dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4183
share rss forum feed


NICK ADSL UK
Premium,MVM
join:2004-02-22
kudos:16
Reviews:
·Zen Internet

1 edit

4 recommendations

Microsoft security bulletin for November 12 2013

Microsoft security bulletin for November 12 2013
Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

»technet.microsoft.com/en-us/secu···ms13-nov

Critical (3)

Microsoft Security Bulletin MS13-088 - Critical

Cumulative Security Update for Internet Explorer (2888505)

Published: Tuesday, November 12, 2013
»technet.microsoft.com/en-us/secu···ms13-088


Microsoft Security Bulletin MS13-089 - Critical


Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution (2876331)

Published: Tuesday, November 12, 2013
»technet.microsoft.com/en-us/secu···ms13-089

Microsoft Security Bulletin MS13-090 - Critical

Cumulative Security Update of ActiveX Kill Bits (2900986)

Published: Tuesday, November 12, 2013
»technet.microsoft.com/en-us/secu···ms13-090

Important (5)

Microsoft Security Bulletin MS13-091 - Important

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2885093)

Published: Tuesday, November 12, 2013
»technet.microsoft.com/en-us/secu···ms13-091


Microsoft Security Bulletin MS13-092 - Important


Vulnerability in Hyper-V Could Allow Elevation of Privilege (2893986)

Published: Tuesday, November 12, 2013
»technet.microsoft.com/en-us/secu···ms13-092

Microsoft Security Bulletin MS13-093 - Important

Vulnerability in Windows Ancillary Function Driver Could Allow Information Disclosure (2875783)

Published: Tuesday, November 12, 2013
»technet.microsoft.com/en-us/secu···ms13-093

Microsoft Security Bulletin MS13-094 - Important

Vulnerability in Microsoft Outlook Could Allow Information Disclosure (2894514)

Published: Tuesday, November 12, 2013
»technet.microsoft.com/en-us/secu···ms13-094

Microsoft Security Bulletin MS13-095 - Important

Vulnerability in Digital Signatures Could Allow Denial of Service (2868626)

Published: Tuesday, November 12, 2013
»technet.microsoft.com/en-us/secu···ms13-095

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact For home users, no-charge support for security updates (only!) is available by calling 800-MICROSOFT (800-642-7676) in the US or 877-568-2495 in Canada.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.
--
Wilders Security Forum Admin
Microsoft MVP - Consumer Security



dp
Premium,MVM
join:2000-12-08
Greensburg, PA
kudos:7

1 recommendation

Thank you Nick



NICK ADSL UK
Premium,MVM
join:2004-02-22
kudos:16
Reviews:
·Zen Internet
reply to NICK ADSL UK

Microsoft Webcast: Information about the November 2013 Security Bulletin Release

Event ID:

1032557383

Starts: Wednesday, November 13, 2013 11:00 AM
Time zone: (GMT-08:00) Pacific Time (US & Canada)
Duration: 1 hour(s)


Language(s):

English.

Product(s):

computer security and information security.

Audience(s):

IT Decision Maker and IT Manager.

Join us for a brief overview of the technical details of this month's Microsoft security bulletins. We intend to address your concerns in this webcast. Therefore, Microsoft security experts devote most of this webcast to answering the questions that you ask.

Presented by:

Dustin Childs, Group Manager, Response Communications, Microsoft Corporation

and

TPD

Register now for the NOVEMBER Security Bulletin webcast.
--
Wilders Security Forum Admin
Microsoft MVP - Consumer Security


art22gg
Premium
join:2005-02-16
Courtenay, BC
kudos:6

1 recommendation

reply to NICK ADSL UK

Thanks Nick...



PatchTues

@comcast.net
reply to NICK ADSL UK

Applied 9 patches to Win7 32 bit Home Premium Desktop. A reboot was needed. Everything looks good so far.



Applied 9 patches to Win8.1 64 bit laptop. A reboot was needed. Everything looks good so far.


DrDemento

join:2005-07-25
Brick, NJ
reply to NICK ADSL UK

7 updates for each of 3 XP boxes-took forever to connect to Windows Update though. Any other time(as recent as this morning) usually takes less than a minute to connect but today 1PM EST took 20 minutes for each computer. In the future will just wait until the evening or the next day. Besides in 5 more months support ends and I won't be doing this any more.



lordpuffer
RIP lil
Premium
join:2004-09-19
Rio Rancho, NM
kudos:1

2 recommendations

reply to NICK ADSL UK

Thanks Nick.



antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable
reply to DrDemento

said by DrDemento:

7 updates for each of 3 XP boxes-took forever to connect to Windows Update though. Any other time(as recent as this morning) usually takes less than a minute to connect but today 1PM EST took 20 minutes for each computer. In the future will just wait until the evening or the next day. Besides in 5 more months support ends and I won't be doing this any more.

Actually, watch your task manager for svchst.exe. It hogs like crazy. A lot of people see this problem and it has been around for months.
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
reply to NICK ADSL UK

Click for full size
All done - (7) for Windows 7 & one for Office.

MS13-091: Description of the security update for Microsoft Office 2013 (file formats): November 12, 2013
»support.microsoft.com/kb/2760494

MS13-090: Cumulative security update for ActiveX Kill Bits: November 12, 2013
»support.microsoft.com/kb/2900986

»support.microsoft.com/kb/2862152
Microsoft security advisory: Vulnerability in DirectAccess could allow security feature bypass

»support.microsoft.com/kb/2868725
Microsoft security advisory: Update for disabling RC4

»support.microsoft.com/kb/2876331
MS13-089: Vulnerability in Windows Graphics Device Interface could allow remote code execution: November 12, 2013

»support.microsoft.com/kb/2893519
"Remember my credentials" option cannot be hidden when the SspiPromptForCredentials function is called in Windows


Jackorama

join:2008-05-23
Kingston, ON

1 recommendation

reply to antdude

In XP, I ended up turning automatic updates off, to stop CPU running at 100%, and using the windows update page to get my updates. Everything went fast after that.



norwegian
Premium
join:2005-02-15
Outback

1 recommendation

reply to NICK ADSL UK

Click for full size
Thanks for the post and heads up.

12 here for Win 7 x 64, Office 2007


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable
reply to Jackorama

said by Jackorama:

In XP, I ended up turning automatic updates off, to stop CPU running at 100%, and using the windows update page to get my updates. Everything went fast after that.

Interesting. I noticed WU does the same when checking for the new updates for the first time.
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.


rcdailey
Dragoonfly
Premium
join:2005-03-29
Rialto, CA
Reviews:
·Time Warner Cable

Only thing I noticed with XP is that it took a long time. I did get everything updated and double-checked the system and then shut down. Now I will update the Win 7 systems (and one XP Pro) at a business location after hours, so that the updates don't interfere with work.
--
It is easier for a camel to put on a bikini than an old man to thread a needle.



Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

1 recommendation

reply to NICK ADSL UK

Click for full size
Thanks for the update Nick!
I received 15 updates for Windows 7 Ultimate SP1 64-bit.


Jackorama

join:2008-05-23
Kingston, ON
reply to rcdailey

That what was happening to me, I had WU set to notify me, but don't download. When WU notification came in the CPU stayed at a 100%. I tried the Windows update page »update.microsoft.com/microsoftup···ln=en-us and it was taking a long time to search. I then went into my Control Panel, shut off automatic WU and everything sped up. CPU went down and WU downloaded/ installed fast. I'm now leaving WU off and manually downloading from the link above when it's time for the WU. This actually started a couple of updates back and I don't think Microsoft is going to fix this problem since support for XP ends in April 2014. So, for now it just seem easier to keep automatic WU off. I always know when the updates are in from visiting this site all the time.

Edit: This only happens with XP, my Win 7 laptop has no problems with WU.

--
"Whenever they invent something that's moron proof, someone comes by and invents a better moron."

"Ever stop to think, and forget to start again?"

"Those of you who think you know everything are annoying those of us who do."



dragontime

@cox.net
reply to rcdailey

This method seems to prevent the svchost 100% CPU issue on XP for me:

Turn off automatic updates, and always install whatever the latest IE cumulative update is manually (this month, we have MS13-088, last month was MS13-080). Then after installing the IE cumulative update and rebooting, you can connect to the Windows update site to install all other updates as normal.


rdhw

join:2002-09-21
Cambridge UK
reply to Jackorama

said by Jackorama:

When WU notification came in the CPU stayed at a 100%....
Edit: This only happens with XP

Yes, this is a known issue, and the permanent fix is as follows:

Download manually and install manually the latest Cumulative Security Update for Internet Explorer, for whichever version of IE you have on this PC. Do this even if you do not use IE as your browser. Once you have installed the latest update for IE, and restarted Windows, then your Automatic Updates will work normally again.
--
Robin Walker


Jackorama

join:2008-05-23
Kingston, ON

Will do, thanks.


Libra
Premium
join:2003-08-06
USA
kudos:1

1 recommendation

reply to NICK ADSL UK

I just installed 12 updates (Office 2010 and Vista) and 15 updates (Office 2010 and Windows 7 -64bit). All went well.

Sincerely, Libra



antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable
reply to rdhw

said by rdhw:

said by Jackorama:

When WU notification came in the CPU stayed at a 100%....
Edit: This only happens with XP

Yes, this is a known issue, and the permanent fix is as follows:

Download manually and install manually the latest Cumulative Security Update for Internet Explorer, for whichever version of IE you have on this PC. Do this even if you do not use IE as your browser. Once you have installed the latest update for IE, and restarted Windows, then your Automatic Updates will work normally again.

URL please?
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.


DownTheShore
Mr. Putin, meet SEAL Team 6
Premium
join:2003-12-02
Beautiful NJ
kudos:13
Reviews:
·Verizon Online DSL

1 recommendation

reply to NICK ADSL UK

On Win 8.1 64-bit:




Took me about 12 minutes from start to finish. So far, nothing has gone ka-boom.


rcdailey
Dragoonfly
Premium
join:2005-03-29
Rialto, CA
Reviews:
·Time Warner Cable
reply to rdhw

Thanks for the tip. I may choose to disable auto updates since I check manually anyway. I don't know why I did not do this earlier on after I got this replacement box.
--
It is easier for a camel to put on a bikini than an old man to thread a needle.



mouse
Premium
join:2007-03-29
australia
reply to NICK ADSL UK

Just did the update and all went fine except for

Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 for x64-based Systems (KB2888505)

Installation date: 14/11/2013 6:57 PM

Installation status: Failed

Error details: Code 80242016

Update type: Important

It now does not come again when doing the internal update check. When opening my IE I note that I am running IE 11 - so do I actually need this update for 10?



chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS
reply to NICK ADSL UK

Microsoft Security Bulletin Data
Date Published: 11/12/2013

This download offers the following items:
1. Excel file that contains affected software, bulletin replacement, reboot requirements, and CVE information from the Microsoft security bulletins (since June 1998)
2. Zip file that contains security bulletins in the Common Vulnerability Reporting Framework (CVRF) format (since June 2012)

»www.microsoft.com/en-us/download···id=36982
--
Gladiator Security Forum


redwolfe_98
Premium
join:2001-06-11
kudos:1
Reviews:
·Time Warner Cable
reply to NICK ADSL UK

i noticed a problem with the "Cumulative Security Update of ActiveX Kill Bits" update:

»technet.microsoft.com/en-us/secu···ms13-090

in the "workaround" section, it says to apply activex-killbits with a value of "04000400".. the correct value for activex-killbits is "400", not "4000400"..

i checked and the MS-update installs activex-killbit-regkeys with the value "4000400", not "400"..

i think this needs to be corrected, if anyone knows how to inform MS that they goofed.. i have no idea how to contact MS about problems.. it used to be that you could contact MS by email regarding issues with the udpates, but it seems that it no longer is possible to do that..



Bubba
GIT-R-DONE
Premium,MVM
join:2002-08-19
St. Andrews
Reviews:
·Pickwick Cablevi..
·DIRECTV

1 edit

said by redwolfe_98:
in the "workaround" section, it says to apply activex-killbits with a value of "04000400".. the correct value for activex-killbits is "400", not "4000400"..
It's true that activex com object killbits is "400", however, this latest Security update contains clsids for "binary behavior" com objects and their killbit hex code is "04000400"

redwolfe_98
Premium
join:2001-06-11
kudos:1
Reviews:
·Time Warner Cable

said by Bubba:

It's true that activex com object killbits is "400", however, this latest Security update contains clsids for "binary behavior" com objects and their killbit hex code is "04000400"

thanks bubba


NICK ADSL UK
Premium,MVM
join:2004-02-22
kudos:16
Reviews:
·Zen Internet
reply to NICK ADSL UK

MBSA 2.3 and the November 2013 Security Bulletin Webcast, Q&A, and Slide Deck

Today we’re publishing the November 2013 Security Bulletin Webcast Questions & Answers page. The majority of questions focused on the ActiveX Kill Bits bulletin (MS13-090) and the advisories. We also answered a few general questions that were not specific to any of this month’s updates, but that may be of interest.

We’ve discussed the Microsoft Baseline Security Analyzer (MBSA) tool in this and many other webcasts, and I’m happy to report version 2.3 is now available. This new version adds support for Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. However, Windows 2000 systems will no longer be supported by MBSA. If you aren’t familiar with the tool or would just like to know more about it, we encourage you to read the FAQ found on the Security TechCenter. Thanks also go out to everyone who participated in the public preview leading up to this release.
»blogs.technet.com/b/msrc/archive···eck.aspx

»Microsoft Baseline Security Analyzer 2.3 (for IT Professionals)
--
Wilders Security Forum Admin
Microsoft MVP - Consumer Security



NICK ADSL UK
Premium,MVM
join:2004-02-22
kudos:16
Reviews:
·Zen Internet

Get security updates automatically

Ready to download the latest updates? Skip the details and go to Microsoft Update.

Turn on automatic updating in the control panel

You might already have automatic updating turned on. To find out, go to the Microsoft Update website. Windows Update in Control Panel will open and if automatic updating is not turned on you'll be guided through the steps to set it up. After that, all the latest security and performance improvements will be installed on your PC quickly and reliably.


Pay attention to Windows Update warnings


When you turn on automatic updating, most updates will download and install on their own. Sometimes Windows Update will need your input during an installation. In this case, you'll see an alert in the notification area at the far right of the taskbar%u2014be sure to click it.

Make sure automatic updating is turned on in Windows 8

In Windows 8, Windows will turn on automatic updating during setup unless you choose to turn it off. To check this setting and turn on automatic updating, open the Search charm, enter Turn automatic updating on or off, and tap or click Settings to find it.


Other steps you can take to help protect your computer


Make sure you have a firewall turned on and up-to-date antivirus and antispyware programs.
Scan and clean your computer to remove malicious software.

End of support for Windows XP

Support is ending for some versions of Windows, and security updates will no longer be available for those versions. Find out what you need to do.

Technical information about security updates

If you are an IT professional or a system administrator, or if you'd like additional information about security updates, go to Security TechCenter or read the Microsoft Security Response Centre Blog.

»www.microsoft.com/en-gb/security···tes.aspx
--
Wilders Security Forum Admin
Microsoft MVP - Consumer Security


CJNY3

join:2005-08-02
USA

3 recommendations

reply to Jackorama

FWIW..

"Microsoft to fix Windows XP update SVCHOST redline issue 'soon'"

'Microsoft has identified why using Windows Update to install patches on Windows XP may lock up users' machines for hours on end... '

»www.infoworld.com/t/microsoft-wi···n-230940