[SECURITY-L] [US-CERT em ncas.us-cert.gov: TA13-317A: Microsoft Updates for Multiple Vulnerabilities]

CSIRT - UNICAMP security em unicamp.br
Seg Nov 18 11:48:32 -02 2013 

----- Forwarded message from US-CERT <US-CERT em ncas.us-cert.gov> -----

Date: Sat, 16 Nov 2013 06:05:23 -0600
From: US-CERT <US-CERT em ncas.us-cert.gov>
To: security em unicamp.br
Subject: TA13-317A: Microsoft Updates for Multiple Vulnerabilities

NCCIC / US-CERT

National Cyber Awareness System:

TA13-317A: Microsoft Updates for Multiple Vulnerabilities [ https://www.us-cert.gov/ncas/alerts/TA13-317A ] 11/13/2013 07:12 AM EST 
Original release date: November 13, 2013 | Last revised: November 16, 2013

Systems Affected

  * Windows Operating System and Components 
  * Microsoft Office 
  * Internet Explorer 

Overview

Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.

Description

The Microsoft Security Bulletin Summary for November 2013 [ http://technet.microsoft.com/en-us/security/bulletin/ms13-nov ] describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address these vulnerabilities. The November Security Bulletin includes a patch for the new “watering hole” campaign which utilizes a US-based website that specializes in domestic and international security policy.

Impact

These vulnerabilities could allow remote code execution, elevation of privilege, information disclosure or denial of service.

Solution

*Apply Updates*

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for November 2013 [ http://technet.microsoft.com/en-us/security/bulletin/ms13-nov ], which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services [ http://www.us-cert.gov/redirect?url=http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Fwsus%2Fdefault.aspx ] (WSUS). Home users are encouraged to enable automatic updates [ http://www.us-cert.gov/redirect?url=http%3A%2F%2Fwindows.microsoft.com%2Fen-us%2Fwindows-vista%2FTurn-automatic-updating-on-or-off ].

References

  * Microsoft Security Bulletin Summary for November 2013 [ http://technet.microsoft.com/en-us/security/bulletin/ms13-nov ] 
  * Microsoft Windows Server Update Services [ http://technet.microsoft.com/en-us/windowsserver/bb332157.aspx ] 
  * Turn Automatic Updating On or Off [ http://windows.microsoft.com/en-us/windows/turn-automatic-updating-on-off#turn-automatic-updating-on-off=windows-vista ] 

Revision History

  * November 13, 2013: Initial Release 
________________________________________________________________________

This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy & Use [ http://www.us-cert.gov/privacy/ ] policy.

________________________________________________________________________

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ http://www.us-cert.gov/related-resources ] 

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ] 

SUBSCRIBER SERVICES:
Manage Preferences [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscribers/new?preferences=true ]  |  Unsubscribe [ https://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/one_click_unsubscribe?verification=5.6a6fc2cec2b9952ff27f6db27530aead&destination=security@unicamp.br ]  |  Help [ https://subscriberhelp.govdelivery.com/ ]

________________________________________________________________________

This email was sent to security em unicamp.br using GovDelivery, on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (703) 235-5110 Powered by GovDelivery [ http://www.govdelivery.com/portals/powered-by ]

----- End forwarded message -----

Mais detalhes sobre a lista de discussão SECURITY-L