Microsoft has released this month's security updates for Microsoft Windows, Microsoft Office and other company products just a second ago.
This month's updates bring 13 bulletins that fix a total of 47 vulnerabilities.
Four bulletins have received the highest severity rating of critical. This means that at least one product is affected critically by at least one of the vulnerabilities that the bulletin addresses.
The remaining ten bulletins have all received a maximum severity rating of important. Again, this means that at least one product is affected by it at this severity level.
The vulnerabilities in eight bulletins may allow remote code execution on affected systems, while three may enable an elevation of privileges, two the denial of service, and one for information disclosure.
Operating System Distribution
This section looks at individual operating system versions, and how each supported operating system is affected by this month's bulletins.
Microsoft has released a total of 13 bulletins in September 2013, of which seven affect at least one version of Microsoft Windows.
Windows XP is again the operating system with the highest count of critical vulnerabilities. All newer Microsoft operating systems share the same amount of critical vulnerabilities. As far as important rated vulnerabilities go (the second highest rating): Windows 7 takes the lead here followed by Vista and Windows 8, and then Windows RT.
It looks similar on the server side of things. Windows Server 2003 is the only server operating system affected by a critical bulletin. All other server products are only affected by important and moderate bulletins, with Windows Server 2008 R2 affected by one additional important rated bulletin.
Microsoft has released seven Office-related bulletins in September 2013. The distribution indicates that Office 2010 is the operating system with the largest number of vulnerabilities, followed by Office 2007. Both Office 2003 and Office 2013 share the same low number of vulnerabilities.
Microsoft releases a deployment guide each month that system administrators and individual users can use as a guideline to determine the update priority.
While it is usually sound to start with the critical updates and then the lesser severe updates, it may be important to distribute updates in a certain order, for instance to fix issues first that are exploited in the wild.
Priority 1 updates: MS13-068 Outlook, MS13-069 Internet Explorer and MS13-067 SharePoint Server
Priority 2 updates: Ms13-070 OLE, MS13-072 Office, Ms13-073 Excel, Ms13-076 Kernel-Mode Driver and Ms13-079 Active Directory
Priority 3 updates: Ms13-071 Windows Theme File, Ms13-074 Access, Ms13-075 Office IME (Chinese), Ms13-077 Windows SCM and Ms13-078 FrontPage.
Other Security related updates
Security Update for Windows 8, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista (KB2862973)
MS13-057: Security Update for Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP (KB2803821)
MS13-057: Security Update for Windows Media Format Runtime for Windows Server 2003 and Windows XP (KB2834902)
MS13-057: Security Update for Windows Media Format Runtime 9.5 for Windows XP (KB2834903)
MS13-057: Security Update for Windows Media Format Runtime for Windows Server 2003 and Windows XP (KB2834904)
MS13-057: Security Update for Windows Media Format Runtime 9.5 for Windows XP (KB2834905)
MS13-066: Security Update for Windows Server 2012, Windows Server 2008 R2, and Windows Server 2008 (KB2843639)
Non-security related updates
Update for Windows 7 and Windows Server 2008 R2 (KB2574819)
Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB2834140)
Update for Microsoft .NET Framework 4 on Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP (KB2836939)
Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP (KB2836941)
Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 (KB2836943)
Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2008 (KB2836945)
Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 (KB2836946)
Update for Windows 7 and Windows Server 2008 R2 (KB2853952)
Update for Windows 8, Windows RT, Windows Server 2012, Windows 7, Windows Server 2008 R2, and Windows Server 2008 (KB2868116)
Update for Windows 8, Windows RT, and Windows Server 2012 (KB2871389)
Update for Windows 8, Windows RT, and Windows Server 2012 (KB2871777)
Update for Windows 8, Windows RT, and Windows Server 2012 (KB2876415)
Windows Malicious Software Removal Tool - September 2013 (KB890830)/Windows Malicious Software Removal Tool - September 2013 (KB890830) - Internet Explorer Version
Update for Windows 7 and Windows Server 2008 R2 (KB2592687)
System Update Readiness Tool for Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista (KB947821)
How to download and install the September 2013 security updates
The common way to install the updates is via the operating system's built-in automatic update feature. While that is comfortable to do, it does not provide you with many controls. You cannot for instance decide the order in which updates should be installed.
The easiest way to open Windows Update is to tap on the Windows-key, enter Windows Update, and select the entry from the list of results that opens up.
You can download all patches from Microsoft's Download Center either individually, or as a monthly ISO image. An alternative to that are third party tools that you can use to download patches and updates to your system.
Additional information are available on Microsoft's MSRC blog.Advertisement
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.