Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. V1.1 (December 18, 2013): Updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes". See also the section, Detection and Deployment Tools and Guidance, later in this bulletin. To do this, perform the following steps: In Internet Explorer, click Tools, click Internet Options, and then click the Security tab.
Removal information Use Add or Remove Programs item in Control Panel or the Spuninst.exe utility located in the %Windir%\$NTUninstallKB2893294$\Spuninst folder File information See Microsoft Knowledge Base Article 2893294 Registry key verification Add sites that you trust to the Internet Explorer Trusted sites zone After you set Internet Explorer to block ActiveX controls and Active Scripting in the Internet zone and in the Live Demo Free Edition Download Now MS13-089 Bulletin Details Microsoft Security Bulletins Bulletin ID:MS13-089 TitleVulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution (2876331) Summary: This security update When this security bulletin was issued, had this vulnerability been publicly disclosed? No. https://technet.microsoft.com/en-us/library/security/ms13-089.aspx
Repeat these steps for each site that you want to add to the zone. Revisions V1.0 (August 13, 2013): Bulletin published. V1.6 (July 29, 2014): Revised bulletin to announce that Microsoft no longer plans to enforce the stricter verification behavior as a default functionality on supported releases of Microsoft Windows.
Nome do arquivo de atualização de segurança Para todas as edições baseadas em x64 com suporte do Windows Server 2008 R2:Windows6.1-KB2876331-x64.msu Para todas as edições baseadas em Itanium com suporte do This is a mitigating factor for websites that you have not added to the Internet Explorer Trusted sites zone. These websites could contain specially crafted content that could exploit these vulnerabilities. Kb2893294 It should be a priority for customers who have older releases of the software to migrate to supported releases to prevent potential exposure to vulnerabilities.
When you call, ask to speak with the local Premier Support sales manager. Ms13-090 Windows RT and Windows RT 8.1 (all editions) Reference Table The following table contains the security update information for this software. This mode mitigates these vulnerabilities. The term "Authenticode" signature refers to a digital signature format that is generated and verified using the Authenticode Signature Verification Function.
Click OK two times to accept the changes and return to Internet Explorer. Kb2900986 If you do not want to block ActiveX Controls or Active Scripting for such sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites It should be a priority for customers who have older releases of the software to migrate to supported releases to prevent potential exposure to vulnerabilities. Enhanced Security Configuration is a group of preconfigured settings in Internet Explorer that can reduce the likelihood of a user or administrator downloading and running specially crafted web content on a
Click Local intranet. Informaçõessobre remoção Para desinstalar uma atualização instalada pelo WUSA, use a opção /Uninstall ou clique em Painel de Controle, Sistema e Segurança; depois clique no Windows Update, e, abaixo de Veja Ms13-099 For more information, see the subsection, Affected and Non-Affected Software, in this section. Ms13-097 Soluções alternativas A solução alternativa refere-se a uma configuração ou alteração de configuração que não corrige a vulnerabilidade subjacente mas que ajudaria a bloquear vetores de ataque conhecidos antes de aplicar
The Restricted sites zone, which disables script and ActiveX controls, helps reduce the risk of an attacker being able to use these vulnerabilities to execute malicious code. FAQ What is the scope of the vulnerability? This is an information disclosure vulnerability. Informaçõessobre remoção O WUSA.exe não oferece suporte à desinstalação de atualizações. In addition, for Internet Explorer 11 on affected Windows servers, this security update is rated Moderate. Kb2892074
Built at 2014-04-18T13:49:36Z-07:00 Show: Inherited Protected Print Export (0) Print Export (0) Share IN THIS ARTICLE Is this page helpful? Removal Information Click Control Panel, click System and Security, click Windows Update, and then under See also, click Installed updates and select from the list of updates. echo y| cacls "%ProgramFiles%\Common Files\Microsoft Shared\TextConv\mswrd832.cnv" /E /R everyone echo y| cacls "%ProgramFiles(x86)%\Common Files\Microsoft Shared\TextConv\mswrd832.cnv" /E /R everyone echo y| cacls "%ProgramFiles%\Windows NT\Accessories\mswrd8.wpc" /E /R everyone echo y| cacls "%ProgramFiles %\Windows Security Advisories and Bulletins Security Bulletins 2013 2013 MS13-098 MS13-098 MS13-098 MS13-106 MS13-105 MS13-104 MS13-103 MS13-102 MS13-101 MS13-100 MS13-099 MS13-098 MS13-097 MS13-096 MS13-095 MS13-094 MS13-093 MS13-092 MS13-091 MS13-090 MS13-089 MS13-088 MS13-087
The Update Compatibility Evaluator components included with Application Compatibility Toolkit aid in streamlining the testing and validation of Windows updates against installed applications. Kb2912390 The 2876331 update is available for Windows 8.1 Preview, Windows RT 8.1 Preview, and Windows Server 2012 R2 Preview. Windows-based applications do not access the graphics hardware directly.
This documentation is archived and is not being maintained.
We recommend that you add only sites that you trust to the Trusted sites zone. What might an attacker use the vulnerability to do? The vulnerability could allow an attacker to reveal information pertaining to the service account used by AD FS. Workarounds Microsoft has not identified any workarounds for these vulnerabilities. Kb2883200 What does the update do? This update addresses the vulnerability by modifying the way that Internet Explorer handles CSS special characters.
How are Server Core installations affected by the vulnerabilities addressed in this bulletin? The vulnerabilities addressed by this update do not affect supported editions of Windows Server 2008, Windows Server 2008 R2, Support How to obtain help and support for this security update Help installing updates: Support for Microsoft Update Security solutions for IT professionals: TechNet Security Troubleshooting and Support Help protect your Why does this update address several reported security vulnerabilities? This update contains support for several vulnerabilities because the modifications that are required to address these issues are located in related files. What systems are primarily at risk from the vulnerability? This vulnerability requires that a user be logged on and visiting a website for any malicious action to occur.
Does this update contain any security-related changes to functionality? Yes. The content you requested has been removed. Recommendation. Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Affected Software Operating SystemComponentMaximum Security ImpactAggregate Severity RatingUpdates Replaced Internet Explorer 6 Windows XP Service Pack 3 Internet Explorer 6 (2888505)Remote Code ExecutionCritical2879017 in MS13-080 Windows XP Professional x64 Edition Service Pack
I am using an older release of the software discussed in this security bulletin. Removal i nformation For Internet Explorer 6 for all supported 32-bit editions, x64-based editions, and Itanium-based editions of Windows Server 2003:Use Add or Remove Programs item in Control Panel or the An attacker would have no way to force users to view attacker controlled content and open a specially crafted file. How could an attacker exploit the vulnerabilities ? An attacker could host a specially crafted website that is designed to exploit these vulnerabilities through Internet Explorer, and then convince a user to
We recommend that you add only sites that you trust to the Trusted sites zone. The content you requested has been removed. To view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2013-3128. It should be a priority for customers who have older releases of the software to migrate to supported releases to prevent potential exposure to vulnerabilities.