Microsoft Security Bulletin Summary for November 2013
Published:
Version: 1.0
This bulletin summary lists security bulletins released for November 2013.
With the release of the security bulletins for November 2013, this bulletin summary replaces the bulletin advance notification originally issued November 7, 2013. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.
Microsoft also provides information to help customers prioritize monthly security updates with any non-security updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.
Bulletin Information
Executive Summaries
The following table summarizes the security bulletins for this month in order of severity.
For details on affected software, see the next section, Affected Software.
Cumulative Security Update for Internet Explorer (2888505)
This security update resolves ten privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution (2876331)
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views or opens a specially crafted Windows Write file in WordPad. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Cumulative Security Update of ActiveX Kill Bits (2900986)
This security update resolves a privately reported vulnerability that is currently being exploited. The vulnerability exists in the InformationCardSigninHelper Class ActiveX control. The vulnerability could allow remote code execution if a user views a specially crafted webpage with Internet Explorer, instantiating the ActiveX control. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2885093)
This security update resolves three privately reported vulnerabilitiesin Microsoft Office. The vulnerabilities could allow remote code execution if a specially crafted WordPerfect document file is opened in an affected version of Microsoft Office software. An attacker who successfully exploited the most severe vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Vulnerability in Hyper-V Could Allow Elevation of Privilege (2893986)
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker passes a specially crafted function parameter in a hypercall from an existing running virtual machine to the hypervisor. The vulnerability could also allow denial of service for the Hyper-V host if the attacker passes a specially crafted function parameter in a hypercall from an existing running virtual machine to the hypervisor.
Vulnerability in Windows Ancillary Function Driver Could Allow Information Disclosure (2875783)
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if an attacker logs on to an affected system as a local user, and runs a specially crafted application on the system that is designed to enable the attacker to obtain information from a higher-privileged account. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Vulnerability in Microsoft Outlook Could Allow Information Disclosure (2894514)
This security update resolves a publicly disclosed vulnerability in Microsoft Outlook. The vulnerability could allow information disclosure if a user opens or previews a specially crafted email message using an affected edition of Microsoft Outlook. An attacker who successfully exploited this vulnerability could ascertain system information, such as the IP address and open TCP ports, from the target system and other systems that share the network with the target system.
Vulnerability in Digital Signatures Could Allow Denial of Service (2868626)
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service when an affected web service processes a specially crafted X.509 certificate.
For 6 years now, we’ve relied on ANC to support our network; when we purchased another existing practice, ANC managed our move from coordinating with vendors, ordering hardware, and making sure our network was fully operational.
Dana RyanMision Viejo Audiology
ANC came in and prepared a project plan to transition Anaheim Hearing Center to the new systems, working with TIMS to ensure a smooth switch over. ANC took care of the entire process for us.
Julie BallAudiologist - Anaheim Hearing
We have upgraded HSA’s entire network and domain for every phase in HSA’s growth and office expansions. This includes replacing a 100+ user Exchange server and virtualizing physical servers into Hyper-V servers.
Manuel MaizteguiHuman Services Association
I recently moved my dental office and purchased 7 computers and a server. He had them networked together quickly and with a smile. I appreciate the fact that he makes himself available to answer my questions by e-mail or over the phone.
Robert DunhamDDS
we have found that we could always count on Advanced Network Consulting to keep things running well, understand what we need and get the job done. I have referred Advanced Network Consulting to other Dental Offices, and I would do so again.
Adrian AcostaDDS
We have a fairly complex office with at least 18 computers, a server, 4 TVs connected to surround sound systems, and other technical devices and ANC makes it all work. Their techs are personable and a pleasure to work with.
Sunni McbrideSouthBay Hearing
ANC designed our network, desktop and office space layout, keeping our future growth and expansion in mind. They were mindful of our budget and provided guidance in the choice of technology.
Janell ReidTustin Hearing Center
He then put together a long-term plan and provided extraordinary support during the implementation. Chris’ personality “clicked” with the entire team, which allowed him to solve a wide variety of issues. He is thorough, knowledgeable, very timely and highly ethical.
Phyllis AbramsPG Drives
They helped us by managing an upgrade of our EZDental program. Since then they have installed a server and centralized all of our data and setup a backup program. Our office computer systems have been running smoothly since we switched to ANC.
Douglas DanielsDaniels Dental Care
Whether it’s been a wireless issue or a complete installation of the new cabling of our new building, they have been our “go to” IT support company every step of the way. Their response time to solve a problem has always been quick and thorough.
Jack CrawleyFisk Auto
He and his team have worked with us through several transition and growth phases, including the opening of a second office. We rely and trust ANC to manage and secure our network and continue to enjoy our relationship with them.
Helen O'SullivanNHSOC
ANC has become an instrumental resource for our company. Advanced Network Consulting always designs the project plans not only for the task at hand, but keeping an eye on the big picture and how a specific project impacts the overall network long term goals.