Microsoft Security Bulletins For August 2013 overview
Welcome to our analysis of Microsoft's Patch Tuesday of August 2013. The company has released a total of eight bulletins this time that patch vulnerabilities in Microsoft Windows, Microsoft Server Software, and Internet Explorer.
Three of the bulletins have received a maximum severity rating of critical, the highest rating available, while the remaining five bulletins have all received one of important, the second highest rating.
What this means is that there is at least one product that is affected by a vulnerability this way, while other products may have received the same or a lower severity rating.
The eight bulletins that Microsoft is releasing fix a total of 23 different vulnerabilities in Microsoft products.
Operating System Distribution
This section looks at individual operating systems and how each one is affected by vulnerabilities that Microsoft fixed on this Patch Tuesday in August 2013.
Microsoft has released a total of eight bulletins for various client and server operating systems, and other software such as Microsoft Office or Internet Explorer. While Internet Explorer is included in Windows, it is handled separately by Microsoft in regards to vulnerabilities.
Windows XP is taking the crown this time as it is affected by more critical vulnerabilities than all other client operating systems. All other systems, Vista, 7 and 8, share the same vulnerability ratings.
You find the same distribution on the server side, with Windows Server 2003 affected by a single critical vulnerability, while newer server operating systems share the same vulnerability scores.
- Windows XP: 2 critical, 2 important
- Windows Vista: 1 critical, 3 important
- Windows 7:Â 1 critical, 3 important
- Windows 8:Â 1 critical, 3 important
- Windows RT: 1 critical, 2 important
- Windows Server 2003: 1 critical, 2 important, 1 moderate
- Windows Server 2008: 4 important, 1 moderate
- Windows server 2008 R2: 4 important, 1 moderate
- Windows Server 2012: 4 important, 1 moderate
Deployment Guide
Microsoft releases a deployment priority guide each month to aid system administrators and users in prioritizing updates. It is usually the case that critical updates should be deployed first before other updates are deployed.
Microsoft suggests the following deployment priority:
- Tier 1: MS13-059 update for Internet Explorer and MS13-060 which updates the Unicode Scripts Processor.
- Tier 2: MS13-061, an update for Exchange Server, Ms13-062 updating Remote Procedure Call, and Ms13-063 patching Windows Kernel.
- Tier 3: Ms13-066 an update for Active Directory Federation Services, Ms13-064 updating Windows NAT driver, and Ms13-065 updating ICMPv6.
Security Bulletins
- MS13-059 Cumulative Security Update for Internet Explorer (2862772)
- MS13-060 Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2850869)
- MS13-061 Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2876063)
- MS13-062 Vulnerability in Remote Procedure Call Could Allow Elevation of Privilege (2849470)
- MS13-063 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2859537)
- MS13-064 Vulnerability in Windows NAT Driver Could Allow Denial of Service (2849568)
- MS13-065 Vulnerability in ICMPv6 could allow Denial of Service (2868623)
- MS13-066 Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (2873872)
Non-security related updates
Security updates do get prioritized by Microsoft. It pays to look at the list of non-security updates that Microsoft has released as they can fix non-security related issues. This can improve the stability of a system, its performance, fix bugs in programs or features, or improve the system in other ways.
- Update for Windows 8 and Windows RT (KB2856373)
- Update for Windows 8, Windows RT, and Windows Server 2012 (KB2862768)
- Update for Windows 8, Windows RT, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP (KB2863058)
- Windows Malicious Software Removal Tool - August 2013 (KB890830)/Windows Malicious Software Removal Tool - August 2013 (KB890830) - Internet Explorer Version
- Update for Root Certificates for Windows 8, Windows 7, Windows Vista, and Windows XP (KB931125)
- Language Packs for Windows RT (KB2607607)
- Language Packs for Windows RT and Windows 8 (KB2607607)
How to download and install the August 2013 security updates
Most Windows users have automatic updates enabled on their systems, which means that important updates do get downloaded and installed automatically on their systems. While that is the case, it is often a good idea to check for updates manually shortly after this article goes live as you may have to wait hours and sometimes even days before the updates get installed otherwise.
Most Windows users can do the following to check for updates.
- Tap on the Windows-key and type Windows Update in the form that opens.
- Select Windows Update from the list of results.
- Click on check for updates there to run a manual update check.
- Look at the updates found and click on install updates afterwards.
- It is usually required to restart the PC in the end to complete the process.
Experienced users and system administrators do not install updates right away. The core reason for this is that updates may include bugs or issues that Microsoft's quality testing has missed. That's why updates can also be downloaded from Microsoft directly.
This is not only useful when you want to test updates in a safe environment, a virtual machine or test system for example, but also when you need to deploy them on a larger scale. If you are using Windows Update to download updates, you are wasting bandwidth as each PC is downloading the same updates (provided they are running the same version of Windows).
You can download all patches from Microsoft's Download Center either individually, or as a monthly ISO image. An alternative to that are third party tools that you can use to download patches and updates to your system.
Advertisement
Are these articles AI generated?
Now the duplicates are more obvious.
This is below AI generated crap. It is copy of Microsoft Help website article without any relevant supporting text. Anyway you can find this information on many pages.
Yes, but why post the exact same article under a different title twice on the same day (19 march 2023), by two different writers?
1.) Excel Keyboard Shortcuts by Trevor Monteiro.
2.) 70+ Excel Keyboard Shortcuts for Windows by Priyanka Monteiro
Why oh why?
Yeah. Tell me more about “Priyanka Monteiro”. I’m dying to know. Indian-Portuguese bot ?
Probably they will announce that the taskbar will be placed at top, right or left, at your will.
Special event by they is a special crap for us.
If it’s Microsoft, don’t buy it.
Better brands at better prices elsewhere.
All new articles have zero count comments. :S
WTF? So, If I add one photo to 5 albums, will it count 5x on my storage?
It does not make any sense… on google photos, we can add photo to multiple albums, and it does not generate any additional space usage
I have O365 until end of this year, mostly for onedrive and probably will jump into google one
Photo storage must be kept free because customers chose gadgets just for photos and photos only.
What a nonsense. Does it mean that albums are de facto folders with copies of our pictures?
Sounds exactly like the poor coding Microsoft is known for in non-critical areas i.e. non Windows Core/Office Core.
I imagine a manager gave an employee the task to create the album feature with hardly any time so they just copied the folder feature with some cosmetic changes.
And now that they discovered what poor management results in do they go back and do the album feature properly?
Nope, just charge the customer twice.
Sounds like a go-getter that needs to be promoted for increasing sales and managing underlings “efficiently”, said the next layer of middle management.
When will those comments get fixed? Was every editor here replaced by AI and no one even works on this site?
Instead of a software company, Microsoft is now a fraud company.
For me this is proof that Microsoft has a back-door option into all accounts in their cloud.
quote “…… as the MSA key allowed the hacker group access to virtually any cloud account at Microsoft…..”
unquote
so this MSA key which is available to MS officers can give access to all accounts in MS cloud.This is the backdoor that MS has into the cloud accounts. Lucky I never got any relevant files of mine in their (MS) cloud.
>”Now You: what is your theory?”
That someone handed an employee a briefcase full of cash and the employee allowed them access to all their accounts and systems.
Anything that requires 5-10 different coincidences to happen is highly unlikely. Occam’s razor.
Good reason to never login to your precious machine with a Microsoft a/c a.k.a. as the cloud.
The GAFAM are always very careless about our software automatically sending to them telemetry and crash dumps in our backs. It’s a reminder not to send them anything when it’s possible to opt out, and not to opt in, considering what they may contain. And there is irony in this carelessness biting them back, even if in that case they show that they are much more cautious when it’s their own data that is at stake.