Microsoft Security Bulletins For November 2013 overview
Microsoft is about to release this month's security updates and patches for Windows client and server operating systems.
A total of eight bulletins are released this month. Three of the bulletins have received a critical severity rating, the highest possible rating. The remaining five bulletins received a rating of important, the second highest rating.
The eight bulletins patch a total of 19 different vulnerabilities in Microsoft products.
As far as the affected software is concerned, six of the bulletins address issues in Microsoft Windows, and the remaining two vulnerabilities in Microsoft Office.
You find detailed information about the bulletins below. This includes the operating system and Office distribution, deployment suggestions, links to each bulletin to look up additional information, information about non-security updates that were released since the last Patch Day, and finally instructions on how to download those updates to your PC.
Operating System Distribution
The following list displays the bulletin distribution for each client and server operating system that Microsoft is supporting right now.
On the client side, Windows RT takes the crown once again with the least amount of vulnerabilities, followed by Windows 7 and earlier versions of Windows. Windows 8 and Windows 8.1 are affected more than any other client operating system this time.
On the server side of things, all Windows Server versions are affected in the same way by this month's security bulletins.
- Windows XP: 3 critical, 2 important
- Windows Vista: 3 critical, 2 important
- Windows 7:Â 3 critical, 2 important
- Windows 8:Â 3 critical, 3 important
- Windows 8.1: 3 critical, 3 important
- Windows RT: 3 critical, 1 important
- Windows RT 8.1: 3 critical, 1 important
- Windows Server 2003: 1 critical, 3 important, 1 moderate
- Windows Server 2008: 1 critical, 3 important, 1 moderate
- Windows Server 2008 R2: 1 critical, 3 important, 1 moderate
- Windows Server 2012: 1 critical, 3 important, 1 moderate
Office Distribution
Office 2003 is only affected by one bulletin rated important, while all newer versions of Office are affected by an additional bulletin.
- Microsoft Office 2003: 1 important
- Microsoft Office 2007: 2 important
- Microsoft Office 2010: 2 important
- Microsoft Office 2013: 2 important
Deployment Guide
Microsoft releases a deployment guide on each Patch Day that offers suggestions for administrators and individual users about the order of deployment of the released Windows updates.
Priorities are assigned to each bulletin using several factors including a bulletins severity rating, whether it is exploited in the wild, and other factors.
While this may not be an issue at all on individual systems, as patches can be installed in a heartbeat on them, companies who do testing before patches are applied may use the information to test and deploy patches in optimal order using the guide.
Click on the images below for a larger version.
- Tier 1 updates: MS13-090 ActiveX Kill Bits, MS13-088 Internet Explorer and MS13-089 Windows GDI
- Tier 2 updates: MS13-091 Office, MS13-092 Hyper-V and MS13-093 Windows AFD
- Tier 3 updates: MS13-094 Outlook and MS13-096 XML Digital Signatures
Security Bulletins
The first three are the critically rated bulletins, the remaining five have all been rated important.
- MS13-088Cumulative Security Update for Internet Explorer (2888505)
- MS13-089Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution (2876331)
- MS13-090Cumulative Security Update of ActiveX Kill Bits (2900986)
- MS13-091Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2885093)
- MS13-092Vulnerability in Hyper-V Could Allow Elevation of Privilege (2893986)
- MS13-093Vulnerability in Windows Ancillary Function Driver Could Allow Information Disclosure (2875783)
- MS13-094Vulnerability in Microsoft Outlook Could Allow Information Disclosure (2894514)
- MS13-095Vulnerability in Digital Signatures Could Allow Denial of Service
Other Security related updates / changes
- MS13-081: Security Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB2862330)
Non-security related updates
- Update for Windows 7 and Windows Server 2008 R2 (KB2830477)
- Language Packs for Windows 8.1 and Windows RT 8.1 (KB2839636)
- Update for Windows 8, Windows RT, and Windows Server 2012 (KB2882780)
- Update for Windows Small Business Server 2011 Essentials (KB2885313)
- Update for Windows Home Server 2011 (KB2885314)
- Update for Windows Storage Server 2008 R2 Essentials (KB2885315)
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2887595)
- Update for Windows 8, Windows RT, and Windows Server 2012 (KB2889784)
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2890140)
- Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2890141)
- Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2890142)
- Update for Windows 8, Windows RT, Windows Server 2012, Windows 7, and Windows Server 2008 R2 (KB2893519)
- Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2897942)
- Dynamic Update for Windows Server 2012 R2 (KB2902816)
- Update for Windows RT 8.1 (KB2903601)
- Update for Windows 8.1 (KB2904594)
- Update for Windows RT 8.1 (KB2905029)
- Windows Malicious Software Removal Tool - November 2013 (KB890830)/Windows Malicious Software Removal Tool - November 2013 (KB890830) - Internet Explorer Version
- Update for Root Certificates for Windows 8.1, Windows 8, Windows 7, Windows Vista, and Windows XP (KB931125)
- System Update Readiness Tool for Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista (KB947821) [November 2013]
- Update for Windows 7 and Windows Server 2008 R2 (KB2515325)
- Update for Windows 7 and Windows Server 2008 R2 (KB2647753)
- Update for Windows 8, Windows RT, and Windows Server 2012 (KB2883201)
- Internet Explorer 11 for Windows 7 and Windows Server 2008 R2 (KB2841134)
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2902892)
- Update for Windows RT (KB2885699)
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2901549)
- Dynamic Update for Windows RT 8.1 (KB2901630)
- Language Packs for Windows RT (KB2607607)
- Update for Windows 8 (KB2885699)
- Update for Windows 8, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP (KB2890882)
- Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update (KB951847) x86
- Dynamic Update for Windows 8.1, Windows Server 2012 R2 and Windows RT 8.1 (KB2882342)
- Dynamic Update for Windows 8.1, Windows Server 2012 R2 and Windows RT 8.1 (KB2882351)
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2883200)
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2884846)
- Dynamic Update for Windows 8.1, Windows Server 2012 R2 and Windows RT 8.1 (KB2890139)
- Dynamic Update for Windows 8.1 and Windows Server 2012 R2 (KB2890660)
- Dynamic Update for Windows 8.1, Windows Server 2012 R2 and Windows RT 8.1 (KB2891213)
- Dynamic Update for Windows 8.1, Windows Server 2012 R2 and Windows RT 8.1 (KB2891214)
- Dynamic Update for Windows 8.1, Windows Server 2012 R2 and Windows RT 8.1 (KB2892082)
- Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2895219)
- Dynamic Update for Windows 8.1, Windows Server 2012 R2 and Windows RT 8.1 (KB2895233)
- Update for Windows 8.1 (KB2895586)
- Update for Windows 8.1 (KB2895592)
- Update for Windows 8.1 (KB2895614)
- Dynamic Update for Windows 8.1 and Windows Server 2012 R2 (KB2898464)
- Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update (KB951847)
How to download and install the November 2013 security updates
The patches are already available via Windows Update. Most users should receive them via the built-in Windows updating system automatically. Some, who may have configured it to only download patches or do nothing can download them instead from other sources including Microsoft's Download Center.
The option is the most viable for users who want to test the patches before they are deployed on live systems. It can also help save bandwidth considering that updates need to be downloaded only once for deployment, instead of individually for each computer system that needs patching.
These updates can also be downloaded via third party programs that enable you to download all Windows Updates to your system.
Additional information
The Microsoft Security Bulletin Summary for this month is available here. All bulletins are described here in an overview, and with links that you can follow for additional information.
You may also want to check out this month's patch day overview on the Microsoft Security Response Center. Here you may find additional information about the patches.
Advertisement
Are these articles AI generated?
Now the duplicates are more obvious.
This is below AI generated crap. It is copy of Microsoft Help website article without any relevant supporting text. Anyway you can find this information on many pages.
Yes, but why post the exact same article under a different title twice on the same day (19 march 2023), by two different writers?
1.) Excel Keyboard Shortcuts by Trevor Monteiro.
2.) 70+ Excel Keyboard Shortcuts for Windows by Priyanka Monteiro
Why oh why?
Yeah. Tell me more about “Priyanka Monteiro”. I’m dying to know. Indian-Portuguese bot ?
Probably they will announce that the taskbar will be placed at top, right or left, at your will.
Special event by they is a special crap for us.
If it’s Microsoft, don’t buy it.
Better brands at better prices elsewhere.
All new articles have zero count comments. :S
WTF? So, If I add one photo to 5 albums, will it count 5x on my storage?
It does not make any sense… on google photos, we can add photo to multiple albums, and it does not generate any additional space usage
I have O365 until end of this year, mostly for onedrive and probably will jump into google one
Photo storage must be kept free because customers chose gadgets just for photos and photos only.
What a nonsense. Does it mean that albums are de facto folders with copies of our pictures?
Sounds exactly like the poor coding Microsoft is known for in non-critical areas i.e. non Windows Core/Office Core.
I imagine a manager gave an employee the task to create the album feature with hardly any time so they just copied the folder feature with some cosmetic changes.
And now that they discovered what poor management results in do they go back and do the album feature properly?
Nope, just charge the customer twice.
Sounds like a go-getter that needs to be promoted for increasing sales and managing underlings “efficiently”, said the next layer of middle management.
When will those comments get fixed? Was every editor here replaced by AI and no one even works on this site?
Instead of a software company, Microsoft is now a fraud company.
For me this is proof that Microsoft has a back-door option into all accounts in their cloud.
quote “…… as the MSA key allowed the hacker group access to virtually any cloud account at Microsoft…..”
unquote
so this MSA key which is available to MS officers can give access to all accounts in MS cloud.This is the backdoor that MS has into the cloud accounts. Lucky I never got any relevant files of mine in their (MS) cloud.
>”Now You: what is your theory?”
That someone handed an employee a briefcase full of cash and the employee allowed them access to all their accounts and systems.
Anything that requires 5-10 different coincidences to happen is highly unlikely. Occam’s razor.
Good reason to never login to your precious machine with a Microsoft a/c a.k.a. as the cloud.
The GAFAM are always very careless about our software automatically sending to them telemetry and crash dumps in our backs. It’s a reminder not to send them anything when it’s possible to opt out, and not to opt in, considering what they may contain. And there is irony in this carelessness biting them back, even if in that case they show that they are much more cautious when it’s their own data that is at stake.