To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in Information: - 1 (877) Pin: 3959

Review of July 2013 Bulletin Release Information - Seven New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software Removal Tool Resources Questions and Answers: Please Submit Now - Submit Questions via Twitter #MSFTSecWebcast

Severity & Exploitability Index Exploitability Index 1 RISK 2 3 DP Severity Critical IMPACT Important Moderate Low MS13-052MS13-053MS13-054MS13-055MS13-056MS13-057MS NET Framework/Silverlight GDI+ Kernel-Mode Drivers Internet Explorer Windows Defender Media Format Runtime DirectShow

Bulletin Deployment Priority

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE Critical11Remote Code ExecutionCooperatively Disclosed CVE Critical22Remote Code ExecutionPublically Disclosed CVE Important33Elevation of PrivilegeCooperatively Disclosed CVE Important33Elevation of PrivilegeCooperatively Disclosed CVE Critical22Remote Code ExecutionPublically Disclosed CVE Important33Elevation of PrivilegeCooperatively Disclosed CVE Important11Remote Code ExecutionCooperatively Disclosed Affected Products Severity levels are aggregate, please see update document for specifics:.NET Framework 2.0, 3.0, 4, 3.5, 3.5.1, and 4.5 on all supported versions of Windows Client and Windows Server; All editions of Silverlight 5, to include when installed on Mac Severity levels are aggregate, please see update document for specifics:.NET Framework 1.0 and 1.1 on all supported versions of Windows Client and Windows Server Affected ComponentsInternet Explorer Deployment Priority2 Main TargetWorkstations MS13-052: Vulnerabilities in.NET Framework and Silverlight Could Allow Remote Code Execution ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder Possible Attack Vectors Web-based: An attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. (CVE ) File sharing: an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file (CVE ) Local attack: an attacker could exploit this vulnerability by running a specially crafted application to take complete control over the affected system. However, the attacker must have valid logon credentials and be able to log on locally (CVE ) Web-based: an attacker could host a website that contains a specially crafted Silverlight application designed to exploit this vulnerability and then convince a user to view the website (CVE , 3178).NET application: In a.NET application attack scenario, an attacker could modify the array data in a manner that would allow for remote code execution (CVE , 3134) Web-based: An attacker could host a specially crafted website that contains a specially crafted XBAP (XAML browser application) that could exploit this vulnerability and then convince a user to view the website (CVE , 3133, 3171) This vulnerability could also be used by Windows.NET Framework applications to bypass Code Access Security (CAS) restrictions (CVE , 3133, 3171) Impact of Attack An attacker could run arbitrary code in kernel mode (CVE ) In a.NET application attack scenario, an attacker could obtain the same permissions as the currently logged-on user (CVE , 3133, 3134, 3171) In a web-browsing scenario, an attacker could execute arbitrary could on behalf of the targeted user (CVE , 3133, 3171, 3178) An attacker could take complete control of the affected system (CVE ) Mitigating Factors An attacker cannot force users to view the attacker-controlled content. (All CVEs) By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML messages in the Restricted sites zone. (All CVEs) Additional Information Installations using Server Core are affected..NET Framework 4 and.NET Framework 4 Client Profile affected MS13-052: Vulnerabilities in.NET Framework and Silverlight Could Allow Remote Code Execution ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE Important11Elevation of PrivilegeCooperatively Disclosed CVE Important31Elevation of PrivilegeCooperatively Disclosed CVE Important31Elevation of PrivilegeCooperatively Disclosed CVE Critical11Remote Code ExecutionCooperatively Disclosed CVE ImportantNA1Elevation of PrivilegeCooperatively Disclosed CVE ModerateDenial of ServicePublically Disclosed CVE Important11Elevation of PrivilegeCooperatively Disclosed CVE Critical33Remote Code ExecutionPublically Disclosed Affected ProductsAll supported versions of Windows Client and Windows Server Affected ComponentsKernel-Mode Drivers Deployment Priority1 Main TargetWorkstations Possible Attack Vectors Web-based attack: an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. (CVE , 3660) File sharing: an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file. (CVE , 3660) Local attack: an attacker could also exploit this vulnerability by running a specially crafted application to take complete control over the affected system. The attacker must have valid logon credentials (CVE , 3660) An attacker would first have to log on to the system. An attacker could then run a specially crafted application designed to increase privileges. (CVE , 1340, 1345, 3167, 3173) For an attacker to exploit this vulnerability, a user would have to execute a specially crafted application. (CVE ) MS13-053: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder Impact of Attack An attacker could run arbitrary code in kernel mode (CVE ) An attacker could run processes in an elevated context (CVE , 1340, 1345, 3167, 3173) An attacker could cause the target system to stop responding (CVE ) In most scenarios, an attacker could achieve elevation of privilege on the target system. It is also theoretically possible, but unlikely due to memory randomization, that an attacker could achieve remote code execution (CVE ) Mitigating Factors An attacker must have valid logon credentials and be able to log on to exploit this vulnerability (CVE , 1340, 1345, 3167, 3173) Microsoft has not identified any mitigating factors for this vulnerability (CVE ) By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML messages in the Restricted sites zone, which disables font download by default (CVE ) An attacker would have no way to force a user to click on a malicious link or open a malicious file (CVE ) Additional Information Installations using Server Core are affected Microsoft was aware of this vulnerability being used to achieve elevation of privilege in targeted attacks (CVE ) Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers (CVE ) MS13-053: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution ( ) (Cont’d)

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE Critical11Remote Code ExecutionCooperatively Disclosed Affected Products All supported versions of Windows and Windows Server except for Windows Server 2008 for Itanium; Lync bit, x64 and Attendee; Lync 2013 Visual Studio.NET 2003 SP1; Office 2003, 2007, and all editions of 2010 Affected ComponentsGDI+, Journal, DirectWrite, Office, Visual Studio.NET 2003, Lync Deployment Priority2 Main TargetWorkstations Possible Attack Vectors Web based: an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. File Sharing: an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file Local attack: an attacker could also exploit this vulnerability by running a specially crafted application to take complete control over the affected system. However, the attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability in this scenario Impact of AttackAn attacker could run arbitrary code in kernel mode and take complete control of an affected system Mitigating Factors An attacker could not force a user to visit a malicious website or click on a malicious link By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML messages in the Restricted sites zone, which disables font download by default Additional Information For some versions of Windows Server, DirectWrite is not installed by default. Customers will only be offered the update on those systems if DirectWrite is installed MS13-054: Vulnerability in GDI+ Could Allow Remote Code Execution ( )

MS13-055: Cumulative Security Update for Internet Explorer ( ) CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE CVE CVE Critical11Remote Code ExecutionCooperatively Disclosed CVE CVE CVE CVE CVE CriticalNA1Remote Code ExecutionCooperatively Disclosed CVE CVE CVE CVE Critical31Remote Code ExecutionCooperatively Disclosed CVE CVE Critical21Remote Code ExecutionCooperatively Disclosed CVE CVE Critical1NARemote Code ExecutionCooperatively Disclosed CVE Important33Information DisclosureCooperatively Disclosed Affected ProductsIE6 – IE10 on all supported versions of Windows ClientIE6 – IE10 on all supported versions of Windows Server Affected ComponentsInternet Explorer Deployment Priority1 Main TargetWorkstations

Possible Attack Vectors An attacker An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. (All CVEs) The attacker could take advantage of compromised websites and websites that accept or host user-provided content or advertisements. (All CVEs) Impact of Attack An attacker could gain the same user rights as the current user (All CVEs except CVE ) An attacker who successfully exploited this vulnerability could view content from another domain or Internet Explorer zone (CVE ) Mitigating Factors An attacker cannot force users to view the attacker-controlled content. (All CVEs) By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML messages in the Restricted sites zone. (All CVEs) By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012 runs in a restricted mode that is known as Enhanced Security Configuration. (All CVEs) Additional Information Installations using Server Core not affected. (All CVEs) Updates for Windows RT are only available via Windows Update Microsoft is aware of targeted attacks attempting to exploit the vulnerability described in CVE MS13-055: Cumulative Security Update for Internet Explorer ( ) Continued

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE Critical11Remote Code ExecutionCooperatively Disclosed Affected Products All supported versions Windows and Windows Server (except Windows Server 2008 for Itanium, Windows Server 2012, and Windows RT) Affected ComponentsDirectShow Deployment Priority2 Main TargetServers Possible Attack Vectors Web-based: an attacker would have to host a web site that contains specially crafted content (GIF file) that is used to attempt to exploit this vulnerability an attacker could exploit the vulnerability by sending a specially crafted GIF file as a mail attachment and by convincing the user to open the file Impact of Attack If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. Mitigating Factors The vulnerability cannot be exploited automatically through . An attacker could not force a user to visit a malicious website or click on a malicious link Additional InformationInstallations using Server Core are not affected. MS13-056: Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE Critical22Remote Code ExecutionCooperatively Disclosed Affected Products WMFR 9, 9.5, 11 and wmv9vcm.dll (codec) installed on Windows XP; WMFR 9.5 and wmv9vcm.dll (codec) installed on Windows Server 2003, WMFR 11 and wmv9vcm.dll (codec) installed on Windows Server 2008 (except Itanium); Windows Media Player 12 on Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT Affected ComponentsWindows Media Format Runtime (WMFR) Deployment Priority2 Main TargetWorkstations Possible Attack Vectors An attacker could exploit the vulnerability by hosting a specially crafted media file on a network location and convincing a user to open the file Impact of Attack An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user Mitigating Factors The vulnerability cannot be exploited automatically through An attacker could not force a user to visit a malicious website or click on a malicious link Additional Information Windows Server 2008 installations using Server Core are not affected. This is not a supported or shipped product beyond Windows XP, the Vista/Windows Server 2008 parts of this update are to protect customers in an upgrade scenario only. MS13-057: Vulnerability in Windows Media Format Runtime Could Allow Remote Code Execution ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE ImportantNA1Elevation of PrivilegeCooperatively Disclosed Affected Products Windows Defender for Windows 7 32bit and x64, Windows Defender when installed on Windows Server 2008 R2 x64 Affected ComponentsWindows Defender Deployment Priority3 Main TargetWindows 7 workstations Possible Attack Vectors To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then place a specially crafted application in a location that could be used to exploit the vulnerability Impact of Attack An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take complete control of the system Mitigating Factors An attacker must have valid logon credentials to exploit this vulnerability. The vulnerability could not be exploited by anonymous users. In a Windows 7 default configuration, a user running as a standard user account does not have permissions to write files to the root directory on the system Additional InformationIf a customer is running Windows 7 but Windows Defender is disabled, this update is not required. MS13-058: Vulnerability in Windows Defender Could Allow Elevation of Privilege ( )

Microsoft Security Advisory ( ): Update for Vulnerabilities in Adobe Flash Player in Internet Explorer Added the update to the Current Update section for all supported editions of Windows 8, Windows Server 2012, and Windows RT The update addresses the vulnerabilities described in Adobe Security bulletin APSB13-17

Detection & Deployment 1.The MBSA does not support detection on Windows 8, Windows RT, and Windows Server Windows RT systems only support detection and deployment from Windows Update, Microsoft Update and the Windows Store. 3.Mac is not supported by our detection tools. 4.Microsoft Office, Visual Studio, and Lync are not serviced by Windows Update. 5.The update for Visual Studio is available thought the Download Center only.

Other Update Information

Microsoft will not add any new families to the MSRT during this release Version 5 of MSRT is now available on DLC and for Microsoft Update customers who manually check Available as a priority update through Windows Update or Microsoft Update Offered through WSUS 3.0 or as a download at:

Submit text questions using the “Ask” button. Don’t forget to fill out the survey. A recording of this webcast will be available within 48 hours on the MSRC blog. Register for next month’s webcast at: