«

»

Microsoft Security Bulletin Advance Notification for December 2013

Microsoft Security Bulletin Advance Notification for December 2013

Published:

Version: 1.0

This is an advance notification of security bulletins that Microsoft is intending to release on December 10, 2013.

This bulletin advance notification will be replaced with the December bulletin summary on December 10, 2013. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications.

Microsoft will host a webcast to address customer questions on the security bulletins on December 11, 2013, at 11:00 AM Pacific Time (US & Canada). Register now for the December Security Bulletin Webcast.

Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.

Bulletin Information

Executive Summaries

This advance notification provides a number as the bulletin identifier, because the official Microsoft Security Bulletin numbers are not issued until release. The bulletin summary that replaces this advance notification will have the proper Microsoft Security Bulletin numbers (in the MSyy-xxx format) as the bulletin identifier.

The following table summarizes the security bulletins for this month in order of severity.

For details on affected software, see the next section, Affected Software.

Bulletin ID Maximum Severity Rating and Vulnerability Impact Restart Requirement Affected Software
Bulletin 1 Critical
Remote Code Execution
Requires restart Microsoft Windows,
Microsoft Office,
Microsoft Lync
Bulletin 2 Critical
Remote Code Execution
Requires restart Microsoft Windows,
Internet Explorer
Bulletin 3 Critical
Remote Code Execution
Requires restart Microsoft Windows
Bulletin 4 Critical
Remote Code Execution
May require restart Microsoft Windows
Bulletin 5 Critical
Remote Code Execution
Does not require restart Microsoft Exchange
Bulletin 6 Important
Remote Code Execution
May require restart Microsoft Office,
Microsoft Server Software
Bulletin 7 Important
Elevation of Privilege
Requires restart Microsoft Windows
Bulletin 8 Important
Elevation of Privilege
Requires restart Microsoft Windows
Bulletin 9 Important
Elevation of Privilege
Does not require restart Microsoft Developer Tools
Bulletin 10 Important
Information Disclosure
May require restart Microsoft Office
Bulletin 11 Important
Security Feature Bypass
May require restart Microsoft Office

Affected Software

This advance notification provides a number as the bulletin identifier, because the official Microsoft Security Bulletin numbers are not issued until release. The bulletin summary that replaces this advance notification will have the proper Microsoft Security Bulletin numbers (in the MSyy-xxx format) as the bulletin identifier.

The following tables list the bulletins in order of major software category and severity.

How do I use these tables?

Use these tables to learn about the security updates that you may need to install. You should review each software program or component listed to see whether any security updates pertain to your installation. If a software program or component is listed, then the severity rating of the security update is also listed.

Note You may have to install several security updates for a single vulnerability. Review the whole column for each bulletin identifier that is listed to verify the updates that you have to install, based on the programs or components that you have installed on your system.

Windows Operating System and Components
Windows XP
Bulletin Identifier Bulletin 1 Bulletin 2 Bulletin 3 Bulletin 4 Bulletin 7 Bulletin 8
Aggregate Severity Rating None Critical Critical Critical Important Important
Windows XP Service Pack 3 Not applicable Internet Explorer 6
(Critical)

Internet Explorer 7
(Critical)

Internet Explorer 8
(Critical)

Windows XP Service Pack 3
(Critical)
Windows XP Service Pack 3
(Critical)
Windows XP Service Pack 3
(Important)
Windows XP Service Pack 3
(Important)
Windows XP Professional x64 Edition Service Pack 2 Not applicable Internet Explorer 6
(Critical)

Internet Explorer 7
(Critical)

Internet Explorer 8
(Critical)

Windows XP Professional x64 Edition Service Pack 2
(Critical)
Windows XP Professional x64 Edition Service Pack 2
(Critical)
Windows XP Professional x64 Edition Service Pack 2
(Important)
Windows XP Professional x64 Edition Service Pack 2
(Important)
Windows Server 2003
Bulletin Identifier Bulletin 1 Bulletin 2 Bulletin 3 Bulletin 4 Bulletin 7 Bulletin 8
Aggregate Severity Rating None Important Critical Critical Important Important
Windows Server 2003 Service Pack 2 Not applicable Internet Explorer 6
(Moderate)

Internet Explorer 7
(Important)

Internet Explorer 8
(Important)

Windows Server 2003 Service Pack 2
(Critical)
Windows Server 2003 Service Pack 2
(Critical)
Windows Server 2003 Service Pack 2
(Important)
Windows Server 2003 Service Pack 2
(Important)
Windows Server 2003 x64 Edition Service Pack 2 Not applicable Internet Explorer 6
(Moderate)

Internet Explorer 7
(Important)

Internet Explorer 8
(Important)

Windows Server 2003 x64 Edition Service Pack 2
(Critical)
Windows Server 2003 x64 Edition Service Pack 2
(Critical)
Windows Server 2003 x64 Edition Service Pack 2
(Important)
Windows Server 2003 x64 Edition Service Pack 2
(Important)
Windows Server 2003 with SP2 for Itanium-based Systems Not applicable Internet Explorer 6
(Moderate)

Internet Explorer 7
(Important)

Windows Server 2003 with SP2 for Itanium-based Systems
(Critical)
Windows Server 2003 with SP2 for Itanium-based Systems
(Critical)
Windows Server 2003 with SP2 for Itanium-based Systems
(Important)
Windows Server 2003 with SP2 for Itanium-based Systems
(Important)
Windows Vista
Bulletin Identifier Bulletin 1 Bulletin 2 Bulletin 3 Bulletin 4 Bulletin 7 Bulletin 8
Aggregate Severity Rating Critical Critical Critical Critical Important None
Windows Vista Service Pack 2 Windows Vista Service Pack 2
(Critical)
Internet Explorer 7
(Critical)

Internet Explorer 8
(Critical)

Internet Explorer 9
(Critical)

Windows Vista Service Pack 2
(Critical)
Windows Vista Service Pack 2
(Critical)
Windows Vista Service Pack 2
(Important)
Not applicable
Windows Vista x64 Edition Service Pack 2 Windows Vista x64 Edition Service Pack 2
(Critical)
Internet Explorer 7
(Critical)

Internet Explorer 8
(Critical)

Internet Explorer 9
(Critical)

Windows Vista x64 Edition Service Pack 2
(Critical)
Windows Vista x64 Edition Service Pack 2
(Critical)
Windows Vista x64 Edition Service Pack 2
(Important)
Not applicable
Windows Server 2008
Bulletin Identifier Bulletin 1 Bulletin 2 Bulletin 3 Bulletin 4 Bulletin 7 Bulletin 8
Aggregate Severity Rating Critical Important Critical Critical Important None
Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2
(Critical)
Internet Explorer 7
(Important)

Internet Explorer 8
(Important)

Internet Explorer 9
(Important)

Windows Server 2008 for 32-bit Systems Service Pack 2
(Critical)
Windows Server 2008 for 32-bit Systems Service Pack 2
(Critical)
Windows Server 2008 for 32-bit Systems Service Pack 2
(Important)
Not applicable
Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2
(Critical)
Internet Explorer 7
(Important)

Internet Explorer 8
(Important)

Internet Explorer 9
(Important)

Windows Server 2008 for x64-based Systems Service Pack 2
(Critical)
Windows Server 2008 for x64-based Systems Service Pack 2
(Critical)
Windows Server 2008 for x64-based Systems Service Pack 2
(Important)
Not applicable
Windows Server 2008 for Itanium-based Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems Service Pack 2
(Critical)
Internet Explorer 7
(Important)
Windows Server 2008 for Itanium-based Systems Service Pack 2
(Critical)
Windows Server 2008 for Itanium-based Systems Service Pack 2
(Critical)
Windows Server 2008 for Itanium-based Systems Service Pack 2
(Important)
Not applicable
Windows 7
Bulletin Identifier Bulletin 1 Bulletin 2 Bulletin 3 Bulletin 4 Bulletin 7 Bulletin 8
Aggregate Severity Rating None Critical Critical Critical Important None
Windows 7 for 32-bit Systems Service Pack 1 Not applicable Internet Explorer 8
(Critical)

Internet Explorer 9
(Critical)

Internet Explorer 10
(Critical)

Internet Explorer 11
(Critical)

Windows 7 for 32-bit Systems Service Pack 1
(Critical)
Windows 7 for 32-bit Systems Service Pack 1
(Critical)
Windows 7 for 32-bit Systems Service Pack 1
(Important)
Not applicable
Windows 7 for x64-based Systems Service Pack 1 Not applicable Internet Explorer 8
(Critical)

Internet Explorer 9
(Critical)

Internet Explorer 10
(Critical)

Internet Explorer 11
(Critical)

Windows 7 for x64-based Systems Service Pack 1
(Critical)
Windows 7 for x64-based Systems Service Pack 1
(Critical)
Windows 7 for x64-based Systems Service Pack 1
(Important)
Not applicable
Windows Server 2008 R2
Bulletin Identifier Bulletin 1 Bulletin 2 Bulletin 3 Bulletin 4 Bulletin 7 Bulletin 8
Aggregate Severity Rating None Important Critical Critical Important None
Windows Server 2008 R2 for x64-based Systems Service Pack 1 Not applicable Internet Explorer 8
(Important)

Internet Explorer 9
(Important)

Internet Explorer 10
(Important)

Internet Explorer 11
(Important)

Windows Server 2008 R2 for x64-based Systems Service Pack 1
(Critical)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
(Critical)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
(Important)
Not applicable
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Not applicable Internet Explorer 8
(Important)
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
(Critical)
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
(Critical)
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
(Important)
Not applicable
Windows 8 and Windows 8.1
Bulletin Identifier Bulletin 1 Bulletin 2 Bulletin 3 Bulletin 4 Bulletin 7 Bulletin 8
Aggregate Severity Rating None Critical Critical Critical Important None
Windows 8 for 32-bit Systems Not applicable Internet Explorer 10
(Critical)
Windows 8 for 32-bit Systems
(Critical)
Windows 8 for 32-bit Systems
(Critical)
Windows 8 for 32-bit Systems
(Important)
Not applicable
Windows 8 for x64-based Systems Not applicable Internet Explorer 10
(Critical)
Windows 8 for x64-based Systems
(Critical)
Windows 8 for x64-based Systems
(Critical)
Windows 8 for x64-based Systems
(Important)
Not applicable
Windows 8.1 for 32-bit Systems Not applicable Internet Explorer 11
(Critical)
Windows 8.1 for 32-bit Systems
(Critical)
Windows 8.1 for 32-bit Systems
(Critical)
Windows 8.1 for 32-bit Systems
(Moderate)
Not applicable
Windows 8.1 for x64-based Systems Not applicable Internet Explorer 11
(Critical)
Windows 8.1 for x64-based Systems
(Critical)
Windows 8.1 for x64-based Systems
(Critical)
Windows 8.1 for x64-based Systems
(Moderate)
Not applicable
Windows Server 2012 and Windows Server 2012 R2
Bulletin Identifier Bulletin 1 Bulletin 2 Bulletin 3 Bulletin 4 Bulletin 7 Bulletin 8
Aggregate Severity Rating None Important Critical Critical Important None
Windows Server 2012 Not applicable Internet Explorer 10
(Important)
Windows Server 2012
(Critical)
Windows Server 2012
(Critical)
Windows Server 2012
(Important)
Not applicable
Windows Server 2012 R2 Not applicable Internet Explorer 11
(Important)
Windows Server 2012 R2
(Critical)
Windows Server 2012 R2
(Critical)
Windows Server 2012 R2
(Moderate)
Not applicable
Windows RT and Windows RT 8.1
Bulletin Identifier Bulletin 1 Bulletin 2 Bulletin 3 Bulletin 4 Bulletin 7 Bulletin 8
Aggregate Severity Rating None Critical Critical Critical Important None
Windows RT Not applicable Internet Explorer 10
(Critical)
Windows RT
(Critical)
Windows RT
(Critical)
Windows RT
(Important)
Not applicable
Windows RT 8.1 Not applicable Internet Explorer 11
(Critical)
Windows RT 8.1
(Critical)
Windows RT 8.1
(Critical)
Windows RT 8.1
(Important)
Not applicable
Server Core installation option
Bulletin Identifier Bulletin 1 Bulletin 2 Bulletin 3 Bulletin 4 Bulletin 7 Bulletin 8
Aggregate Severity Rating Critical None Critical Critical Important None
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
(Critical)
Not applicable Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
(Critical)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
(Critical)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
(Moderate)
Not applicable
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
(Critical)
Not applicable Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
(Critical)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
(Critical)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
(Moderate)
Not applicable
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Not applicable Not applicable Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
(Critical)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
(Critical)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
(Important)
Not applicable
Windows Server 2012 (Server Core installation) Not applicable Not applicable Windows Server 2012 (Server Core installation)
(Critical)
Windows Server 2012 (Server Core installation)
(Critical)
Windows Server 2012 (Server Core installation)
(Moderate)
Not applicable
Windows Server 2012 R2 (Server Core installation) Not applicable Not applicable Windows Server 2012 R2 (Server Core installation)
(Critical)
Windows Server 2012 R2 (Server Core installation)
(Critical)
Windows Server 2012 R2 (Server Core installation)
(Moderate)
Not applicable

Note for Bulletin 1

This bulletin spans more than one software category. See the other tables in this section for additional affected software.

Microsoft Office Suites and Software
Microsoft Office 2003
Bulletin Identifier Bulletin 1 Bulletin 10 Bulletin 11
Aggregate Severity Rating Critical None None
Microsoft Office 2003 Service Pack 3 Microsoft Office 2003 Service Pack 3
(Critical)
Not applicable Not applicable
Microsoft Office 2007
Bulletin Identifier Bulletin 1 Bulletin 10 Bulletin 11
Aggregate Severity Rating Critical None Important
Microsoft Office 2007 Service Pack 3 Microsoft Office 2007 Service Pack 3
(Critical)
Not applicable Microsoft Office 2007 Service Pack 3
(Important)
Microsoft Office 2010
Bulletin Identifier Bulletin 1 Bulletin 10 Bulletin 11
Aggregate Severity Rating Critical None Important
Microsoft Office 2010 Service Pack 1 (32-bit editions) Microsoft Office 2010 Service Pack 1 (32-bit editions)
(Critical)
Not applicable Microsoft Office 2010 Service Pack 1 (32-bit editions)
(Important)
Microsoft Office 2010 Service Pack 2 (32-bit editions) Microsoft Office 2010 Service Pack 2 (32-bit editions)
(Critical)
Not applicable Microsoft Office 2010 Service Pack 2 (32-bit editions)
(Important)
Microsoft Office 2010 Service Pack 1 (64-bit editions) Microsoft Office 2010 Service Pack 1 (64-bit editions)
(Critical)
Not applicable Microsoft Office 2010 Service Pack 1 (64-bit editions)
(Important)
Microsoft Office 2010 Service Pack 2 (64-bit editions) Microsoft Office 2010 Service Pack 2 (64-bit editions)
(Critical)
Not applicable Microsoft Office 2010 Service Pack 2 (64-bit editions)
(Important)
Microsoft Office 2013
Bulletin Identifier Bulletin 1 Bulletin 10 Bulletin 11
Aggregate Severity Rating None Important None
Microsoft Office 2013 (32-bit editions) Not applicable Microsoft Office 2013 (32-bit editions)
(Important)
Not applicable
Microsoft Office 2013 (64-bit editions) Not applicable Microsoft Office 2013 (64-bit editions)
(Important)
Not applicable
Microsoft Office 2013 RT Not applicable Microsoft Office 2013 RT
(Important)
Not applicable
Other Office Software
Bulletin Identifier Bulletin 1 Bulletin 10 Bulletin 11
Aggregate Severity Rating Critical None None
Microsoft Office Compatibility Pack Service Pack 3 Microsoft Office Compatibility Pack Service Pack 3
(Critical)
Not applicable Not applicable

Note for Bulletin 1

This bulletin spans more than one software category. See the other tables in this section for additional affected software.

 

Microsoft Server Software
Microsoft SharePoint Server 2013
Bulletin Identifier Bulletin 5 Bulletin 6
Aggregate Severity Rating None Important
Microsoft SharePoint Server 2013 Not applicable Microsoft SharePoint Server 2013
(Important)
Microsoft Exchange Server 2007
Bulletin Identifier Bulletin 5 Bulletin 6
Aggregate Severity Rating Critical None
Microsoft Exchange Server 2007 Service Pack 3 Microsoft Exchange Server 2007 Service Pack 3
(Critical)
Not applicable
Microsoft Exchange Server 2010
Bulletin Identifier Bulletin 5 Bulletin 6
Aggregate Severity Rating Critical None
Microsoft Exchange Server 2010 Service Pack 2 Microsoft Exchange Server 2010 Service Pack 2
(Critical)
Not applicable
Microsoft Exchange Server 2010 Service Pack 3 Microsoft Exchange Server 2010 Service Pack 3

(Critical)
Not applicable
Microsoft Exchange Server 2013
Bulletin Identifier Bulletin 5 Bulletin 6
Aggregate Severity Rating Critical None
Microsoft Exchange Server 2013 Cumulative Update 2 Microsoft Exchange Server 2013 Cumulative Update 2
(Critical)
Not applicable
Microsoft Exchange Server 2013 Cumulative Update 3 Microsoft Exchange Server 2013 Cumulative Update 3
(Critical)
Not applicable

Note for Bulletin 6

This bulletin spans more than one software category. See the other tables in this section for additional affected software.

 

Microsoft Office Services and Web Apps
Microsoft SharePoint Server 2010
Bulletin Identifier Bulletin 6
Aggregate Severity Rating Important
Microsoft SharePoint Server 2010 Service Pack 1 Microsoft Business Productivity Servers
(Important)
Microsoft SharePoint Server 2010 Service Pack 2 Microsoft Business Productivity Servers
(Important)
Microsoft SharePoint Server 2013
Bulletin Identifier Bulletin 6
Aggregate Severity Rating Important
Microsoft SharePoint Server 2013 Microsoft Business Productivity Servers
(Important)

Excel Services
(Important)

Microsoft Office Web Apps 2013
Bulletin Identifier Bulletin 6
Aggregate Severity Rating Important
Microsoft Office Web Apps 2013 Microsoft Office Web Apps Server 2013
(Important)

Note for Bulletin 6

This bulletin spans more than one software category. See the other tables in this section for additional affected software.

Microsoft Communication Platforms and Software
Microsoft Lync 2010
Bulletin Identifier Bulletin 1
Aggregate Severity Rating Important
Microsoft Lync 2010 (32-bit) Microsoft Lync 2010 (32-bit)
(Important)
Microsoft Lync 2010 (64-bit) Microsoft Lync 2010 (64-bit)
(Important)
Microsoft Lync 2010 Attendee
(user level install)
Microsoft Lync 2010 Attendee
(user level install)
(Important)
Microsoft Lync 2010 Attendee
(admin level install)
Microsoft Lync 2010 Attendee
(admin level install)
(Important)
Microsoft Lync 2013
Bulletin Identifier Bulletin 1
Aggregate Severity Rating Important
Microsoft Lync 2013 (32-bit) Microsoft Lync 2013 (32-bit)
(Important)
Microsoft Lync Basic 2013 (32-bit) Microsoft Lync Basic 2013 (32-bit)
(Important)
Microsoft Lync 2013 (64-bit) Microsoft Lync 2013 (64-bit)
(Important)
Microsoft Lync Basic 2013 (64-bit) Microsoft Lync Basic 2013 (64-bit)
(Important)

Note for Bulletin 1

This bulletin spans more than one software category. See the other tables in this section for additional affected software.

Microsoft Developer Tools and Software
ASP.NET SignalR
Bulletin Identifier Bulletin 9
Aggregate Severity Rating Important
ASP.NET SignalR ASP.NET SignalR
(Important)
Microsoft Visual Studio Team Foundation Server
Bulletin Identifier Bulletin 9
Aggregate Severity Rating Important
Microsoft Visual Studio Team Foundation Server 2013 Microsoft Visual Studio Team Foundation Server 2013
(Important)

About Advanced Network Consulting:

Does the thought of upgrading your company’s technology seem daunting?  Not sure where to start?  Advanced Network Consulting can help.  Our Microsoft and Cisco Certified technicians have many years of hands-on experience assisting real estate, escrow and mortgage offices, trucking companies, manufacturers, law firms, dental offices, nonprofits, and many other types of businesses. We have accomplished everything from cabling a newly built in office and integrating all its new technology, to doing complex server upgrades and migrations for multiple locations.  Our technicians provide professional, expert design and direction customized for your business’ want and goals.  For new and prospective clients, we offer a complimentary onsite technology meeting.  To schedule an appointment, simply call 562.903.3992.  We look forward to added prosperity of your business.