Microsoft Security Bulletins For May 2013 overview
It is the second Tuesday of the month and we all know what that means: Microsoft Patch Day. Microsoft has released a total of ten security bulletins this month that address security related issues in products such as Microsoft Windows, Internet Explorer, Microsoft Office or Windows Essentials. The ten bulletins address a total of 33 different vulnerabilities.
Two bulletins have received the highest severity rating of critical while the remaining eight received important ratings. What this means is that at least one product received the rating while other affected versions of the product may have received the same or a lower rating.
Security update MS13-038 resolves a 0-day security vulnerability that affects Microsoft's Internet Explorer 8 on all supported operating systems. Microsoft has released a fix-it patch recently to address the issue.
The second critical bulletin of the month is a cumulative update for Microsoft's web browser that resolves 11 different security related vulnerabilities.
Operating system distribution
It is often the case that desktop and also server operating system versions are affected in different ways by the vulnerabilities. Here we look at the distribution of severity ratings across all desktop and server operating systems.
As you can see, all desktop versions of Windows share the same severity rating with the exception of Windows 8 and Windows RT. As far as servers go, the picture is a little bit different. Here it is Windows Server 2012 that is affected more severely than previous versions of the server operating system.
- Windows XP: 2 critical, 2 important
- Windows Vista: 2 critical, 2 important
- Windows 7:Â 2 critical, 2 important
- Windows 8:Â 1 critical, 3 important
- Windows RT: 1 critical, 2 important, 1 moderate
- Windows Server 2003: 1 important, 2 moderate
- Windows Server 2008: 2 important, 2 moderate
- Windows server 2008 R2: 2 important, 2 moderate
- Windows Server 2012: 3 important, 1 moderate
Deployment Guide
Microsoft recommends to deploy the bulletins in the following order:
- First MS13-037, MS13-038 and MS13-039. The first two bulletins are the only ones with a critical severity rating. The third bulletin addresses an issue that could allow a denial of service attack against Windows systems.
- Then the four bulletins MS13-041, MS13-042, MS13-043 and MS13-046. The first three address vulnerabilities in Office programs, the fourth one in the Kernel Mode Driver.
- Last but not least bulletins MS13-040, MS13-044 and MS13-045 which address security issues in the .Net Framework, Visio and Windows Essentials.
Security Bulletins
- MS13-037 - Cumulative Security Update for Internet Explorer (2829530)
- MS13-038 - Security Update for Internet Explorer (2847204)
- MS13-039 - Vulnerability in HTTP.sys Could Allow Denial of Service (2829254)
- MS13-040 - Vulnerabilities in .NET Framework Could Allow Spoofing (2836440)
- MS13-041 - Vulnerability in Lync Could Allow Remote Code Execution (2834695)
- MS13-042- Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2830397)
- MS13-043 - Vulnerability in Microsoft Word Could Allow Remote Code Execution (2830399)
- MS13-044 - Vulnerability in Microsoft Visio Could Allow Information Disclosure (2834692)
- MS13-045 - Vulnerability in Windows Essentials Could Allow Information Disclosure (2813707)
- MS13-046 - Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2840221)
Non-security related updates
Non-security related updates have been released since the last patch Tuesday as well. The following list provides you with an overview of the updates that Microsoft has released in that time.
- Update for Windows 8, Windows RT, Windows Server 2012, Windows 7, Windows Server 2008 R2, and Windows Server 2008 (KB2798162)
- Update for Microsoft .NET Framework 4.5 on Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista (KB2805221)
- Update for Microsoft .NET Framework 4.5 on Windows 8, Windows RT, and Windows Server 2012 (KB2805222)
- Update for Microsoft .NET Framework 4.5 on Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista (KB2805226)
- Update for Windows 8, Windows RT, and Windows Server 2012 (KB2805227)
- Update for Windows 8 and Windows Server 2012 (KB2805966)
- Update for Windows 7 (KB2813956)
- Update for Windows 8, Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB2818604)
- Update for Windows 8, Windows RT, and Windows Server 2012 (KB2820330)
- Update for Windows 7 and Windows Server 2008 R2 (KB2820331)
- Dynamic Update for Windows 8 and Windows Server 2012 (KB2820332)
- Dynamic Update for Windows 8 and Windows Server 2012 (KB2820333)
- Update for Windows 7 and Windows Server 2008 R2 (KB2835174)
- Update for Windows 8, Windows RT, and Windows Server 2012 (KB2836988)
- Windows Malicious Software Removal Tool - May 2013 (KB890830)/Windows Malicious Software Removal - May 2013 (KB890830) - Internet Explorer Version
- Update for Root Certificates for Windows 8, Windows 7, Windows Vista, and Windows XP (KB931125)
- Update for Windows 8 for x64-based Systems (KB2818604)
How to download and install the May 2013 security updates
The easiest way to obtain all security updates is to use Windows Update. Windows XP to Windows 7 users can use the search menu to load Windows Update on their system while Windows 8 users need to search for it on the start screen instead.
You may need to click on the check for updates button on the page as the updates may not have been picked up automatically by the operating system.
If you want more control over the process head over to Microsoft's Download Center. I recommend you enter the name of the bulletin into the search on the page as Microsoft seems to have modified the download page so that you cannot sort security updates by date anymore.
Advertisement
Are these articles AI generated?
Now the duplicates are more obvious.
This is below AI generated crap. It is copy of Microsoft Help website article without any relevant supporting text. Anyway you can find this information on many pages.
Yes, but why post the exact same article under a different title twice on the same day (19 march 2023), by two different writers?
1.) Excel Keyboard Shortcuts by Trevor Monteiro.
2.) 70+ Excel Keyboard Shortcuts for Windows by Priyanka Monteiro
Why oh why?
Yeah. Tell me more about “Priyanka Monteiro”. I’m dying to know. Indian-Portuguese bot ?
Probably they will announce that the taskbar will be placed at top, right or left, at your will.
Special event by they is a special crap for us.
If it’s Microsoft, don’t buy it.
Better brands at better prices elsewhere.
All new articles have zero count comments. :S
WTF? So, If I add one photo to 5 albums, will it count 5x on my storage?
It does not make any sense… on google photos, we can add photo to multiple albums, and it does not generate any additional space usage
I have O365 until end of this year, mostly for onedrive and probably will jump into google one
Photo storage must be kept free because customers chose gadgets just for photos and photos only.
What a nonsense. Does it mean that albums are de facto folders with copies of our pictures?
Sounds exactly like the poor coding Microsoft is known for in non-critical areas i.e. non Windows Core/Office Core.
I imagine a manager gave an employee the task to create the album feature with hardly any time so they just copied the folder feature with some cosmetic changes.
And now that they discovered what poor management results in do they go back and do the album feature properly?
Nope, just charge the customer twice.
Sounds like a go-getter that needs to be promoted for increasing sales and managing underlings “efficiently”, said the next layer of middle management.
When will those comments get fixed? Was every editor here replaced by AI and no one even works on this site?
Instead of a software company, Microsoft is now a fraud company.
For me this is proof that Microsoft has a back-door option into all accounts in their cloud.
quote “…… as the MSA key allowed the hacker group access to virtually any cloud account at Microsoft…..”
unquote
so this MSA key which is available to MS officers can give access to all accounts in MS cloud.This is the backdoor that MS has into the cloud accounts. Lucky I never got any relevant files of mine in their (MS) cloud.
>”Now You: what is your theory?”
That someone handed an employee a briefcase full of cash and the employee allowed them access to all their accounts and systems.
Anything that requires 5-10 different coincidences to happen is highly unlikely. Occam’s razor.
Good reason to never login to your precious machine with a Microsoft a/c a.k.a. as the cloud.
The GAFAM are always very careless about our software automatically sending to them telemetry and crash dumps in our backs. It’s a reminder not to send them anything when it’s possible to opt out, and not to opt in, considering what they may contain. And there is irony in this carelessness biting them back, even if in that case they show that they are much more cautious when it’s their own data that is at stake.