ID: IRCNE2013122041
Date: 2013-12-11
According to "zdnet", Microsoft released 11 security bulletins fixing 24 vulnerabilities in Windows, Windows Server, Exchange Server, Microsoft SharePoint Server, Office Web Apps, Lync, ASP.NET SignalR, and Visual Studio Team Foundation Server 2013. Five of the bulletins address at least one vulnerability rated Critical. Another recently-reported zero-day was not fixed.
Microsoft says that four of the bulletins (MS13-096, MS13-098, MS13-104 and MS13-106) contain a vulnerability which is being exploited in the wild.
- MS13-096: Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (2908005).
- MS13-097: Cumulative Security Update for Internet Explorer (2898785) — Seven vulnerabilities, five of them rated critical, are fixed in the latest cumulative update.
- MS13-098: Vulnerability in Windows Could Allow Remote Code Execution (2893294).
- MS13-099: Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution (2909158).
- MS13-100: Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2904244).
- MS13-101: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2880430).
- MS13-102: Vulnerability in LRPC Client Could Allow Elevation of Privilege (2898715).
- MS13-103: Vulnerability in ASP.NET SignalR Could Allow Elevation of Privilege (2905244).
- MS13-104: Vulnerability in Microsoft Office Could Allow Information Disclosure (2909976).
- MS13-105: Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2915705).
- MS13-106: Vulnerability in a Microsoft Office Shared Component Could Allow Security Feature Bypass (2905238).
Related Links:
Microsoft likely to patch zero-day next week
- 2