Microsoft patches 19 flaws, including IE zero day

Microsoft patches 19 flaws, including IE zero day

Summary: All supported versions of Windows, Internet Explorer and Office are affected by various vulnerabilities, one of which is being exploited in the wild. Numerous non-security updates were also released.

SHARE:

Today Microsoft issued 8 updates fixing vulnerabilities in Microsoft Windows, Internet Explorer and Office. Among them is on that has recently been reported as exploited in the wild.

windows-update

The bulletins describing the updates:

As usual, there is a new version of the Windows Malicious Software Removal Tool. This version adds removal support for two new families of malware, W32/Napolar and Win32/Deminnix. There is also anUpdate for Root Certificates for Windows 8.1, Windows 8, Windows 7, Windows Vista, and Windows XP (KB931125).

Microsoft also released a large number of non-security updates:

  • Update for Windows 7 and Windows Server 2008 R2 (KB2830477)—Install this update to resolve issues in Windows.
  • Language Packs for Windows 8.1 and Windows RT 8.1 (KB2839636)—Malayalam, Luxembourgish, Central Kurdish, etc.
  • Update for Windows 8, Windows RT, and Windows Server 2012 (KB2882780)—
  • Update for Windows Small Business Server 2011 Essentials (KB2885313)—Install this update to resolve issues in Windows.
  • Update for Windows Home Server 2011 (KB2885314)—Install this update to resolve issues in Windows.
  • Update for Windows Storage Server 2008 R2 Essentials (KB2885315)—Install this update to resolve issues in Windows.
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2887595)—Install this update to resolve issues in Windows.
  • Update for Windows 8, Windows RT, and Windows Server 2012 (KB2889784)—Install this update to resolve issues in Windows.
  • Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2890140)—Install this update to resolve a set of known application compatibility issues with Windows.
  • Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2890141)—Install this update to resolve a set of known application compatibility issues with Windows.
  • Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2890142)—Install this update to resolve issues in Windows.
  • Update for Windows 8, Windows RT, Windows Server 2012, Windows 7, and Windows Server 2008 R2 (KB2893519)—Install this update to resolve issues in Windows.
  • Dynamic Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB2897942)—Install this update to resolve a set of known application compatibility issues with Windows.
  • Dynamic Update for Windows Server 2012 R2 (KB2902816)—Install this update to resolve issues in Windows.
  • Update for Windows RT 8.1 (KB2903601)—Install this update to resolve issues in Windows.
  • Update for Windows 8.1 (KB2904594)—Install this update to resolve issues in Windows.
  • Update for Windows RT 8.1 (KB2905029)—Install this update to resolve issues in Windows.

Topics: Security, Microsoft, Windows, Windows Server

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

40 comments
Log in or register to join the discussion
  • Here we go folks

    Re-boot time
    Alan Smithie
    • Well, TWO reboot time for me!

      Seems the recent updates have been taking a looooong time to install. Even on my fairly speedy 64bit Windows 7 system, total time for download/reboot (TWO mandatory reboots) was about 50 minutes. Wish the folks at MS could figure out a way to shorten that. (And please don't tell me that I could let it run overnight - I want my system ready as soon as I arrive at my desk, and don't want to wait for the typically slow startup after logon to run; and I like to be able to advise others on speed of update installation.)
      randysmith@...
      • 25 minutes to reboot your system?

        Seriously?
        ye
      • Yep

        The second reboot is for IE 11, which bizarrely only installs after it has patched IE10. Sort out your update mechanism MS, it's becoming embarrassing.
        Alan Smithie
        • I always find it amusing

          The people who have the most trouble with Windows just happen to be the people wjho dislike Windows.

          Shocked might be a better term. >_>
          Michael Alan Goff
  • Orville Redenbacher time...

    ..big bowl full o' corn - check...
    ..ZDnet Patch Tuesday article - check...

    Gentlemen, start your flame throwers!
    daftkey
    • And don't forget....

      The custard pies.
      Alan Smithie
  • Microsoft patches 19 flaws, including IE zero day

    Right on schedule and I don't have to do anything. Luckily for me I turned on automatic updates on those Microsoft Windows computers so the users need not worry about having to install them. Everything is done for them and they won't even know they had updates.
    Loverock.Davidson
    • ..until the updates break something...

      ..like the last ones did... and the ones before that...
      daftkey
      • Exceptions don't disprove the rule.

        Reality is that over the 10 years Patch Tuesday has existed there have been very few problem patches.
        ye
    • Same here

      I just don't concern myself with them. I don't have problems with them, maybe I am the minority in that. But they seem to just install and go on. Of course your going to have some who will always have issues. Name me one OS that has zero flaws! If only that were true we would all be using it.
      JohnnyES-25227553276394558534412264934521
    • "they won't even know they had updates."

      Nonsense. There's a fairly big clue when their computer re-boots!
      1,2,3
    • Patch Tuesday's Party

      Great to have all-you-can-eat internet; the rest of us have to wait until our ISP's "Free Period" to d/l & install all this _______...
      Crashin Chris
    • and they won't even know they had updates

      unless the update crashes or reboots the computer when the user is busy with other work. I just had that happen, apparently with an automatic update to Adobe Reader. I have turned off auto-update for that program, but it could happen with Windows or any other software.
      IanRoy
  • Any idea how long Microsoft was sitting on the CVE-2013-3918 vulnerability?

    From the article:
    "MS13-090: Cumulative Security Update of ActiveX Kill Bits (2900986) (Critical)
    "This is the zero-day vulnerability that was reported being exploited in the wild. It exists in the InformationCardSigninHelper Class ActiveX control.

    According to Microsoft, this vulnerability (CVE-2013-3918) was originally reported by "ucq and Daiki Fukumori of the Cyber Defense Institute, Inc.". It's the same vulnerability used in the Internet Explorer in-the-wild exploit that FireEye blogged about in the last several days. Both FireEye and iSIGHT Partners were given credit "for working with us [Microsoft] on the InformationCardSigninHelper Vulnerability".

    More here:
    http://technet.microsoft.com/en-us/security/bulletin/MS13-090

    P.S. It would be great to hear that Microsoft was not sitting on this particular vulnerability for months.
    Rabid Howler Monkey
  • Every OS has patches

    Not making excuses because 19 is a lot. But at least Microsoft is far more upfront on documenting patches then Apple, Google or Linux. Windows has been a target for the shear numbers of computers running Windows. I'll take the updates, and go on with my day. I never find them much of a problem anymore. They usually install late at night and I get a reminder that my PC installed them. This has never been a big deal for me.
    JohnnyES-25227553276394558534412264934521
    • Yes and no

      19 seems like a lot until you realize the various sizes of them. They could have easily lumped some of them together to make it seem like less. I mean... that's what OS X patches are. They're a huge lump of patches.
      Michael Alan Goff
    • The causes?

      We all know that OS patches are for fixing some errors, but how do we know if those new patches will cause more new errors?
      SmilingGuy
      • Why more and more?

        Why MS always have many errors to fix?
        SmilingGuy
        • Everyone always has more errors to fix

          if they have a complicated piece of software.
          Michael Alan Goff