Microsoft Patch Tuesday, May 2013

As expected, Microsoft today released its regular monthly batch of security bulletins and associated patches.  This month there are ten bulletins, addressing 32 identified vulnerabilities.    Two bulletins have a Critical severity rating, and the remaining eight are rated Important.   Five of the bulletins are for Windows and its components; every supported version of Windows is affected, and all desktop versions have one or more Critical vulnerabilities.

The remaining five bulletins, all of which are rated Important, apply to other Microsoft software products.   There are three bulletins for Microsoft Office and its components (including Word Viewer).  Microsoft Lync has one bulletin, and there is one for Windows Essentials.

Microsoft says that three of the Windows bulletins will definitely require a system reboot, and the others may require one, depending on the configuration of your system.

For more detailed information, and download links, please see the Microsoft Security Bulletin Summary for May 2013.

As usual, I recommend applying these patches to your systems as soon as you conveniently can.

The handlers at the SANS Internet Storm Center have posted their usual summary and evaluation of this month’s patches.

Update Tuesday, May 14, 14:40 EDT

According to the folks at the SANS Internet Storm Center, one of these bulletins, MS13-038, which applies to Internet Explorer 8, fixes a vulnerability that is being exploited currently.

Microsoft Patch Tuesday, April 2013

As expected, Microsoft today released its regular monthly batch of security bulletins and associated patches.  This month there are nine bulletins, addressing twelve identified vulnerabilities.    Two bulletins have a Critical severity rating, and the remaining seven are rated Important.   Six of the bulletins are for Windows and its components; every supported version of Windows is affected; all desktop versions have one or more Critical vulnerabilities.  Microsoft says that five of the Windows bulletins will definitely require a system reboot, and the sixth may require one, depending on the configuration of your system.

The remaining three bulletins, all of which are rated Important, apply to other Microsoft software products.   There will be two bulletins that affect SharePoint Server.  Groove, SharePoint Foundation, Office Web Apps, and Windows Defender for Windows 8 and RT are affected by one bulletin each.   One bulletin (MS13-035) also applies to InfoPath; it does not have a severity rating, because the known attack method is already blocked.  The patch for Windows Defender will require a system reboot, and the others may require one.

For more detailed information, and download links, please see the Microsoft Security Bulletin Summary for April 2013.

As usual, I recommend applying these patches to your systems as soon as you conveniently can.

The handlers at the SANS Internet Storm Center have posted their usual summary and evaluation of this month’s patches.

Microsoft Patch Tuesday, March 2013

As expected, Microsoft today released its regular monthly batch of security bulletins and associated patches.  This month there are seven bulletins, addressing 20 identified vulnerabilities.  Four bulletins have a Critical severity rating, and three are rated Important.   Two of the bulletins are for Windows and its components; every supported version of Windows is affected.  One of the bulletins, rated Critical, affects all desktop/client versions of Windows (XP, Vista, 7, 8, and RT).

There are four bulletins that affect Microsoft Office, two of which are rated Critical, and two Important.  Some of these also affect Office for Mac.

There is one bulletin for Microsoft Silverlight, rated Critical; this also applies to Silverlight installations on Mac systems.  One of the bulletins (MS13-024) also applies to SharePoint.

Microsoft says that the two Windows bulletins will definitely require a system restart.  The Silverlight bulletin and one of the Office bulletins will not require a restart.  The other bulletins may require one, depending on the system’s configuration.

For more detailed information, and download links, please see the Microsoft Security Bulletin Summary for March 2013.

As usual, I recommend applying these patches to your systems as soon as you conveniently can.

The handlers at the SANS Internet Storm Center have posted their usual summary and evaluation of this month’s patches.

Microsoft Patch Tuesday, February 2013

As expected, Microsoft today released its regular monthly batch of security bulletins and associated patches.  This month there are twelve bulletins, addressing 57 identified vulnerabilities.  (An additional bulletin has been added since the preview announcement last Thursday.)  Five bulletins have a Critical severity rating, and seven are rated Important.   Ten of the bulletins are for Windows and its components; every supported version of Windows is affected.  All versions, except for the Server Core installation, have one or more Critical vulnerabilities.

There are also two bulletins that affect Microsoft server software: one, rated Critical, is for Exchange Server, and the other, rated Important, is for the FAST Search Server.

Microsoft says that seven of the Windows bulletins will definitely require a system restart.  The other bulletins may require one, depending on the system’s configuration.

For more detailed information, and download links, please see the Microsoft Security Bulletin Summary for February 2013.

As usual, I recommend applying these patches to your systems as soon as you conveniently can.

Update Tuesday, 12 February, 15:50 EST

The handlers at the SANS Internet Storm Center have posted their usual summary and evaluation of this month’s patches.

Microsoft Patch Tuesday, January 2013

As expected, Microsoft today released its regular monthly batch of security bulletins and associated patches.  This month there are seven bulletins, addressing 11 identified vulnerabilities.  Two bulletins have a Critical severity rating, and five are rated Important.   Six of the bulletins are for Windows and its components; every supported version of Windows is affected.  One of these bulletins also affects Microsoft Office.

The remaining bulletin is for Microsoft server software, including SharePoint, Groove, Expression Web, and System Center; this bulletin is  rated Important.  (For a breakdown of bulletin severity by Windows version, please see this month’s preview post.)  Full details, and download links, are in the Microsoft Security Bulletin Summary for January 2013.

Microsoft says that three of the Windows bulletins will definitely require a system restart; the bulletin that affects only System Center (MS13-003) will not require a restart,  The other bulletins may require one, depending on the system’s configuration.

This release does not appear to include a patch for the recently-discovered vulnerability in Internet Explorer.  I recommend following the suggested mitigation steps that Microsoft has suggested, if you hav enot already done so.

The handlers at the SANS Internet Storm Center have posted their usual summary of the patch release, along with their severity assessments.

As usual, I recommend applying these patches to your systems as soon as you conveniently can.

Microsoft Patch Tuesday, December 2012

As expected, Microsoft today released its regular monthly batch of security bulletins and associated patches.  This month there are seven bulletins, addressing 13 identified vulnerabilities (three of these are identified in bulletin MS 12-080).  Five bulletins have a Critical severity rating, and two are rated Important.   Five of the bulletins are for Windows and its components; every supported version of Windows — including the recently-released Windows 8, Windows RT, and Windows Server 2012 — has at least one Critical bulletin.  The remaining bulletins are for Microsoft Office and Microsoft server software; both these bulletins are rated Critical.  (For a breakdown of bulletin severity by Windows version, please see this month’s preview post.)  Full details, and download links, are in the Microsoft Security Bulletin Summary for December 2012.

Microsoft says that the five Windows bulletins will definitely require a system restart; the others may require one, depending on the system’s configuration.

In the preview post, I mentioned that one bulletin (now given the identifier MS12-077) to versions of Internet Explorer (such as IE 7 on Windows XP) for which it was not given a severity rating.  Microsoft has now added a footnote to the “Affected Software” section of the Summary that explains this:

Severity ratings do not apply to this update for the specified software because the known attack vectors for the vulnerability discussed in this bulletin are blocked in a default configuration. However, as a defense-in-depth measure, Microsoft recommends that customers of this software apply this security update.

The handlers at the SANS Internet Storm Center have posted their usual summary of the patch release, along with their severity assessments.

As usual, I recommend applying these patches to your systems as soon as you conveniently can.