Microsoft optimize

It's Microsoft Patch Tuesday: July 2013

Deb Shinder gathers the information you need to make the right deploy decision when applying Microsoft's July 2013 patches in your organization.

Is it really July already? An IT admin's mid-summer night's dream might be a month "off," with no patches to apply, but you know that's never going to happen. This Patch Tuesday is on the light side, though, with just seven security updates. However, in terms of severity, six of them are rated "critical," with the potential for exploits that could allow remote code execution. Several of these updates address vulnerabilities related to the handling of True Type Font (TTF) files.

A bit of good news is that there are significantly fewer non-security updates released today than usual: just six of those (including the regular MSRT update).

Next month, if all goes as planned, I'll be somewhere in the Atlantic Ocean on Patch Tuesday, and I may or may not have a reliable Internet connection. Guest contributor Susan Bradley has volunteered to fill in for me here and do the August Patch Tuesday article. She is a long time fellow MVP and patch management guru, so you'll be in good hands. See you in September!

This blog post is also available in the PDF format in a TechRepublic Download. Falling behind on your patch deployments, catch up with previously published Microsoft Patch Tuesday blog posts.

Security Patches

This month's updates affect various versions of Windows, Office, Visual Studio, Lync, Internet Explorer, and Windows Defender, as well as the .NET Framework and Silverlight. All but one may require a restart of the computer after installation.

MS13-052/KB2861561 - Vulnerabilities in .NET Framework and Silverlight

(Windows XP, Vista, Windows 7, Windows 8, Windows RT, Server 2003, 2008, 2008 R2 and 2012, including Server Core installations; Microsoft Silverlight 5 and Silverlight 5 Developer Runtime when installed on Windows clients, Windows servers and Mac systems). This update addresses seven vulnerabilities in the .NET Framework and Silverlight on all supported versions of Windows, which could allow remote code execution if a trusted application uses a particular code pattern. It is rated critical for later versions of .NET Framework and important for some earlier versions. A restart may be required after installation.

MS13-053/KB2850851 - Vulnerabilities in Windows Kernel-Mode Drivers

(Windows XP, Vista, Windows 7, Windows 8, Windows RT, Windows Server 2003, 2008, 2008 R2 and 2012, including Server Core installations). This update is rated critical and affects all supported versions and editions of Microsoft Windows. It addresses eight vulnerabilities, based on the way Windows handles True Type Font (TTF) files and objects in memory. An exploit could result in remote code execution if a user views shared content with embedded TTF files. A restart may be required after installation.

MS13-054/KB2848295 - Vulnerability in GDI+

(Windows XP, Vista, Windows 7, Windows 8, Windows RT, Windows Server 2003, 2008, 2008 R2 and 2012, including Server Core installations; Microsoft Office 2003, 2007 and 2010, Visual Studio .NET 2003 and Lync 2010 and 2013). This update addresses one vulnerability in Windows, Office, Visual Studio, and Lync, which could allow remote code execution if a user views shared content that embeds True Type Font (TTF) files. It's rated critical for Windows and Lync, and important for Office and Visual Studio. It does not affect Office 2013/2013 RT, nor Visual Studio versions 2005 and later. It also does not affect Communicator, Live Communications Server, Speech Server, Live Meeting Console, Lync 2010, Lync Web Access, or Lync for Mac 2011. A restart may be required after installation.

MS13-055/KB2846071 - Cumulative Security Update for Internet Explorer

(Internet Explorer 6, 7, 8, 9 and 10 running on all supported versions and editions of Microsoft Windows). This update addresses seventeen vulnerabilities that impact all supported versions of IE, the most severe of which could allow remote code execution upon viewing of a specially crafted web page in IE. It needs to be applied on all machines except those running Server Core installations. Rating is critical for Windows clients and moderate for Windows servers. A restart is required after installation.

MS13-056/KB2845187 - Vulnerability in Microsoft DirectShow

(Windows XP, Vista, Windows 7, Windows 8, Windows Server 2003, 2008, 2008 R2 SP1 and 2012). This update addresses one vulnerability in the way the DirectShow component opens GIF files, which could allow remote code execution if a specially crafted GIF image file is opened. This vulnerability does not affect Windows RT, Windows Server 2008, and 2008 R2 for Itanium-based systems, or Server Core installations. A restart may be required after installation.

MS13-057/KB2847883 - Vulnerability in Windows Media Format Runtime

(Windows XP, Vista, Windows 7, Windows 8, Windows RT, Windows Server 2003, 2008, 2008 R2 SP1 and 2012). This update addresses one vulnerability in the way Windows Media Player opens certain media files, which could allow remote code execution if a specially crafted media file is opened. This vulnerability does not affect Windows Server 2008 and 2008 R2 for Itanium-based systems, or Server Core installations. A restart may be required after installation.

MS13-058/KB2847927 - Vulnerabilities in Windows Defender

(Windows 7 and Windows Server 2008 R2). This update addresses one vulnerability in Windows Defender running on Windows 7 or Windows Server 2008 R2 and the way it uses pathnames, which could allow elevation of privilege by which an attacker could take control of the system. However, the attacker must obtain valid logon credentials in order to exploit the vulnerability, thus it's rated important. No restart is required.

Other Updates/Releases

July brings us far fewer non-security updates than last month, which should come as a bit of a relief.

KB2607607 - Language packs for Windows 8 and Windows RT. New language packs are available for Windows 8/RT for the following languages: Turkmen, Maori, Kannada, Norwegian, Konkani, Irish, Maltese, Urdu, Tatar, Assamese, Bangla.

KB2829104 - Teluga characters not displayed correctly in Nirmala UI font. (Windows 7 and Windows Server 2008 R2). This update addresses a problem of incorrect character display in Word 2013 on a computer running Windows 7 or Server 2008 R2.

KB2836945 - Update for .NET Framework 2.0 SP2. (Windows Server 2008 SP2). This update resolves two issues with ASP.NET based web pages.

KB2855336 - Update Rollup. (Windows 8, Windows RT and Server 2012). This update addresses an issue that can result in SD cards no longer being detected if the system transitions between different power states, along with nineteen other issues affecting these operating systems.

KB2859541 - Update to support new camera models. (Windows 8, Windows RT). This update adds codecs to provide support for seventeen new models of cameras from Canon, Epson, Nikon, Olympus, Panasonic, Pentax and Sony.

KB890830 - Windows Malicious Software Removal Tool - July 2013 (Windows XP, Vista, Windows 7, Windows 8, Windows Server 2003, 2008, 2008 R2, and 2012). This is the regular monthly updated version of the Malicious Software Removal Tool (MSRT).

Updates since the last Patch Tuesday

There was only one out-of-band update released since the last Patch Tuesday, which came out on June 25, and that was an update to the MSRT, which is now superseded by the July edition of the tool.

About

Debra Littlejohn Shinder, MCSE, MVP is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. Deb is a tech editor, developmental editor, and contributor to over 20 add...

7 comments
RNR1995
RNR1995

Since then I have seen 2 more failures configuring the updates at 45% one XP box froze at 10 of 15, one 7x64 froze at the 45% Rebooting let the updates install fine, but there seemed to be one missing from the list, all of my clients that use automatic updates installed fine Did not track down which update caused the hiccup, and probable would not of even noted this except is was my personal PC

RNR1995
RNR1995

Had 2 failures at 45% on well-kept machines

northernvirginia55
northernvirginia55

Hi all. I am a new member to Tech Republic. Quick question, my computer (HP Mini Netbook, Windows 7, 32-bit) was downloading the patches and after done, I restarted it (as asked, of course). I then check Windows update again and behold, it is asking me to download and update "Windows Malicious Software Removal Tool - KB890830" again (which I did the first time already before the restart). So now I have it in the history as having WMSRT downloaded and updated TWICE. Is that normal? Why would there be 2 updates ---> one after the other after the first bunch of patches were downloaded and the computer was restarted? I've never seen that before. Please advise. Thanks, Eve

Mark W. Kaelin
Mark W. Kaelin moderator

Are the Microsoft patches giving you trouble this month? Maybe your peers can help - describe the problems you are having.

Gisabun
Gisabun

That's nice. Usually a good idea to tell "us" which patches failed so we can either lookout for the problem or maybe know why they failed. And of course what OS.

jshenk
jshenk

I've had KB2847927 fail - looked for malware signs and don't see any. There is another discussion about that on the MS Community site. It also seems that ever since trying, my Security Essentials is shut off and won't update, turn on or allow me to remove it. My firewall also is shut off and won't allow me to remove it. I assumed that I had some kind of malware....ran a scan and didn't find anything - of course, that's not a guarantee that something isn't on my system but I don't have any other indicators either.