Microsoft Security Bulletin Advanced Notification for November 2013

November 7th, 2013 by Kevin Zoll

Microsoft released Security Bulletin Advanced Notification for November 2013. This month’s release includes 8 bulletins, 3 rated as Critical and 5 rated as important, addressing vulnerabilities in Microsoft Windows, Windows Server, Windows RT, Internet Explorer and Microsoft Office. All 8 security bulletins are scheduled for release on Tuesday, November 12th, 2013 at approximately 10 a.m. PDT.

This months updates will not address the issue described in Security Advisory 2896666.

Microsoft has provided additional guidance about affected systems:

Microsoft Office:

  • Office 2003 and Office 2007 are affected regardless of the installed operating system.
  • Currently, we are only aware of targeted attacks against Office 2007 users.
  • Office 2010 is affected only if installed on Windows XP or Windows Server 2003. Office 2010 is not affected when installed on Windows Vista or newer systems.
  • Office 2013 is not affected, regardless of OS platform.

Microsoft Windows:

  • Supported versions of Windows Vista and Windows Server 2008 ship with the affected component but are not known to be under active attack.
  • Other versions of Windows are not directly impacted. Customers who use these systems are only impacted if they have an affected version of Office or Lync.

Lync clients:

  • All supported versions of Lync client are affected but are not known to be under active attack.

Users of Windows Vista, Windows Server 2008, Microsoft Lync, or users of the Office installations as described above, are encouraged to apply the Fix It as described in the Microsoft Security Advisory: Vulnerability in Microsoft graphics component could allow remote code execution.

Currently, Microsoft is only aware of target attacks against Office 2007 installed on systems running Windows XP.

Microsoft will also release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Reference:
Microsoft Security Bulletin Advance Notification for November 2013
Clarification on Security Advisory 2896666 and the ANS for the November 2013 Security Bulletin Release



Leave a Reply

You must be logged in to post a comment.

Support