Reviews:
 ·Zen Internet
1 edit | Microsoft out-of-band security bulletin for January 2013 Microsoft out-of-band security bulletin for January 2013
Note: There may be latency issues due to replication, if the page does not display keep refreshing
Today Microsoft released the following Security Bulletin(s).
Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.
Bulletin Summary:
»technet.microsoft.com/en-us/secu···ms13-jan
Critical (1)
Security Update for Internet Explorer (2799329)
This security update resolves one publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
»technet.microsoft.com/en-us/secu···/2794220
Important (0)
Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.
As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.
Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.
--
Wilders Security Forum Admin
Microsoft MVP - Consumer Security
|
|
 StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 | »Microsoft Security Bulletin Advance Notification for 14th!
--
Don't feed trolls--it only makes them grow! |
|
|
|
 dpPremium,MVM
join:2000-12-08
Greensburg, PA
kudos:7 | reply to NICK ADSL UK
Thank you Nick  |
|
Reviews:
·Zen Internet
| reply to NICK ADSL UK
TechNet Webcast: Information About the January Out of Band Security Bulletin Release
Event ID: 1032541648
Starts: Monday, January 14, 2013 1:00 PM
Time zone: (GMT-08:00) Pacific Time (US & Canada)
Duration: 1 hour(s)
Language(s): English.
Product(s): computer security and information security.
Audience(s): IT Decision Maker, IT Implem_IT Generalist and IT Manager.
Information about the January 2013 Out-of-Band Security Bulletin Webcast
Presented by:
Dustin Childs, Group Manager, Response Communications, Microsoft Corporation
and
Jonathan Ness, Security Development Manager, Microsoft Corporation
Register now for the January Out of Band Security Bulletin Release Monday, January 14, 2013 1:00 PM webcast.
--
Wilders Security Forum Admin
Microsoft MVP - Consumer Security
|
|
Jrb2Premium
join:2001-08-31
kudos:3 | reply to NICK ADSL UK
Thanks Nick !
Got it.
»technet.microsoft.com/en-us/secu···ms13-008 |
|
art22ggPremium
join:2005-02-16
Courtenay, BC
kudos:5 | reply to NICK ADSL UK
Thanks Nick... |
|
| reply to NICK ADSL UK
Thanks Nick.
Internet Explorer 9 and 10 are not vulnerable to this exploit.
"If you applied the Fix it released in Security Advisory 2794220, you won’t need to uninstall it before applying the security update": »blogs.technet.com/b/msrc/archive···ted=true
"However, the Fix it is no longer needed after the security update is installed, so we are recommending that you uninstall it after you have applied the update to your system"..»blogs.technet.com/b/msrc/archive···ted=true
It won't hurt to leave it be, if so inclined. |
|
 siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17 | However, the Fix it is no longer needed after the security update is installed, so we are recommending that you uninstall it after you have applied the update to your system. |
|
StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 | Curious as to how one does this? I looked under add/remove programs (and updates) and didn't see the FixIt. The FixIt itself seems to have been removed from Microsoft's site.
--
Don't feed trolls--it only makes them grow! |
|
siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17 | This is curious. Will have to ask around to see if others are seeing the same as you.
Perhaps the FixIt does not appear when enabled under Add | Remove Programs. More as I know more.
|
|
 Smokey Bearveritas odium paritPremium
join:2008-03-15
Annie's Pub
kudos:4 | reply to chachazz
said by chachazz:
"However, the Fix it is no longer needed after the security update is installed, so we are recommending that you uninstall it after you have applied the update to your system"..»blogs.technet.com/b/msrc/archive···ted=true
It won't hurt to leave it be, if so inclined.
Thanks chachazz  , it will indeed not hurt to leave the Fix-it, because MS explained in FAQ Microsoft Security Bulletin MS13-008 - Critical - Security Update for Internet Explorer (2799329): quote:
If I applied the automated Microsoft Fix it solution for Internet Explorer in Microsoft Security Advisory 2794220, do I need to undo the workaround before applying this update?
Customers who implemented the Microsoft Fix it solution, "MSHTML Shim Workaround," in Microsoft Security Advisory 2794220, do not need to undo the Microsoft Fix it solution.
» technet.microsoft.com/en-us/secu···ms13-008--
»bit.ly/gUqYaH - C. Brian Smith: Think of the exclamation point as a car horn: a little goes a long way. Lay on it too hard and everyone’s going to think you’re a moron. |
|
1 edit | reply to StuartMW
said by StuartMW:The FixIt itself seems to have been removed from Microsoft's site if you look at the MS webpage for the IE-update, then go to "security update deployment", then "file information", the webpage that that takes you to has the "fixit's", along with the "file information" for the update..
microsoft always has one file for installing a "fixit" and one file for uninstalling the "fixit".. i don't think you would see an uninstall for a "fixit" in windows "add/remove"..
incidentally, i thought it was odd that the "file information" for the IE-update was tacked onto the webpages for the "fixit's"..
here is a link for the webpage for the IE-update:
»technet.microsoft.com/en-us/secu···ms13-008
here is the webpage with the "fixit's" and the file-information for the IE-update:
»support.microsoft.com/kb/2799329 |
|
StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 | Thanks. Got the "Disable" FixIt (MicrosoftFixit50972.msi).
--
Don't feed trolls--it only makes them grow! |
|
siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17 Reviews:
·Bell Sympatico
| said by StuartMW:Thanks. Got the "Disable" FixIt (MicrosoftFixit50972.msi).
You're welcome |
|
 CorrinePremium
join:2004-08-27
kudos:2 | reply to Smokey Bear
The rest of the FAQ in »technet.microsoft.com/en-us/secu···ms13-008 includes:
However, since the workaround is no longer needed, customers may wish to undo the workaround after installing this update. See the vulnerability workarounds in this bulletin for more information on how to undo this workaround. --
Microsoft MVP; Admin Council & Charter Member ASAP;
Visit the Security Garden, Where Everything is Coming up Roses" |
|
| reply to Smokey Bear
said by Smokey Bear: said by chachazz:
"However, the Fix it is no longer needed after the security update is installed, so we are recommending that you uninstall it after you have applied the update to your system"..»blogs.technet.com/b/msrc/archive···ted=true
It won't hurt to leave it be, if so inclined.
Thanks chachazz , it will indeed not hurt to leave the Fix-it, because MS explained in FAQ Microsoft Security Bulletin MS13-008 - Critical - Security Update for Internet Explorer (2799329): quote:
If I applied the automated Microsoft Fix it solution for Internet Explorer in Microsoft Security Advisory 2794220, do I need to undo the workaround before applying this update?
Customers who implemented the Microsoft Fix it solution, "MSHTML Shim Workaround," in Microsoft Security Advisory 2794220, do not need to undo the Microsoft Fix it solution.
» technet.microsoft.com/en-us/secu···ms13-008 Great, thanks for clarifying, Smokey Bear .
That's what users really need to know. |
|
 therube
join:2004-11-11
Randallstown, MD | reply to NICK ADSL UK
Updated 3 computers, through automatic updates, seemingly without incident.
(IE itself is only used on 1 of the 3.) |
|
Smokey Bearveritas odium paritPremium
join:2008-03-15
Annie's Pub
kudos:4 | reply to chachazz
said by chachazz :
Great, thanks for clarifying, Smokey Bear .
That's what users really need to know.
I have to thank YOU for posting the correct info concerning the fix-it, I (better say MS) only confirmed
--
»bit.ly/gUqYaH - C. Brian Smith: Think of the exclamation point as a car horn: a little goes a long way. Lay on it too hard and everyone’s going to think you’re a moron. |
|
siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17 Reviews:
·Bell Sympatico
| reply to StuartMW
Per the Webcast Information About the January Out of Band Security Bulletin Release
quote:
Remove MS FixIt 50971 post patching. It will slow down the launching of IE/browsing.
Noteworthy comments here: »Re: Microsoft Security Bulletin Advance Notification for 14th! |
|
LibraPremium
join:2003-08-06
USA
kudos:1 | Thank you for alerting us to the out-of-bands security update.
I was finding the directions regarding the removal of the fixit prior to the security update curious. I recall the fixit advisory said to remove the fixit prior to patching since it will slow down IE. That's what I did. Whenever I apply a fixit I always download the removal fixit to have in safe keeping.
Two computers required no reboot, one did.
Sincerely, Libra |
|
