Microsoft Security Bulletin Advance Notification for December 2013
Published: Thursday, December 05, 2013
Version: 1.0
This is an advance notification of security bulletins that Microsoft is intending to release on December 10, 2013.
This bulletin advance notification will be replaced with the December bulletin summary on December 10, 2013. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification .
To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications .
Microsoft will host a webcast to address customer questions on the security bulletins on December 11, 2013, at 11:00 AM Pacific Time (US & Canada). Register now for the December Security Bulletin Webcast .
Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. Please see the section, Other Information .
This advance notification provides a number as the bulletin identifier, because the official Microsoft Security Bulletin numbers are not issued until release. The bulletin summary that replaces this advance notification will have the proper Microsoft Security Bulletin numbers (in the MSyy-xxx format) as the bulletin identifier.
The following table summarizes the security bulletins for this month in order of severity.
For details on affected software, see the next section, Affected Software .
Bulletin ID
Maximum Severity Rating and Vulnerability Impact
Restart Requirement
Affected Software
Bulletin 1
Critical
Remote Code Execution
Requires restart
Microsoft Windows,
Microsoft Office,
Microsoft Lync
Bulletin 2
Critical
Remote Code Execution
Requires restart
Microsoft Windows,
Internet Explorer
Bulletin 3
Critical
Remote Code Execution
Requires restart
Microsoft Windows
Bulletin 4
Critical
Remote Code Execution
May require restart
Microsoft Windows
Bulletin 5
Critical
Remote Code Execution
Does not require restart
Microsoft Exchange
Bulletin 6
Important
Remote Code Execution
May require restart
Microsoft Office,
Microsoft Server Software
Bulletin 7
Important
Elevation of Privilege
Requires restart
Microsoft Windows
Bulletin 8
Important
Elevation of Privilege
Requires restart
Microsoft Windows
Bulletin 9
Important
Elevation of Privilege
Does not require restart
Microsoft Developer Tools
Bulletin 10
Important
Information Disclosure
May require restart
Microsoft Office
Bulletin 11
Important
Security Feature Bypass
May require restart
Microsoft Office
This advance notification provides a number as the bulletin identifier, because the official Microsoft Security Bulletin numbers are not issued until release. The bulletin summary that replaces this advance notification will have the proper Microsoft Security Bulletin numbers (in the MSyy-xxx format) as the bulletin identifier.
The following tables list the bulletins in order of major software category and severity.
How do I use these tables?
Use these tables to learn about the security updates that you may need to install. You should review each software program or component listed to see whether any security updates pertain to your installation. If a software program or component is listed, then the severity rating of the security update is also listed.
Note You may have to install several security updates for a single vulnerability. Review the whole column for each bulletin identifier that is listed to verify the updates that you have to install, based on the programs or components that you have installed on your system.
Windows Operating System and Components
Windows XP
Bulletin Identifier
Bulletin 1
Bulletin 2
Bulletin 3
Bulletin 4
Bulletin 7
Bulletin 8
Aggregate Severity Rating
None
Critical
Critical
Critical
Important
Important
Windows XP Service Pack 3
Not applicable
Internet Explorer 6
(Critical)
Internet Explorer 7
(Critical)
Internet Explorer 8
(Critical)
Windows XP Service Pack 3
(Critical)
Windows XP Service Pack 3
(Critical)
Windows XP Service Pack 3
(Important)
Windows XP Service Pack 3
(Important)
Windows XP Professional x64 Edition Service Pack 2
Not applicable
Internet Explorer 6
(Critical)
Internet Explorer 7
(Critical)
Internet Explorer 8
(Critical)
Windows XP Professional x64 Edition Service Pack 2
(Critical)
Windows XP Professional x64 Edition Service Pack 2
(Critical)
Windows XP Professional x64 Edition Service Pack 2
(Important)
Windows XP Professional x64 Edition Service Pack 2
(Important)
Windows Server 2003
Bulletin Identifier
Bulletin 1
Bulletin 2
Bulletin 3
Bulletin 4
Bulletin 7
Bulletin 8
Aggregate Severity Rating
None
Important
Critical
Critical
Important
Important
Windows Server 2003 Service Pack 2
Not applicable
Internet Explorer 6
(Moderate)
Internet Explorer 7
(Important)
Internet Explorer 8
(Important)
Windows Server 2003 Service Pack 2
(Critical)
Windows Server 2003 Service Pack 2
(Critical)
Windows Server 2003 Service Pack 2
(Important)
Windows Server 2003 Service Pack 2
(Important)
Windows Server 2003 x64 Edition Service Pack 2
Not applicable
Internet Explorer 6
(Moderate)
Internet Explorer 7
(Important)
Internet Explorer 8
(Important)
Windows Server 2003 x64 Edition Service Pack 2
(Critical)
Windows Server 2003 x64 Edition Service Pack 2
(Critical)
Windows Server 2003 x64 Edition Service Pack 2
(Important)
Windows Server 2003 x64 Edition Service Pack 2
(Important)
Windows Server 2003 with SP2 for Itanium-based Systems
Not applicable
Internet Explorer 6
(Moderate)
Internet Explorer 7
(Important)
Windows Server 2003 with SP2 for Itanium-based Systems
(Critical)
Windows Server 2003 with SP2 for Itanium-based Systems
(Critical)
Windows Server 2003 with SP2 for Itanium-based Systems
(Important)
Windows Server 2003 with SP2 for Itanium-based Systems
(Important)
Windows Vista
Bulletin Identifier
Bulletin 1
Bulletin 2
Bulletin 3
Bulletin 4
Bulletin 7
Bulletin 8
Aggregate Severity Rating
Critical
Critical
Critical
Critical
Important
None
Windows Vista Service Pack 2
Windows Vista Service Pack 2
(Critical)
Internet Explorer 7
(Critical)
Internet Explorer 8
(Critical)
Internet Explorer 9
(Critical)
Windows Vista Service Pack 2
(Critical)
Windows Vista Service Pack 2
(Critical)
Windows Vista Service Pack 2
(Important)
Not applicable
Windows Vista x64 Edition Service Pack 2
Windows Vista x64 Edition Service Pack 2
(Critical)
Internet Explorer 7
(Critical)
Internet Explorer 8
(Critical)
Internet Explorer 9
(Critical)
Windows Vista x64 Edition Service Pack 2
(Critical)
Windows Vista x64 Edition Service Pack 2
(Critical)
Windows Vista x64 Edition Service Pack 2
(Important)
Not applicable
Windows Server 2008
Bulletin Identifier
Bulletin 1
Bulletin 2
Bulletin 3
Bulletin 4
Bulletin 7
Bulletin 8
Aggregate Severity Rating
Critical
Important
Critical
Critical
Important
None
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
(Critical)
Internet Explorer 7
(Important)
Internet Explorer 8
(Important)
Internet Explorer 9
(Important)
Windows Server 2008 for 32-bit Systems Service Pack 2
(Critical)
Windows Server 2008 for 32-bit Systems Service Pack 2
(Critical)
Windows Server 2008 for 32-bit Systems Service Pack 2
(Important)
Not applicable
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
(Critical)
Internet Explorer 7
(Important)
Internet Explorer 8
(Important)
Internet Explorer 9
(Important)
Windows Server 2008 for x64-based Systems Service Pack 2
(Critical)
Windows Server 2008 for x64-based Systems Service Pack 2
(Critical)
Windows Server 2008 for x64-based Systems Service Pack 2
(Important)
Not applicable
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
(Critical)
Internet Explorer 7
(Important)
Windows Server 2008 for Itanium-based Systems Service Pack 2
(Critical)
Windows Server 2008 for Itanium-based Systems Service Pack 2
(Critical)
Windows Server 2008 for Itanium-based Systems Service Pack 2
(Important)
Not applicable
Windows 7
Bulletin Identifier
Bulletin 1
Bulletin 2
Bulletin 3
Bulletin 4
Bulletin 7
Bulletin 8
Aggregate Severity Rating
None
Critical
Critical
Critical
Important
None
Windows 7 for 32-bit Systems Service Pack 1
Not applicable
Internet Explorer 8
(Critical)
Internet Explorer 9
(Critical)
Internet Explorer 10
(Critical)
Internet Explorer 11
(Critical)
Windows 7 for 32-bit Systems Service Pack 1
(Critical)
Windows 7 for 32-bit Systems Service Pack 1
(Critical)
Windows 7 for 32-bit Systems Service Pack 1
(Important)
Not applicable
Windows 7 for x64-based Systems Service Pack 1
Not applicable
Internet Explorer 8
(Critical)
Internet Explorer 9
(Critical)
Internet Explorer 10
(Critical)
Internet Explorer 11
(Critical)
Windows 7 for x64-based Systems Service Pack 1
(Critical)
Windows 7 for x64-based Systems Service Pack 1
(Critical)
Windows 7 for x64-based Systems Service Pack 1
(Important)
Not applicable
Windows Server 2008 R2
Bulletin Identifier
Bulletin 1
Bulletin 2
Bulletin 3
Bulletin 4
Bulletin 7
Bulletin 8
Aggregate Severity Rating
None
Important
Critical
Critical
Important
None
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Not applicable
Internet Explorer 8
(Important)
Internet Explorer 9
(Important)
Internet Explorer 10
(Important)
Internet Explorer 11
(Important)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
(Critical)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
(Critical)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
(Important)
Not applicable
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Not applicable
Internet Explorer 8
(Important)
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
(Critical)
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
(Critical)
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
(Important)
Not applicable
Windows 8 and Windows 8.1
Bulletin Identifier
Bulletin 1
Bulletin 2
Bulletin 3
Bulletin 4
Bulletin 7
Bulletin 8
Aggregate Severity Rating
None
Critical
Critical
Critical
Important
None
Windows 8 for 32-bit Systems
Not applicable
Internet Explorer 10
(Critical)
Windows 8 for 32-bit Systems
(Critical)
Windows 8 for 32-bit Systems
(Critical)
Windows 8 for 32-bit Systems
(Important)
Not applicable
Windows 8 for x64-based Systems
Not applicable
Internet Explorer 10
(Critical)
Windows 8 for x64-based Systems
(Critical)
Windows 8 for x64-based Systems
(Critical)
Windows 8 for x64-based Systems
(Important)
Not applicable
Windows 8.1 for 32-bit Systems
Not applicable
Internet Explorer 11
(Critical)
Windows 8.1 for 32-bit Systems
(Critical)
Windows 8.1 for 32-bit Systems
(Critical)
Windows 8.1 for 32-bit Systems
(Moderate)
Not applicable
Windows 8.1 for x64-based Systems
Not applicable
Internet Explorer 11
(Critical)
Windows 8.1 for x64-based Systems
(Critical)
Windows 8.1 for x64-based Systems
(Critical)
Windows 8.1 for x64-based Systems
(Moderate)
Not applicable
Windows Server 2012 and Windows Server 2012 R2
Bulletin Identifier
Bulletin 1
Bulletin 2
Bulletin 3
Bulletin 4
Bulletin 7
Bulletin 8
Aggregate Severity Rating
None
Important
Critical
Critical
Important
None
Windows Server 2012
Not applicable
Internet Explorer 10
(Important)
Windows Server 2012
(Critical)
Windows Server 2012
(Critical)
Windows Server 2012
(Important)
Not applicable
Windows Server 2012 R2
Not applicable
Internet Explorer 11
(Important)
Windows Server 2012 R2
(Critical)
Windows Server 2012 R2
(Critical)
Windows Server 2012 R2
(Moderate)
Not applicable
Windows RT and Windows RT 8.1
Bulletin Identifier
Bulletin 1
Bulletin 2
Bulletin 3
Bulletin 4
Bulletin 7
Bulletin 8
Aggregate Severity Rating
None
Critical
Critical
Critical
Important
None
Windows RT
Not applicable
Internet Explorer 10
(Critical)
Windows RT
(Critical)
Windows RT
(Critical)
Windows RT
(Important)
Not applicable
Windows RT 8.1
Not applicable
Internet Explorer 11
(Critical)
Windows RT 8.1
(Critical)
Windows RT 8.1
(Critical)
Windows RT 8.1
(Important)
Not applicable
Server Core installation option
Bulletin Identifier
Bulletin 1
Bulletin 2
Bulletin 3
Bulletin 4
Bulletin 7
Bulletin 8
Aggregate Severity Rating
Critical
None
Critical
Critical
Important
None
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
(Critical)
Not applicable
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
(Critical)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
(Critical)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
(Moderate)
Not applicable
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
(Critical)
Not applicable
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
(Critical)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
(Critical)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
(Moderate)
Not applicable
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Not applicable
Not applicable
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
(Critical)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
(Critical)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
(Important)
Not applicable
Windows Server 2012 (Server Core installation)
Not applicable
Not applicable
Windows Server 2012 (Server Core installation)
(Critical)
Windows Server 2012 (Server Core installation)
(Critical)
Windows Server 2012 (Server Core installation)
(Moderate)
Not applicable
Windows Server 2012 R2 (Server Core installation)
Not applicable
Not applicable
Windows Server 2012 R2 (Server Core installation)
(Critical)
Windows Server 2012 R2 (Server Core installation)
(Critical)
Windows Server 2012 R2 (Server Core installation)
(Moderate)
Not applicable
Note for Bulletin 1
This bulletin spans more than one software category. See the other tables in this section for additional affected software.
Microsoft Office Suites and Software
Microsoft Office 2003
Bulletin Identifier
Bulletin 1
Bulletin 10
Bulletin 1 1
Aggregate Severity Rating
Critical
None
None
Microsoft Office 2003 Service Pack 3
Microsoft Office 2003 Service Pack 3
(Critical)
Not applicable
Not applicable
Microsoft Office 2007
Bulletin Identifier
Bulletin 1
Bulletin 10
Bulletin 11
Aggregate Severity Rating
Critical
None
Important
Microsoft Office 2007 Service Pack 3
Microsoft Office 2007 Service Pack 3
(Critical)
Not applicable
Microsoft Office 2007 Service Pack 3
(Important)
Microsoft Office 2010
Bulletin Identifier
Bulletin 1
Bulletin 10
Bulletin 11
Aggregate Severity Rating
Critical
None
Important
Microsoft Office 2010 Service Pack 1 (32-bit editions)
Microsoft Office 2010 Service Pack 1 (32-bit editions)
(Critical)
Not applicable
Microsoft Office 2010 Service Pack 1 (32-bit editions)
(Important)
Microsoft Office 2010 Service Pack 2 (32-bit editions)
Microsoft Office 2010 Service Pack 2 (32-bit editions)
(Critical)
Not applicable
Microsoft Office 2010 Service Pack 2 (32-bit editions)
(Important)
Microsoft Office 2010 Service Pack 1 (64-bit editions)
Microsoft Office 2010 Service Pack 1 (64-bit editions)
(Critical)
Not applicable
Microsoft Office 2010 Service Pack 1 (64-bit editions)
(Important)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
Microsoft Office 2010 Service Pack 2 (64-bit editions)
(Critical)
Not applicable
Microsoft Office 2010 Service Pack 2 (64-bit editions)
(Important)
Microsoft Office 2013
Bulletin Identifier
Bulletin 1
Bulletin 10
Bulletin 11
Aggregate Severity Rating
None
Important
None
Microsoft Office 2013 (32-bit editions)
Not applicable
Microsoft Office 2013 (32-bit editions)
(Important)
Not applicable
Microsoft Office 2013 (64-bit editions)
Not applicable
Microsoft Office 2013 (64-bit editions)
(Important)
Not applicable
Microsoft Office 2013 RT
Not applicable
Microsoft Office 2013 RT
(Important)
Not applicable
Other Office Software
Bulletin Identifier
Bulletin 1
Bulletin 10
Bulletin 11
Aggregate Severity Rating
Critical
None
None
Microsoft Office Compatibility Pack Service Pack 3
Microsoft Office Compatibility Pack Service Pack 3
(Critical)
Not applicable
Not applicable
Note for Bulletin 1
This bulletin spans more than one software category. See the other tables in this section for additional affected software.
Microsoft Server Software
Microsoft SharePoint Server 2013
Bulletin Identifier
Bulletin 5
Bulletin 6
Aggregate Severity Rating
None
Important
Microsoft SharePoint Server 2013
Not applicable
Microsoft SharePoint Server 2013
(Important)
Microsoft Exchange Server 2007
Bulletin Identifier
Bulletin 5
Bulletin 6
Aggregate Severity Rating
Critical
None
Microsoft Exchange Server 2007 Service Pack 3
Microsoft Exchange Server 2007 Service Pack 3
(Critical)
Not applicable
Microsoft Exchange Server 2010
Bulletin Identifier
Bulletin 5
Bulletin 6
Aggregate Severity Rating
Critical
None
Microsoft Exchange Server 2010 Service Pack 2
Microsoft Exchange Server 2010 Service Pack 2
(Critical)
Not applicable
Microsoft Exchange Server 2010 Service Pack 3
Microsoft Exchange Server 2010 Service Pack 3
(Critical)
Not applicable
Microsoft Exchange Server 2013
Bulletin Identifier
Bulletin 5
Bulletin 6
Aggregate Severity Rating
Critical
None
Microsoft Exchange Server 2013 Cumulative Update 2
Microsoft Exchange Server 2013 Cumulative Update 2
(Critical)
Not applicable
Microsoft Exchange Server 2013 Cumulative Update 3
Microsoft Exchange Server 2013 Cumulative Update 3
(Critical)
Not applicable
Note for Bulletin 6
This bulletin spans more than one software category. See the other tables in this section for additional affected software.
Microsoft Office Services and Web Apps
Microsoft SharePoint Server 2010
Bulletin Identifier
Bulletin 6
Aggregate Severity Rating
Important
Microsoft SharePoint Server 2010 Service Pack 1
Microsoft Business Productivity Servers
(Important)
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Business Productivity Servers
(Important)
Microsoft SharePoint Server 2013
Bulletin Identifier
Bulletin 6
Aggregate Severity Rating
Important
Microsoft SharePoint Server 2013
Microsoft Business Productivity Servers
(Important)
Excel Services
(Important)
Microsoft Office Web Apps 2013
Bulletin Identifier
Bulletin 6
Aggregate Severity Rating
Important
Microsoft Office Web Apps 2013
Microsoft Office Web Apps Server 2013
(Important)
Note for Bulletin 6
This bulletin spans more than one software category. See the other tables in this section for additional affected software.
Microsoft Communication Platforms and Software
Microsoft Lync 2010
Bulletin Identifier
Bulletin 1
Aggregate Severity Rating
Important
Microsoft Lync 2010 (32-bit)
Microsoft Lync 2010 (32-bit)
(Important)
Microsoft Lync 2010 (64-bit)
Microsoft Lync 2010 (64-bit)
(Important)
Microsoft Lync 2010 Attendee
(user level install)
Microsoft Lync 2010 Attendee
(user level install)
(Important)
Microsoft Lync 2010 Attendee
(admin level install)
Microsoft Lync 2010 Attendee
(admin level install)
(Important)
Microsoft Lync 2013
Bulletin Identifier
Bulletin 1
Aggregate Severity Rating
Important
Microsoft Lync 2013 (32-bit)
Microsoft Lync 2013 (32-bit)
(Important)
Microsoft Lync Basic 2013 (32-bit)
Microsoft Lync Basic 2013 (32-bit)
(Important)
Microsoft Lync 2013 (64-bit)
Microsoft Lync 2013 (64-bit)
(Important)
Microsoft Lync Basic 2013 (64-bit)
Microsoft Lync Basic 2013 (64-bit)
(Important)
Note for Bulletin 1
This bulletin spans more than one software category. See the other tables in this section for additional affected software.
Microsoft Developer Tools and Software
ASP.NET SignalR
Bulletin Identifier
Bulletin 9
Aggregate Severity Rating
Important
ASP.NET SignalR
ASP.NET SignalR
(Important)
Microsoft Visual Studio Team Foundation Server
Bulletin Identifier
Bulletin 9
Aggregate Severity Rating
Important
Microsoft Visual Studio Team Foundation Server 2013
Microsoft Visual Studio Team Foundation Server 2013
(Important)
About Advanced Network Consulting:
Does the thought of upgrading your company’s technology seem daunting? Not sure where to start? Advanced Network Consulting can help. Our Microsoft and Cisco Certified technicians have many years of hands-on experience assisting real estate, escrow and mortgage offices, trucking companies, manufacturers, law firms, dental offices, nonprofits, and many other types of businesses. We have accomplished everything from cabling a newly built in office and integrating all its new technology, to doing complex server upgrades and migrations for multiple locations. Our technicians provide professional, expert design and direction customized for your business’ want and goals. For new and prospective clients, we offer a complimentary onsite technology meeting. To schedule an appointment, simply call 562.903.3992. We look forward to added prosperity of your business.
ASP.NET SignalR
Bulletin Identifier
Bulletin 9
Aggregate Severity Rating
Important
ASP.NET SignalR
ASP.NET SignalR
(Important)
Microsoft Visual Studio Team Foundation Server
Bulletin Identifier
Bulletin 9
Aggregate Severity Rating
Important
Microsoft Visual Studio Team Foundation Server 2013
Microsoft Visual Studio Team Foundation Server 2013
(Important)