Tuesday 10 September 2013

September Patch Tuesday 2013 - Preview

It's September and while the sun is still shining (here in the UK) there is as chill in the air. And, for most of us, it's back to school (or work) and in the case of Microsoft's September Patch Tuesday release, there is a lot of work to do.

This month the Microsoft Advance notification guide details 14 patches, four of which are rated as Critical and the remaining 10 are rated as Important.

All of the Critical patches deal with Remote Code Execution (RCE's) vulnerabilities and the remaining 10 patches deal with Information Disclosure and Denial of Service issues.

I have created a handy little chart of these patches, which you can view here;

Bulletin SeverityImpactPlatform
1CriticalRemote Code ExecutionShare Point
2CriticalRemote Code ExecutionOutlook
3CriticalRemote Code ExecutionInternet Explorer
4CriticalRemote Code ExecutionXP/Server 2003
5ImportantRemote Code ExecutionXP/Vista/Server 2008
6ImportantRemote Code ExecutionWord 2003/2007/2010
7ImportantRemote Code ExecutionExcel 2003/2007/2010/2013
8ImportantRemote Code ExecutionAccess 2007/2010/2013
9ImportantElevation of PrivilegeOffice 2010/Pinyin IME
10ImportantElevation of PrivilegeXP/Vista/7/8/RT/2003/2008/2010/
11ImportantElevation of PrivilegeWindows 7/Server 2008
12ImportantInformation DisclosureFront Page 2003 SP3
13ImportantDenial of ServiceXP/Vista/7/8/RT/2003/2008/2012/
14ImportantDenial of ServiceXP/Vista/7/8/RT/2003/2008/2012/

Looking at these Microsoft Patches, I would tend to most worried about the application level updates. It looks like Outlook and Excel are going to be updated. These patches will require some serious testing prior to deployment.

You can find out more from the Microsoft Advance Notification page for September 2013 here: https://technet.microsoft.com/en-us/security/bulletin/ms13-sep

No comments: