-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2013-0066 Title: Microsoft Security Updates - Advance Notification Version history: 09.08.2013 Initial publication Microsoft has published a number of new security updates which are planned for release on August 13, 2013. This advisory is intended to help you plan for the deployment of these security updates more effectively. Please note that the list of affected software shown below is an abstract. The August 2013 Advance Notification Summary page is now live at http://technet.microsoft.com/security/bulletin/ms13-aug. Microsoft's security content posted to the web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft's web-based security content, the information in Microsoft's web-based security content is authoritative. ================================== NEW BULLETIN SUMMARY ================================== Bulletin ID: Bulletin 1 Maximum Severity Rating: Critical Vulnerability Impact: Remote Code Execution Restart Requirement: Requires restart Affected Software: Microsoft Windows, Internet Explorer: - Windows XP Service Pack 3 - Internet Explorer 6 - Internet Explorer 7 - Internet Explorer 8 - Windows XP Professional x64 Edition Service Pack 2 - Internet Explorer 6 - Internet Explorer 7 - Internet Explorer 8 - Windows Server 2003 Service Pack 2 - Internet Explorer 6 - Internet Explorer 7 - Internet Explorer 8 - Windows Server 2003 x64 Edition Service Pack 2 - Internet Explorer 6 - Internet Explorer 7 - Internet Explorer 8 - Windows Server 2003 with SP2 for Itanium-based Systems - Internet Explorer 6 - Internet Explorer 7 - Windows Vista Service Pack 2: - Internet Explorer 7 - Internet Explorer 8 - Internet Explorer 9 - Windows Vista x64 Edition Service Pack 2: - Internet Explorer 7 - Internet Explorer 8 - Internet Explorer 9 - Windows Server 2008 for 32-bit Systems Service Pack 2: - Internet Explorer 7 - Internet Explorer 8 - Internet Explorer 9 (Windows Server 2008 Server Core installation not affected) - Windows Server 2008 for x64-based Systems Service Pack 2: - Internet Explorer 7 - Internet Explorer 8 - Internet Explorer 9 (Windows Server 2008 Server Core installation not affected) - Windows Server 2008 for Itanium-based Systems Service Pack 2 - Internet Explorer 7 - Windows 7 for 32-bit Systems Service Pack 1: - Internet Explorer 8 - Internet Explorer 9 - Internet Explorer 10 - Windows 7 for x64-based Systems Service Pack 1: - Internet Explorer 8 - Internet Explorer 9 - Internet Explorer 10 - Windows Server 2008 R2 for x64-based Systems Service Pack 1: - Internet Explorer 8 - Internet Explorer 9 - Internet Explorer 10 (Windows Server 2008 R2 Server Core installation not affected) Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 - Internet Explorer 8 - Windows 8 for 32-bit Systems - Internet Explorer 10 - Windows 8 for 64-bit Systems - Internet Explorer 10 - Windows Server 2012 - Internet Explorer 10 (Windows Server 2012 Server Core installation not affected) - Windows RT - Internet Explorer 10 - ---------------------------- Bulletin ID: Bulletin 2 Maximum Severity Rating: Critical Vulnerability Impact: Remote Code Execution Restart Requirement: May require restart Affected Software: Microsoft Windows: - Windows XP Service Pack 3 - Windows XP Professional x64 Edition Service Pack 2 - Windows Server 2003 Service Pack 2 - Windows Server 2003 x64 Edition Service Pack 2 - Windows Server 2003 with SP2 for Itanium-based Systems - ---------------------------- Bulletin ID: Bulletin 3 Maximum Severity Rating: Critical Vulnerability Impact: Remote Code Execution Restart Requirement: May require restart Affected Software: Microsoft Server Software: - Microsoft Exchange Server 2007 Service Pack 3 - Microsoft Exchange Server 2010 Service Pack 2 - Microsoft Exchange Server 2010 Service Pack 3 - Microsoft Exchange Server 2013 Cumulative Update 1 - Microsoft Exchange Server 2013 Cumulative Update 2 - ---------------------------- Bulletin ID: Bulletin 4 Maximum Severity Rating: Important Vulnerability Impact: Elevation of Privilege Restart Requirement: Require restart Affected Software: Microsoft Windows: - Windows XP Service Pack 3 - Windows XP Professional x64 Edition Service Pack 2 - Windows Server 2003 Service Pack 2 - Windows Server 2003 x64 Edition Service Pack 2 - Windows Server 2003 with SP2 for Itanium-based Systems - Windows Vista Service Pack 2 - Windows Vista x64 Edition Service Pack 2 - Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Server 2008 Server Core installation affected) - Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation affected) - Windows Server 2008 for Itanium-based Systems Service Pack 2 - Windows 7 for 32-bit Systems Service Pack 1 - Windows 7 for x64-based Systems Service Pack 1 - Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Windows Server 2008 R2 Server Core installation affected) - Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 - Windows 8 for 32-bit Systems - Windows 8 for 64-bit Systems - Windows Server 2012 (Windows Server 2012 Server Core installation affected) - Windows RT - ---------------------------- Bulletin ID: Bulletin 5 Maximum Severity Rating: Important Vulnerability Impact: Elevation of Privilega Restart Requirement: Require restart Affected Software: Microsoft Windows: - Windows XP Service Pack 3 - Windows Server 2003 Service Pack 2 - Windows Vista Service Pack 2 - Windows Vista x64 Edition Service Pack 2 - Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Server 2008 Server Core installation affected) - Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation affected) - Windows Server 2008 for Itanium-based Systems Service Pack 2 - Windows 7 for 32-bit Systems Service Pack 1 - Windows 7 for x64-based Systems Service Pack 1 - Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Windows Server 2008 R2 Server Core installation affected) - Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 - Windows 8 for 32-bit Systems - ---------------------------- Bulletin ID: Bulletin 6 Maximum Severity Rating: Important Vulnerability Impact: Denial of service Restart Requirement: Require restart Affected Software: Microsoft Windows: - Windows Server 2012 (Windows Server 2012 Server Core installation not affected) - ---------------------------- Bulletin ID: Bulletin 7 Maximum Severity Rating: Important Vulnerability Impact: Denial of service Restart Requirement: Requires restart Affected Software: Microsoft Windows: - Windows Vista Service Pack 2 - Windows Vista x64 Edition Service Pack 2 - Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Server 2008 Server Core installation affected) - Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation affected) - Windows Server 2008 for Itanium-based Systems Service Pack 2 - Windows 7 for 32-bit Systems Service Pack 1 - Windows 7 for x64-based Systems Service Pack 1 - Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Windows Server 2008 R2 Server Core installation affected) - Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 - Windows 8 for 32-bit Systems - Windows 8 for 64-bit Systems - Windows Server 2012 (Windows Server 2012 Server Core installation affected) - Windows RT - ---------------------------- Bulletin ID: Bulletin 8 Maximum Severity Rating: Important Vulnerability Impact: Information disclosure Restart Requirement: May require restart Affected Software: Microsoft Windows: - Windows Server 2003 R2 Service Pack 2 - Windows Server 2003 R2 x64 Edition Service Pack 2 - Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Server 2008 Server Core installation not affected) - Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation not affected) - Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Windows Server 2008 R2 Server Core installation not affected) - Windows Server 2012 (Windows Server 2012 Server Core installation not affected) Although changes are not anticipated, the number of bulletins, products affected, restart information, and severities are subject to change until released. Best regards, CERT-EU Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJSBMWmAAoJEPpzpNLI8SVodKoP/i3Oh36BexvZvGLvEtOqbxCm NFKd4Ki5z6u3v21UKgFIJsNTDaTcJcCsU91ShtAEkz4wrjUxEEKjdWAlsSGMSn01 k/c/glpuRULC9icDGg9sFpoi30iOGywzKv8Bzay63DW8ljjlj01dC30FAAgv/3ES JyqZDxW87rDG/HjnF4mIe/YsIQsDSop3ses1wsgtUCuRgHc54fe3+mVYWlhwF3+D WvfB8O/dJjkL0yAaKznvujq6PaxjQSteJJekAqjRo3XvEsOrhu2ylq9Umgg4Xt09 1/5CD0V2P+nHRsAT/oo+vyX0uBpoJcB/u1eye6VYbL5lAW5EYxJb/fp4U1H9A8Fr RGL/1LmCgh4QuKBkZ+ReqImdpMaZ0iPoxDcBq5VH4gol+FcUCpuhwPsvrahHljfG 8W51MciyxEG6EU/AI6aDubeWzDHdKCdhO08iGEcp+wXxov7fXTKXro3CQZwpe2Hj ho37SomyOx13qnJxb54NIbseNSHc8Airflnic42D1cSdQD6AbsX5n5k3r/1nAB2z 2jr9lntyRNvquSCoWuO5CI3LDidg/+T7L216+I2EOSSAQW2Jc0FAWVNP5bJtA7V2 uQrGcW6/3zY1Lv8qn1q10uoowFz0tyeV8kVWV15tM40+rtyzBtaCA/v63w6hWFu5 +Z7ePYSPTDttyFt8//DM =NZ8t -----END PGP SIGNATURE-----