Microsoft Security Bulletins For July 2013 overview
On today's patch day, Microsoft has released seven security bulletins fixing a total of 32 different vulnerabilities in Microsoft Windows, the Internet Explorer browser, the Microsoft .Net Framework, Silverlight, GDI+ and Windows Defender.
I have compiled all the information that you need to deploy the updates on your own home PC or in a computer network. Included here are the deployment guide as recommended by Microsoft, links to all security and non-security patches that Microsoft has released in the last 30 days, and information on how to download the patches to a local system.
The company has furthermore released a new security policy regarding Store Apps for Windows Store, Windows Phone Store, Office Store and Azure Marketplace.
When vulnerabilities are discovered in apps available in one of the stores, developers have a maximum of 180 days to update the app with a fix. This is however only the case if the security vulnerability is not actively exploited in the wild and has a security rating of critical or important.
Microsoft expects developers to deliver patches much faster than the 180 days. The company notes that no application has come close to the deadline to this date.
Operating System Distribution
Each month, I'm looking at how each operating system is affected by the updates that were released this month.
A total of seven bulletins have been released by Microsoft this month. This month, all client versions of the Windows operating system were affected in the same way with the exception of Windows RT, if you want to count it here, which was affected by only five of the six critically rated bulletins.
On the server side of things, all server operating systems were also affected equally, with each being affected by 5 critically and 1 moderately rated bulletin.
- Windows XP: 6 critical
- Windows Vista: 6 critical
- Windows 7:Â 6 critical
- Windows 8:Â 6 critical
- Windows RT: 5 critical
- Windows Server 2003: 5 critical, 1 moderate
- Windows Server 2008: 5 critical, 1 moderate
- Windows server 2008 R2: 5 critical, 1 moderate
- Windows Server 2012: 5 critical, 1 moderate
Microsoft posts deployment recommendations that system administrators and end users can follow. It is usually more a guideline for computer networks, considering that most desktop users make use of automated updates that install one after the other in a matter of minutes.
Microsoft recommends the following deployment priority for the July 2013 updates:
- Tier 1: MS13-055 update for Internet Explorer and MS13-053 update for Kernel Mode Driver, both having an aggregate severity of critical.
- Tier 2: MS13-054 for GDI+, MS13-052 for Microsoft .Net and Silverlight, MS13-056 for DirectShow and MS13-057 for Media Format Runtime, all with an aggregate severity of critical.
- Tier 3: MS13-058 updating Windows Defender with an important severity score.
Consult the Bulletin Summary page for additional information about the update.
- MS13-052 Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution (2861561)
- MS13-053 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851)
- MS13-054 Vulnerability in GDI+ Could Allow Remote Code Execution (2848295)
- MS13-055 Cumulative Security Update for Internet Explorer (2846071)
- MS13-056 Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2845187)
- MS13-057 Vulnerability in Windows Media Format Runtime Could Allow Remote Code Execution (2847883)
- MS13-058 Vulnerability in Windows Defender Could Allow Elevation of Privilege (2847927)
Non-security related updates
Microsoft releases non-security updates in addition to security updates. The following list contains all non-security related updates that Microsoft released in the last 30 days.
- Update for Windows 7 and Windows Server 2008 R2 (KB2574819)
- Language Packs for Windows RT (KB2607607)
- Update for Windows 7 and Windows Server 2008 R2 (KB2829104)
- Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2008 (KB2836945)
- Update for Windows 8, Windows RT, and Windows Server 2012 (KB2855336)
- Update for Microsoft Camera Codec Pack for Windows 8 and Windows RT (KB2859541)
- Windows Malicious Software Removal Tool - July 2013 (KB890830)/Windows Malicious Software Removal Tool - July 2013 (KB890830) - Internet Explorer Version
- Update for Windows 7 and Windows Server 2008 R2 (KB2592687)
- Update for Windows 8, Windows RT, and Windows Server 2012 (KB2822241)
- Windows Malicious Software Removal Tool - June 2013 (KB890830) - IE Version
- MS13-029: Security Update for Windows XP (KB2813347)
- MS13-048: Security Update for Windows 8, Windows Embedded Standard 7, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP (KB2839229)
- MS13-047: Cumulative Security Update for Internet Explorer 10 for Windows 7 (KB2838727)
How to download and install the July 2013 security updates
Most end users who run a computer with Windows will receive the updates via the operating system's automatic update feature. You may however want to check for updates manually using the Windows Update tool so that they get picked up right away as the update checker is only checking for updates in intervals and not constantly.
All Windows users from Vista forward can do so with a tap on the Windows key, typing Windows Update, and the selection of the first search result from the list.
If you have disabled automatic updates, run a computer without Internet connection, or want to deploy the updates on multiple systems, you may want to download them once individually so that you can deploy them on one or multiple machines.
This is also ideal to test the updates before you apply them on work related machines in productive environments.
You can download all updates individually from Microsoft's Download Center. There you also find the monthly ISO release that includes all security updates of the month. You can alternatively use third party programs that download Windows Updates for you.Advertisement