To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in Information: - 1 (877) Pin: 3959

Review of October 2013 Bulletin Release Information - Eight New Security Bulletins - One updated Security Advisory - Microsoft Windows Malicious Software Removal Tool Resources Questions and Answers: Please Submit Now - Submit Questions via Twitter #MSFTSecWebcast

Severity & Exploitability Index Exploitability Index 1 RISK 2 3 DP Severity Critical IMPACT Important Moderate Low MS13-080MS13-081MS MS13-083MS13-084MS13-085MS13-086MS Internet Explorer.NET Framework Silverlight Common Controls Kernel-Mode Drivers SharePoint Word Excel

Bulletin Deployment Priority

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE CVE CVE CVE CVE CVE CVE CriticalNA1Remote Code ExecutionCooperatively Disclosed CVE Critical11Remote Code ExecutionPublicly Disclosed CVE Critical11Remote Code ExecutionCooperatively Disclosed Affected Products IE6 – IE11 on all supported versions of Windows Client (except for IE11 on Windows 7) IE6 – IE11 on all supported versions of Windows Server (except for IE11 on Windows Server 2008 R2 x64) Affected ComponentsInternet Explorer Deployment Priority1 Main TargetWorkstations Possible Attack Vectors An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. (All CVEs) The attacker could take advantage of compromised websites and websites that accept or host user- provided content or advertisements. (All CVEs) Impact of AttackAn attacker could gain the same user rights as the current user. (All CVEs) Mitigating Factors An attacker cannot force users to view the attacker-controlled content. (All CVEs) By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML messages in the Restricted sites zone. (All CVEs) By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012 runs in a restricted mode that is known as Enhanced Security Configuration. (All CVEs) Additional InformationInstallations using Server Core are not affected. MS13-080: Cumulative Security Update for Internet Explorer ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE CriticalNA1Remote Code ExecutionCooperatively Disclosed CVE CriticalNA2Remote Code ExecutionCooperatively Disclosed CVE CVE CVE ImportantNA1Elevation of PrivilegeCooperatively Disclosed CVE CVE ImportantNA2Elevation of PrivilegeCooperatively Disclosed Affected ProductsAll supported versions of Windows Client and Windows Server through Windows 8 Affected ComponentsKernel-Mode Driver Deployment Priority1 Main TargetWorkstations Possible Attack Vectors An attacker could exploit the vulnerability by convincing a user to view a specially crafted font. (CVE /3894) An attacker could exploit the vulnerability by inserting a malicious USB device into the system. (CVE ) All other CVEs For an attacker to exploit this vulnerability, a user would have to execute a specially crafted application. In an attack scenario, an attacker could exploit the vulnerability by sending a specially crafted application to a user and convincing them to run it. MS13-081: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution ( )

Impact of Attack CVE An attacker who successfully exploited this vulnerability could disclose info from a different App Container All other CVEs An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. Mitigating Factors CVE /3894 An attacker would have no way to force users to visit specially crafted websites. An attacker would have to convince users to visit the website and open the specially crafted font CVE In a default scenario, an attacker would require physical access to exploit this vulnerability. All other CVEs An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability or convince a locally authenticated user to execute a specially crafted application. Additional Information Installations using Server Core are affected. CVE /3894 Disable Preview Pane and Details Pane in Windows Explorer CVE is shared with MS Vulnerabilities in.NET Framework Could Allow Remote Code Execution. Both updates are required to fully address this issue. MS13-081: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE Critical22Remote Code ExecutionCooperatively Disclosed CVE CVE Important33Denial of ServiceCooperatively Disclosed Affected Products.NET Framework 2.0 SP2 and.NET Framework 3.5.1, on all supported versions of Windows Client and Windows Server..NET Framework 3.0,.NET Framework 3.5,.NET Framework SP1,.NET Framework 4, and.NET Framework 4.5 on all supported versions of Windows Client and Windows Server. Affected Components.NET Framework Deployment Priority2 Main Target Workstations and Servers that run.NET and/or WCF Possible Attack Vectors In a.NET application attack scenario, an attacker could host an XAML Browser Application (XBAP) containing a specially crafted OTF file on a website (CVE ) In a.NET application attack scenario, an attacker could cause an application or server to crash or become unresponsive until an administrator restarts the application or server. (CVE /3861) Impact of Attack An attacker who successfully exploited this vulnerability could execute code in the context of the logged on user. (CVE ) An attacker could cause an application or server to crash or become unresponsive until an administrator restarts the application or server. (CVE /3861) Mitigating Factors Microsoft has not identified any mitigating factors for this vulnerability. (CVE ) Affected systems do not accept and validate XML digital signatures by default. (CVE ) Affected systems do not accept and validate JSON data by default. (CVE ) Additional Information.NET Framework 4 and.NET Framework 4 Client Profile affected. CVE is shared with MS Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution. Both updates are required to fully address this issue. MS13-082: Vulnerabilities in.NET Framework Could Allow Remote Code Execution ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE CriticalNA1Remote Code ExecutionCooperatively Disclosed Affected Products All supported 64-bit versions of Windows Client and Windows Server (except Windows 8.1) All supported 32-bit versions of Windows Client and Windows Server (except Windows XP and Windows 8.1) Affected ComponentsMicrosoft Common Control Library Deployment Priority1 Main TargetWeb application servers Possible Attack Vectors An attacker could exploit the vulnerability by sending a specially crafted request to an affected system. Impact of Attack An attacker who successfully exploited this vulnerability could gain the same rights as the logged on user. Mitigating Factors An attacker who successfully exploited this vulnerability could gain the same user rights as the local user Additional Information Installations using Server Core are affected. Severity ratings do not apply to 32-bit software because the known attack vectors for the vulnerability discussed in this bulletin are blocked in a default configuration. MS13-083: Vulnerabilities in Windows Common Control Library Could Allow Remote Code Execution ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE Important12Remote Code ExecutionCooperatively Disclosed CVE ImportantNA3Elevation of PrivilegeCooperatively Disclosed Affected Products Microsoft SharePoint Server 2007, 2010 and 2013, All supported versions of Excel Services, Word Automation Services, and Web Services for SharePoint Server 2007, 2010 and 2013, Office Web Apps 2010 Affected ComponentsSharePoint Deployment Priority3 Main TargetServers where SharePoint is installed Possible Attack Vectors This vulnerability requires that a user open a specially crafted Office file with an affected version of Microsoft Excel software. (CVE ) An unauthenticated attacker could create a specially crafted page and then convince an authenticated SharePoint user to visit the page. (CVE ) Impact of Attack An attacker who successfully exploited this vulnerability could cause arbitrary code to run in the security context of the current user. (CVE ) An attacker who successfully exploited this vulnerability could read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim. (CVE ) Mitigating Factors An attacker would have no way to force users to open specially crafted Office files. (CVE ) Microsoft has not identified any mitigating factors for these vulnerabilities. (CVE ) Additional Information CVE is also addressed by MS Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution. Both updates are required to fully address this issue. MS13-084: Vulnerabilities in SharePoint Could Allow Remote Code Execution ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE Important12Remote Code ExecutionCooperatively Disclosed CVE ImportantNA3Remote Code ExecutionCooperatively Disclosed Affected Products All supported versions of Microsoft Office (except 2003 SP3), Excel Viewer, and Office Compatibility Pack SP3 Affected ComponentsMicrosoft Office Deployment Priority2 Main TargetWorkstations Possible Attack Vectors This vulnerability requires that a user open a specially crafted Office file with an affected version of Microsoft Excel software. (CVE ) This vulnerability requires that a user open a specially crafted Office file with an affected version of Microsoft Office software. (CVE ) Impact of Attack An attacker who successfully exploited this vulnerability could cause arbitrary code to run in the security context of the current user. (All CVEs) Mitigating Factors An attacker would have no way to force users to open specially crafted Office or Excel files. CVE is also addressed by MS Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution. Both updates are required to fully address this issue. MS13-085: Vulnerability in Microsoft Excel Could Allow Remote Code Execution ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE ImportantNA1Remote Code ExecutionCooperatively Disclosed CVE ImportantNA3Remote Code ExecutionCooperatively Disclosed Affected ProductsMicrosoft Word 2003, Microsoft Word 2007, and Microsoft Office Compatibility Pack Affected ComponentsMicrosoft Word Deployment Priority2 Main TargetWorkstations Possible Attack Vectors Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. (All CVEs) Impact of Attack An attacker who successfully exploited this vulnerability could cause arbitrary code to run in the security context of the current user. (All CVEs) Mitigating Factors An attacker would have no way to force users to open specially crafted Office files. Install and configure MOICE to be the registered handler for.doc files. Use Microsoft Office File Block policy to prevent the opening of.doc and.dot binary files MS13-086: Vulnerability in Microsoft Word Could Allow Remote Code Execution ( )

CVESeverity Exploitability | Versions ImpactDisclosure LatestOlder CVE Important33Information DisclosureCooperatively Disclosed Affected Products Microsoft Silverlight 5 and Microsoft Silverlight 5 Developer Runtime when installed on Mac and all supported versions of Windows Client (except Windows RT) and Windows Server Affected ComponentsSilverlight Deployment Priority3 Main TargetWorkstations Possible Attack Vectors An attacker could host a website that contains a specially crafted Silverlight application designed to exploit this vulnerability and then convince a user to view the website. The attacker could take advantage of compromised websites and websites that accept or host user- provided content or advertisements. Impact of Attack An attacker could disclose information on the local system. Mitigating Factors An attacker cannot force users to visit specially crafted websites. By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 and Windows Server 2012 runs in a restricted mode that is known as Enhanced Security Configuration. Additional Information Microsoft Silverlight build , which was the current build of Microsoft Silverlight when this bulletin was first released, addresses the vulnerability and is not affected. Builds of Microsoft Silverlight prior to are affected. MS13-087: Vulnerability in Silverlight Could Allow Information Disclosure ( )

Detection & Deployment 1.The MBSA does not support detection on Windows 8, Windows RT, and Windows Server Windows RT systems only support detection and deployment from Windows Update, Microsoft Update and the Windows Store. 3.Mac is not supported by detection tools.

Other Update Information

During this release, Microsoft will increase/add detection capability for the following families in the MSRT: Win32/Shiotob - a family of trojans that monitors network activities of the affected system to steal system information and user credentials. Win32/Foidan - a family of trojans that monitors and may also change internet traffics of an affected computer. Available as a priority update through Windows Update or Microsoft Update Offered through WSUS 3.0 or as a download at:

Submit text questions using the “Ask” button. Don’t forget to fill out the survey. A recording of this webcast will be available within 48 hours on the MSRC blog. Register for next month’s webcast at: