-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2013-0094 Title: Microsoft Advance Security Updates Version history: 06.12.2013 Initial publication Microsoft has published an advanced for a number of new security updates which will be released on December 13, 2013. This advisory is intended to help you plan for the deployment of these security updates more effectively. Please note that the list of affected software shown below is an abstract. The full list of affected components can be found at http://technet.microsoft.com/en-us/security/bulletin/ms13-dec. Microsoft's security content posted to the web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft's web-based security content, the information in Microsoft's web-based security content is authoritative. ================================== NEW BULLETIN SUMMARY ================================== Bulletin 1 Maximum Severity Rating: Critical Vulnerability Impact: Remote Code Execution Restart Requirement: Requires restart Affected Software: - Windows Vista Service Pack 2 - Windows Vista x64 Edition Service Pack 2 - Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Server 2008 Server Core installation affected) - Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation affected) - Windows Server 2008 for Itanium-based Systems Service Pack 2 - Microsoft Office 2003 Service Pack 3 - Microsoft Office 2007 Service Pack 3 - Microsoft Office 2010 Service Pack 1 (32-bit editions) - Microsoft Office 2010 Service Pack 1 (64-bit editions) - Microsoft Office 2010 Service Pack 2 (32-bit editions) - Microsoft Office 2010 Service Pack 2 (64-bit editions) - Microsoft Lync 2010 (32-bit) - Microsoft Lync 2010 (64-bit) - Microsoft Lync 2010 Attendee (user level install) - Microsoft Lync 2010 Attendee (admin level install) - Microsoft Lync 2013 (32-bit) - Microsoft Lync Basic 2013 (32-bit) - Microsoft Lync 2013 (64-bit) - Microsoft Lync Basic 2013 (64-bit) - ------------------- Bulletin 2 Maximum Severity Rating: Critical Vulnerability Impact: Remote Code Execution Restart Requirement: Requires restart Affected Software: - Windows XP Service Pack 3: - Internet Explorer 6 - Internet Explorer 7 - Internet Explorer 8 - Windows XP Professional x64 Edition Service Pack 2: - Internet Explorer 6 - Internet Explorer 7 - Internet Explorer 8 - Windows Server 2003 Service Pack 2: - Internet Explorer 6 - Internet Explorer 7 - Internet Explorer 8 - Windows Server 2003 x64 Edition Service Pack 2: - Internet Explorer 6 - Internet Explorer 7 - Internet Explorer 8 - Windows Server 2003 with SP2 for Itanium-based Systems: - Internet Explorer 6 - Internet Explorer 7 - Windows Vista Service Pack 2: - Internet Explorer 7 - Internet Explorer 8 - Internet Explorer 9 - Windows Vista x64 Edition Service Pack 2: - Internet Explorer 7 - Internet Explorer 8 - Internet Explorer 9 - Windows Server 2008 for 32-bit Systems Service Pack 2: - Internet Explorer 7 - Internet Explorer 8 - Internet Explorer 9 (Windows Server 2008 Server Core installation not affected) - Windows Server 2008 for x64-based Systems Service Pack 2: - Internet Explorer 7 - Internet Explorer 8 - Internet Explorer 9 (Windows Server 2008 Server Core installation not affected) - Windows Server 2008 for Itanium-based Systems Service Pack 2: - Internet Explorer 7 - Windows 7 for 32-bit Systems Service Pack 1: - Internet Explorer 8 - Internet Explorer 9 - Internet Explorer 10 - Internet Explorer 11 - Windows 7 for x64-based Systems Service Pack 1: - Internet Explorer 8 - Internet Explorer 9 - Internet Explorer 10 - Internet Explorer 11 - Windows Server 2008 R2 for x64-based Systems Service Pack 1: - Internet Explorer 8 - Internet Explorer 9 - Internet Explorer 10 - Internet Explorer 11 (Windows Server 2008 R2 Server Core installation not affected) - Windows Server 2008 R2 for Itanium-based Systems Service Pack 1: - Internet Explorer 8 - Windows 8 for 32-bit Systems: - Internet Explorer 10 - Windows 8 for x64-based Systems: - Internet Explorer 10 - Windows Server 2012: - Internet Explorer 10 (Windows Server 2012 Server Core installation not affected) - Windows RT: - Internet Explorer 10 - Windows 8.1 for 32-bit Systems: - Internet Explorer 11 - Windows 8.1 for x64-based Systems: - Internet Explorer 11 - Windows Server 2012 R2: - Internet Explorer 11 (Windows Server 2012 R2 Server Core installation not affected) - Windows RT 8.1: - Internet Explorer 11 - ------------------- Bulletin 3 Maximum Severity Rating: Critical Vulnerability Impact: Remote Code Execution Restart Requirement: Require restart Affected Software: - Windows XP Service Pack 3 - Windows XP Professional x64 Edition Service Pack 2 - Windows Server 2003 Service Pack 2 - Windows Server 2003 x64 Edition Service Pack 2 - Windows Server 2003 with SP2 for Itanium-based Systems - Windows Vista Service Pack 2 - Windows Vista x64 Edition Service Pack 2 - Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Server 2008 Server Core installation affected) - Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation affected) - Windows Server 2008 for Itanium-based Systems Service Pack 2 - Windows 7 for 32-bit Systems Service Pack 1 - Windows 7 for x64-based Systems Service Pack 1 - Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Windows Server 2008 R2 Server Core installation affected) - Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 - Windows 8 for 32-bit Systems - Windows 8 for x64-based Systems - Windows 8.1 for 32-bit Systems - Windows 8.1 for x64-based Systems - Windows Server 2012 (Windows Server 2012 Server Core installation affected) - Windows Server 2012 R2 (Windows Server 2012 R2 Server Core installation affected) - Windows RT - Windows RT 8.1 - ------------------- Bulletin 4 Maximum Severity Rating: Critical Vulnerability Impact: Remote Code Execution Restart Requirement: May require restart Affected Software: - Windows XP Service Pack 3 - Windows XP Professional x64 Edition Service Pack 2 - Windows Server 2003 Service Pack 2 - Windows Server 2003 x64 Edition Service Pack 2 - Windows Server 2003 with SP2 for Itanium-based Systems - Windows Vista Service Pack 2 - Windows Vista x64 Edition Service Pack 2 - Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Server 2008 Server Core installation affected) - Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation affected) - Windows Server 2008 for Itanium-based Systems Service Pack 2 - Windows 7 for 32-bit Systems Service Pack 1 - Windows 7 for x64-based Systems Service Pack 1 - Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Windows Server 2008 R2 Server Core installation affected) - Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 - Windows 8 for 32-bit Systems - Windows 8 for x64-based Systems - Windows 8.1 for 32-bit Systems - Windows 8.1 for x64-based Systems - Windows Server 2012 (Windows Server 2012 Server Core installation affected) - Windows Server 2012 R2 (Windows Server 2012 R2 Server Core installation affected) - Windows RT - Windows RT 8.1 - ------------------- Bulletin 5 Maximum Severity Rating: Critical Vulnerability Impact: Remote Code Execution Restart Requirement: Does not require restart Affected Software: - Microsoft Exchange Server 2007 Service Pack 3 - Microsoft Exchange Server 2010 Service Pack 2 - Microsoft Exchange Server 2010 Service Pack 3 - Microsoft Exchange Server 2013 Cumulative Update 2 - Microsoft Exchange Server 2013 Cumulative Update 3 - ------------------- Bulletin 6 Maximum Severity Rating: Important Vulnerability Impact:Remote Code Execution Restart Requirement: May require restart Affected Software: - Microsoft Business Productivity Servers on Microsoft SharePoint Server 2010 Service Pack 1 - Microsoft Business Productivity Servers on Microsoft SharePoint Server 2010 Service Pack 2 - Microsoft SharePoint Server 2013 - Microsoft Business Productivity Servers on Microsoft SharePoint Server 2013 - Excel Services on Microsoft SharePoint Server 2013 - Microsoft Office Web Apps Server 2013 - ------------------- Bulletin 7 Maximum Severity Rating: Important Vulnerability Impact: Elevation of Privileges Restart Requirement: Requires restart Affected Software: - Windows XP Service Pack 3 - Windows XP Professional x64 Edition Service Pack 2 - Windows Server 2003 Service Pack 2 - Windows Server 2003 x64 Edition Service Pack 2 - Windows Server 2003 with SP2 for Itanium-based Systems - Windows Vista Service Pack 2 - Windows Vista x64 Edition Service Pack 2 - Windows Server 2008 for 32-bit Systems Service Pack 2 (Windows Server 2008 Server Core installation affected) - Windows Server 2008 for x64-based Systems Service Pack 2 (Windows Server 2008 Server Core installation affected) - Windows Server 2008 for Itanium-based Systems Service Pack 2 - Windows 7 for 32-bit Systems Service Pack 1 - Windows 7 for x64-based Systems Service Pack 1 - Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Windows Server 2008 R2 Server Core installation affected) - Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 - Windows 8 for 32-bit Systems - Windows 8 for x64-based Systems - Windows 8.1 for 32-bit Systems - Windows 8.1 for x64-based Systems - Windows Server 2012 (Windows Server 2012 Server Core installation affected) - Windows Server 2012 R2 (Windows Server 2012 R2 Server Core installation affected) - Windows RT - Windows RT 8.1 - ------------------- Bulletin 8 Maximum Severity Rating: Important Vulnerability Impact: Elevation of Privileges Restart Requirement: Requires restart Affected Software: - Windows XP Service Pack 3 - Windows XP Professional x64 Edition Service Pack 2 - Windows Server 2003 Service Pack 2 - Windows Server 2003 x64 Edition Service Pack 2 - Windows Server 2003 with SP2 for Itanium-based Systems - ------------------- Bulletin 9 Maximum Severity Rating: Important Vulnerability Impact: Elevation of Privileges Restart Requirement: Does not Require restart Affected Software: - ASP.NET SignalR - Microsoft Visual Studio Team Foundation Server 2013 - ------------------- Bulletin 10 Maximum Severity Rating: Important Vulnerability Impact: Information Disclosure Restart Requirement: May require restart Affected Software: - Microsoft Office 2013 (32-bit editions) - Microsoft Office 2013 (64-bit editions) - Microsoft Office 2013 RT - ------------------- Bulletin 11 Maximum Severity Rating: Important Vulnerability Impact: Security Feature Bypass Restart Requirement: May require restart Affected Software: - Microsoft Office 2007 Service Pack 3 - Microsoft Office 2010 Service Pack 1 (32-bit editions) - Microsoft Office 2010 Service Pack 1 (64-bit editions) - Microsoft Office 2010 Service Pack 2 (32-bit editions) - Microsoft Office 2010 Service Pack 2 (64-bit editions) - ------------------- Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJSodTDAAoJEPpzpNLI8SVopr0P/189PzeyCoUh0rNzop/A9e9M jpcmwbT4pEeAtamRaMtYWftZywz6b+287Re+LXNFNZVkBf/LJNFAxVjlTcAqaQfe SDIKwhqDGZdv/jmRI4wUiW72NBU2xLpu+7wmSGrLnURuqvlBN4VBTmfxynSVSpHZ s29zpJqaR0jwYtjd+h67/txwgaAOXiLByce3idqoCK+pEwJieDZMs5KAxikSGUzj j3iO8n4WBb6xyIbCaQcYBGAAWbb9Hx/rb/ypP4rL9BJj2/4cWEU4hf+ZxeIGGobh 9U81iaPyjnyioixw2OnwzdLzIUFk2JkXBpXAUoHSmjoppN2J94Qi6GPgGswbl/nH 1qQdvrmgKClf6+22TTw53ZJGfb1iPIFzZLVwrbxLdywoAmCGHRhbTU7CernDc+sZ KuEwprjfJlZUhp2hBY6DL0I4txkA1vVnaPIedlV5cW6Ni1nSQDpMASe6PKi+iOXe bryE3JHKVf9HBCnHRV6o50tl7EEE3L6hjq66Bc0AYBlV1Pkp7uRvVevc0M4SoksS 2tEd8waGzsuN7cEDGkb1yiAZggRLhzBkOjn01LRsJvPxSdseU19ilGgiEknVGOt7 nw1eSAioKrZrF6twzqzf6DFOis/LDy03YfLcZQ8Q0YP1VQW4x63/ig3B51YRzS06 8wjIzN2wlqbzLg7Ahtbz =kRGE -----END PGP SIGNATURE-----