit prior to patching since it will slow down IE. That's what I did. Whenever I apply a fixit I always download the removal fixit to have in safe keeping.

Two computers required no reboot, one did.

Sincerely, Libra


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
You're most welcome, Libra See Profile Happy to have been able to contribute in a positive way to this thread.


therube

join:2004-11-11
Randallstown, MD
Reviews:
·Comcast
·Verizon Online DSL
reply to NICK ADSL UK
Just want to point out, which I hadn't realized before, but Windows 7 (at least the from factory version on an Acer that I was looking at) came with IE8.

So it is more then "old" browsers or "old" OS's, but Windows 7 (& I would then think Vista) too that had affected browsers (IE6-IE8).

(After the fact, IE9 is offered as an update.)