Microsoft Patch Tuesday, January 2013

January 8, 2013

As expected, Microsoft today released its regular monthly batch of security bulletins and associated patches.  This month there are seven bulletins, addressing 11 identified vulnerabilities.  Two bulletins have a Critical severity rating, and five are rated Important.   Six of the bulletins are for Windows and its components; every supported version of Windows is affected.  One of these bulletins also affects Microsoft Office.

The remaining bulletin is for Microsoft server software, including SharePoint, Groove, Expression Web, and System Center; this bulletin is  rated Important.  (For a breakdown of bulletin severity by Windows version, please see this month’s preview post.)  Full details, and download links, are in the Microsoft Security Bulletin Summary for January 2013.

Microsoft says that three of the Windows bulletins will definitely require a system restart; the bulletin that affects only System Center (MS13-003) will not require a restart,  The other bulletins may require one, depending on the system’s configuration.

This release does not appear to include a patch for the recently-discovered vulnerability in Internet Explorer.  I recommend following the suggested mitigation steps that Microsoft has suggested, if you hav enot already done so.

The handlers at the SANS Internet Storm Center have posted their usual summary of the patch release, along with their severity assessments.

As usual, I recommend applying these patches to your systems as soon as you conveniently can.


Microsoft Patch Tuesday Preview, January 2013

January 3, 2013

Today, in keeping with its usual schedule, Microsoft released its Security Bulletin Advanced Notification for January, previewing the security fixes it intends to release next Tuesday, January 8.   Microsoft plans to release seven security bulletins this month.  Six are for Windows and its components; two of these have a maximum severity rating of Critical, and the others are rated Important.  All  supported versions of Windows are affected.

The table below shows the breakdown of patches by Windows version and severity:

Windows Version Critical Important Moderate
Windows XP+SP3 1 2
Windows Vista 1 4
Windows Server 2003 2 1
Windows Server 2008 4 1
Windows 7 2 4
Windows Server 2008 R2 1 4 1
Windows 8 1 4
Windows RT 1 3
Windows Server 2012 4 1
Windows Server Core 1 4 1

One of the bulletins (Bulletin 2 in the preview announcement) also affects Microsoft Office, and is rated Critical.  There is an additional bulletin, rated Important, which applies to Microsoft server software: SharePoint, Groove, Expression Web, and System Center.

According to Microsoft, three of the Windows bulletins will require a system restart, and the other bulletins may require one, depending on your system’s configuration.

As always, this information is subject to change between now and the actual release of the bulletins next Tuesday.  I will post a note here once the actual updates are available.

Update Thursday, 3 January, 22:00 EST

Unfortunately, it appears that none of the security bulletins that Microsoft announced addresses the recently-discovered vulnerability in Internet Explorer.   If you have not already done so, I recommend that you take some of the mitigation steps that Microsoft has suggested.


%d bloggers like this: