Microsoft Security Bulletin Advance Notification for December 2013

Published: Thursday, December 05, 2013

Version: 1.0

This is an advance notification of security bulletins that Microsoft is intending to release on December 10, 2013.

This bulletin advance notification will be replaced with the December bulletin summary on December 10, 2013. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications.

Microsoft will host a webcast to address customer questions on the security bulletins on December 11, 2013, at 11:00 AM Pacific Time (US & Canada). Register now for the December Security Bulletin Webcast.

Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.

Bulletin Information

Executive Summaries

This advance notification provides a number as the bulletin identifier, because the official Microsoft Security Bulletin numbers are not issued until release. The bulletin summary that replaces this advance notification will have the proper Microsoft Security Bulletin numbers (in the MSyy-xxx format) as the bulletin identifier.

The following table summarizes the security bulletins for this month in order of severity.

For details on affected software, see the next section, Affected Software.

Bulletin ID	Maximum Severity Rating and Vulnerability Impact	Restart Requirement	Affected Software
Bulletin 1	Critical Remote Code Execution	Requires restart	Microsoft Windows, Microsoft Office, Microsoft Lync
Bulletin 2	Critical Remote Code Execution	Requires restart	Microsoft Windows, Internet Explorer
Bulletin 3	Critical Remote Code Execution	Requires restart	Microsoft Windows
Bulletin 4	Critical Remote Code Execution	May require restart	Microsoft Windows
Bulletin 5	Critical Remote Code Execution	Does not require restart	Microsoft Exchange
Bulletin 6	Important Remote Code Execution	May require restart	Microsoft Office, Microsoft Server Software
Bulletin 7	Important Elevation of Privilege	Requires restart	Microsoft Windows
Bulletin 8	Important Elevation of Privilege	Requires restart	Microsoft Windows
Bulletin 9	Important Elevation of Privilege	Does not require restart	Microsoft Developer Tools
Bulletin 10	Important Information Disclosure	May require restart	Microsoft Office
Bulletin 11	Important Security Feature Bypass	May require restart	Microsoft Office

Affected Software

The following tables list the bulletins in order of major software category and severity.

How do I use these tables?

Use these tables to learn about the security updates that you may need to install. You should review each software program or component listed to see whether any security updates pertain to your installation. If a software program or component is listed, then the severity rating of the security update is also listed.

Note You may have to install several security updates for a single vulnerability. Review the whole column for each bulletin identifier that is listed to verify the updates that you have to install, based on the programs or components that you have installed on your system.