Microsoft Patch Tuesday, December 2013

December 10, 2013

Microsoft today released its regular monthly batch of security updates for Windows and other software, summarized in the Security Bulletin Summary.  This month, there are 11 bulletins, addressing 24 identified vulnerabilities.  Five of the bulletins have a Critical severity rating; the other six are rated Important.  Six of the bulletins apply to Windows and its components and four apply to Microsoft Office.   There are also patches for Exchange, SharePoint, Office Web Apps, and Lync server software, as well as for some Microsoft developer tools. (The complete list of affected software is given in the Security Bulletin Summary, along with download links for the patches.)

All supported versions of Windows have at least two Critical bulletins.  The table below shows a breakdown of the Windows bulletins by severity and Windows version.

Windows Version Critical Important Moderate
Windows XP+SP3 3 2
Windows Vista 4 1
Windows Server 2003 2 3
Windows Server 2008 3 2
Windows 7 3 1
Windows Server 2008 R2 2 2
Windows 8 3 1
Windows RT 3 1
Windows Server 2012 2 2
Windows Server 2012 R2 2 2
Windows 8.1 3 1
Windows RT 8.1 3 1
Windows Server Core 3 1

One bulletin applicable to Office is rated Critical; the others are rated Important.

Microsoft says that four of the bulletins for Windows will definitely require a restart; the other bulletins may require one, depending on your system’s configuration.

The SANS Institute has published its usual post summarizing the updates, with their assessment of the severity of each bulletin.


Microsoft Patch Tuesday Preview, October 2013

October 3, 2013

Today, in keeping with its usual schedule,  Microsoft released the Security Bulletin Advanced Notification for October 2013, previewing the security bulletins and associated patches it intends to release on Tuesday, October 8, 2013.   This month there are eight bulletins in all; four of these have a maximum security rating of Critical; the others are rated Important.  Four of the bulletins affect Windows and its components.  Three bulletins affect Microsoft Office (including Office for Mac); one of these also affects Microsoft’s SharePoint server.  A final bulletin affects Microsoft’s Silverlight.   More details on specific versions are given in the Advanced Notification.

All supported desktop versions of Windows have at least one Critical bulletin.  The table below shows a breakdown of the Windows bulletins by severity and Windows version.

Windows Version Critical Important Moderate
Windows XP+SP3 4
Windows Vista 4
Windows Server 2003 3 1
Windows Server 2008 3 1
Windows 7 4
Windows Server 2008 R2 3 1
Windows 8 4
Windows RT 2 1
Windows Server 2012 3 1
Windows Server 2012 R2 1
Windows 8.1 1
Windows RT 8.1 1
Windows Server Core 3

The bulletins for Office and Slverlight are rated Important.

Microsoft says that three of the bulletins will definitely require a restart, and the other bulletins may require one, depending on your system’s configuration.

As always, this information is subject to change between now and the actual release of the bulletins on Tuesday.  If there are significant changes, I will post a note here once the actual updates are available.


Microsoft Patch Tuesday Preview, September 2013

September 5, 2013

Today, in keeping with its usual schedule,  Microsoft released the Security Bulletin Advanced Notification for September 2013, previewing the security bulletins and associated patches it intends to release on Tuesday, September 10, 2013.   This month there are fourteen bulletins in all; four of these have a maximum security rating of Critical; the other ten are rated Important.  Seven of the bulletins affect Windows and its components.  Seven bulletins affect Microsoft Office (including Office for Mac); one of these also affects Microsoft’s SharePoint server.  More details on specific versions are given in the Advanced Notification.

All supported desktop versions of Windows have at least one Critical bulletin.  The table below shows a breakdown of the Windows bulletins by severity and Windows version.

Windows Version Critical Important Moderate
Windows XP+SP3 2 3
Windows Vista 1 3
Windows Server 2003 1 3 1
Windows Server 2008 3 1
Windows 7 1 4
Windows Server 2008 R2 4 1
Windows 8 1 3
Windows RT 1 2
Windows Server 2012 3 1
Windows Server Core 4

Two of the bulletins for Office are rated Critical; the other five are rated Important.

Microsoft says that three of the bulletins will definitely require a restart, and the other bulletins may require one, depending on your system’s configuration.

As always, this information is subject to change between now and the actual release of the bulletins on Tuesday.  I will post a note here once the actual updates are available.


Microsoft Patch Tuesday Preview, April 2013

April 4, 2013

In keeping with its usual schedule, Microsoft today released the Security Bulletin Advanced Notification for April 2013, previewing the security bulletins and associated patches it intends to release next Tuesday, April 9, 2013.  This month there are nine bulletins in all; two of these have a maximum security rating of Critical; the rest are rated Important.   Six of the bulletins, including both the Critical ones, are for Windows and its components.  All supported desktop versions of Windows have at least one Critical bulletin.  The table below shows a breakdown of the Windows bulletins by severity and Windows version.

Windows Version Critical Important Moderate Low
Windows XP+SP3 2 3 1
Windows Vista 2 2 1 1
Windows Server 2003 4 2
Windows Server 2008 3 3
Windows 7 2 2 1
Windows Server 2008 R2 3 2
Windows 8 1 2 1
Windows RT 1 2
Windows Server 2012 3 1
Windows Server Core 3 1

Microsoft says that five of the Windows bulletins will definitely require a restart, and the other bulletin may require one, depending on your system’s configuration.

The remaining three bulletins, all of which are rated important, app,ly to other Microsoft software products.   There will be two bulletins that affect SharePoint Server.  Groove, SharePoint Foundation, Office Web Apps, and Windows Defender for Windows 8 and RT are affected by one bulletin each.  The patch for Windows Defender will require a system reboot, and the others may require one.

As always, this information is subject to change between now and the actual release of the bulletins next Tuesday.  I will post a note here once the actual updates are available.


Microsoft Patch Tuesday, March 2013

March 12, 2013

As expected, Microsoft today released its regular monthly batch of security bulletins and associated patches.  This month there are seven bulletins, addressing 20 identified vulnerabilities.  Four bulletins have a Critical severity rating, and three are rated Important.   Two of the bulletins are for Windows and its components; every supported version of Windows is affected.  One of the bulletins, rated Critical, affects all desktop/client versions of Windows (XP, Vista, 7, 8, and RT).

There are four bulletins that affect Microsoft Office, two of which are rated Critical, and two Important.  Some of these also affect Office for Mac.

There is one bulletin for Microsoft Silverlight, rated Critical; this also applies to Silverlight installations on Mac systems.  One of the bulletins (MS13-024) also applies to SharePoint.

Microsoft says that the two Windows bulletins will definitely require a system restart.  The Silverlight bulletin and one of the Office bulletins will not require a restart.  The other bulletins may require one, depending on the system’s configuration.

For more detailed information, and download links, please see the Microsoft Security Bulletin Summary for March 2013.

As usual, I recommend applying these patches to your systems as soon as you conveniently can.

The handlers at the SANS Internet Storm Center have posted their usual summary and evaluation of this month’s patches.


Microsoft Patch Tuesday Preview, March 2013

March 7, 2013

As is customary, Microsoft today released a preview of the security bulletins and associated patches that it intends to release next Tuesday, March 12.  The Security Bulletin Advanced Notification for March lists seven security bulletins for this month.  Two of these bulletins affect Windows and its components; one has a maximum severity rating of Critical, and the other is rated Important.  All supported versions of Windows are affected by at least one bulletin.  Another of the bulletins,, rated Critical, affects Microsoft’s Silverlight, including at least some installations of Silverlight on Mac systems.

The remaining four bulletins all affect Microsoft Office and its various components; two of these are rated Critical, and two Important. One of the Critical bulletins also affects Microsoft’s SharePoint server software.

According to Microsoft, the two Windows bulletins will require a system restart, and three of the Office bulletins may require one, depending on your system’s configuration.  Microsoft says that a restart will not be required for the Silverlight bulletin, and one of the Office bulletins.

As always, this information is subject to change between now and the actual release of the bulletins next Tuesday.  I will post a note here once the actual updates are available.


Microsoft Patch Tuesday, January 2013

January 8, 2013

As expected, Microsoft today released its regular monthly batch of security bulletins and associated patches.  This month there are seven bulletins, addressing 11 identified vulnerabilities.  Two bulletins have a Critical severity rating, and five are rated Important.   Six of the bulletins are for Windows and its components; every supported version of Windows is affected.  One of these bulletins also affects Microsoft Office.

The remaining bulletin is for Microsoft server software, including SharePoint, Groove, Expression Web, and System Center; this bulletin is  rated Important.  (For a breakdown of bulletin severity by Windows version, please see this month’s preview post.)  Full details, and download links, are in the Microsoft Security Bulletin Summary for January 2013.

Microsoft says that three of the Windows bulletins will definitely require a system restart; the bulletin that affects only System Center (MS13-003) will not require a restart,  The other bulletins may require one, depending on the system’s configuration.

This release does not appear to include a patch for the recently-discovered vulnerability in Internet Explorer.  I recommend following the suggested mitigation steps that Microsoft has suggested, if you hav enot already done so.

The handlers at the SANS Internet Storm Center have posted their usual summary of the patch release, along with their severity assessments.

As usual, I recommend applying these patches to your systems as soon as you conveniently can.


%d bloggers like this: