Patch-Day: Microsoft schließt 24 Sicherheitslücken

Microsoft Patch Day, Windows Logo, Pflaster Bildquelle: PC Games
Wie an jedem zweiten Dienstag des Monats hat Microsoft heute seine Sicherheits-Updates veröffentlicht. Wie bereits am Donnerstag letzter Woche angekündigt, wurden nun insgesamt elf neue Sicherheitshinweise herausgegeben.
Wie üblich stehen die Updates über das Microsoft Download-Center sowie die automatische Aktualisierungsfunktion von Windows bereit. Die komfortabelste Möglichkeit stellen die von WinFuture bereit gestellten Update-Packs dar, diese werden in Kürze in aktualisierten Ausgaben zur Verfügung stehen.

Microsoft schließt mit den heute veröffentlichten Patches gleich 24 Sicherheitslücken, hat es aber bisher versäumt, die Angaben zu den elf neuen Sicherheitshinweisen in deutscher Sprache zu veröffentlichen. Vorläufig geben wir die Beschreibung der Updates deshalb hier in englischer Sprache wieder:

MS13-096 - Vulnerability in Microsoft Graphics Component
This security update resolves a publicly disclosed vulnerability in Microsoft Windows, Microsoft Office, and Microsoft Lync. The vulnerability could allow remote code execution if a user views content that contains specially crafted TIFF files.

Security Bulletin: MS13-096
Knowledge Base: KB2908005




MS13-097 - Cumulative Security Update for Internet Explorer
This security update resolves seven privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.

Security Bulletin: MS13-097
Knowledge Base: KB2898785




MS13-098 - Vulnerability in Windows Could Allow Remote Code Execution
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user or application runs or installs a specially crafted, signed portable executable (PE) file on an affected system.

Security Bulletin: MS13-098
Knowledge Base: KB2893294




MS13-099 - Vulnerability in Microsoft Scripting Runtime Object Library
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker convinces a user to visit a specially crafted website or a website that hosts specially crafted content.

Security Bulletin: MS13-099
Knowledge Base: KB2909158




MS13-100 - Vulnerabilities in Microsoft SharePoint Server
This security update resolves multiple privately reported vulnerabilities in Microsoft Office server software. These vulnerabilities could allow remote code execution if an authenticated attacker sends specially crafted page content to a SharePoint server.

Security Bulletin: MS13-100
Knowledge Base: KB2904244




MS13-101 - Vulnerabilities in Windows Kernel-Mode Drivers
This security update resolves five privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.

Security Bulletin: MS13-101
Knowledge Base: KB2880430




MS13-102 - Vulnerability in LRPC Client
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker spoofs an LRPC server and sends a specially crafted LPC port message to any LRPC client.

Security Bulletin: MS13-102
Knowledge Base: KB2898715




MS13-103 - Vulnerability in ASP.NET SignalR
This security update resolves a privately reported vulnerability in ASP.NET SignalR. The vulnerability could allow elevation of privilege if an attacker reflects specially crafted JavaScript back to the browser of a targeted user.

Security Bulletin: MS13-103
Knowledge Base: KB2905244




MS13-104 - Vulnerability in Microsoft Office
This security update resolves one privately reported vulnerability in Microsoft Office that could allow information disclosure if a user attempts to open an Office file hosted on a malicious website.

Security Bulletin: MS13-104
Knowledge Base: KB2909976




MS13-105 - Vulnerabilities in Microsoft Exchange Server
This security update resolves three publicly disclosed vulnerabilities and one privately reported vulnerability in Microsoft Exchange Server. The most severe of these vulnerabilities exist in the WebReady Document Viewing and Data Loss Prevention features of Microsoft Exchange Server.

Security Bulletin: MS13-105
Knowledge Base: KB2915705




MS13-106 - Vulnerability in a Microsoft Office Shared Component
This security update resolves one publicly disclosed vulnerability in a Microsoft Office shared component that is currently being exploited. The vulnerability could allow security feature bypass if a user views a specially crafted webpage in a web browser capable of instantiating COM components, such as Internet Explorer. In a web-browsing attack scenario, an attacker who successfully exploited this vulnerability could bypass the Address Space Layout Randomization (ASLR) security feature, which helps protect users from a broad class of vulnerabilities. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability that could take advantage of the ASLR bypass to run arbitrary code.

Security Bulletin: MS13-106
Knowledge Base: KB2905238


Patch-Day, Microsoft Patch Day, Windows Logo, Pflaster Patch-Day, Microsoft Patch Day, Windows Logo, Pflaster PC Games
Diese Nachricht empfehlen
Kommentieren0


Kommentar abgeben Netiquette beachten!

Jetzt als Amazon Blitzangebot

Ab 00:00 Uhr tax 2017 Professional (für Steuerjahr 2016)
tax 2017 Professional (für Steuerjahr 2016)
Original Amazon-Preis
29,99
Im Preisvergleich ab
28,99
Blitzangebot-Preis
22,99
Ersparnis zu Amazon 23% oder 7

Video-Empfehlungen

Tipp einsenden