Home > Microsoft Security > Ms13-099

Ms13-099

Contents

Nome do arquivo de atualização de segurança Para todas as edições de 32 bits com suporte do Windows 7:Windows6.1-KB2876331-x86.msu Para todas as edições baseadas em x64 com suporte do Windows 7:Windows6.1-KB2876331-x64.msu Manage Your Profile | Flash Newsletter | Contact Us | Privacy Statement | Terms of Use | Trademarks | © 2016 Microsoft © 2016 Microsoft

Other Information Microsoft Active Protections Program (MAPP) To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Does this update contain any security-related changes to functionality? Yes. Customers who require custom support for older software must contact their Microsoft account team representative, their Technical Account Manager, or the appropriate Microsoft partner representative for custom support options. The content you requested has been removed. https://technet.microsoft.com/en-us/library/security/ms13-089.aspx

Ms13-099

V3.0 (August 19, 2013): Rereleased bulletin to announce the reoffering of the 2843638 update for Active Directory Federation Services 2.0 on Windows Server 2008 and Windows Server 2008 R2. Para determinar o ciclo de vida do suporte para sua versão ou edição de software, visite o site Ciclo de vida do suporte Microsoft. Click Local intranet, and then click Custom Level. Windows Vista (todas as edições) Tabela de referência A tabela a seguir contém as informações de atualização de segurança desse software.

Microsoft received information about this vulnerability through coordinated vulnerability disclosure. I am running Internet Explorer for Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 , Windows Server 2012 , or Windows Server 2012 R2 . Removal i nformation To uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, and then under Windows Update, click View installed Kb2893294 By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known

Informações sobre o arquivo Consulte o Artigo 2876331 (em inglês) da Microsoft Knowledge Base Verificação da chave d e Registro Observação Não existe uma chave do Registro para validar a presença Ms13-090 If prompted to initiate a print preview, select No or Cancel. V1.3 (October 10, 2013): Bulletin revised to remove CVE-2013-3871 from the vulnerabilities addressed by this update. Security update file name For Active Directory Federation Services 1.x on all supported x64-based editions of Windows Server 2008 R2:Windows6.1-KB2868846-x64.msu For Active Directory Federation Services 2.0 on all supported x64-based editions

What causes the vulnerability? The vulnerability is caused by a memory corruption that occurs when a Windows Write (.wri) file that contains a specially crafted image is opened in WordPad. Kb2900986 This will allow you to continue to use trusted websites exactly as you do today, while helping to protect you from this attack on untrusted sites. Repeat these steps for each site that you want to add to the zone. To disable these panes in Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2, perform the following steps: Open Windows Explorer, click Organize, and then click Layout.

Ms13-090

Removal i nformation To uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, and then under Windows Update, click View installed For more information about EMET, see The Enhanced Mitigation Experience Toolkit. Ms13-099 For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871. Ms13-097 This effectively prevents exploitation of the issue.

Microsoft received information about this vulnerability through coordinated vulnerability disclosure. We recommend that you add only sites that you trust to the Trusted sites zone. See the FAQ section for these vulnerabilities for more information about Internet Explorer Enhanced Security Configuration. When the installations are complete, customers will see both updates 2843639 and 2843638 in the list of installed updates. Kb2892074

Removal i nformation To uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, click Windows Update, and then under See also, An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 on affected Windows clients and What might a n attacker use the vulnerabilities to do? An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.

An attacker could exploit the vulnerability by constructing a specially crafted webpage that could allow information disclosure if a user viewed the webpage. Kb2912390 Yes No Additional feedback? 1500 characters remaining Submit Skip th TechNet Products Products Windows Windows Server System Center Browser   Office Office 365 Exchange Server   SQL Server SharePoint Products Skype In the Select a web content zone to specify its current security settings box, click Trusted Sites, and then click Sites.

The security update addresses these vulnerabilities by correcting the way that Windows handles specially crafted OpenType Font files and specially crafted TrueType Font (TTF) files, and by correcting the way that

Under Security level for this zone, move the slider to High. What causes the vulnerabilities ? The vulnerabilities are caused when Internet Explorer fails to properly validate permissions, which can allow an attacker to gain elevation of privilege. For more information about EMET, see The Enhanced Mitigation Experience Toolkit. Kb2883200 An attacker could then attempt logons from outside the corporate network, which would result in account lockout of the service account used by AD FS if an account lockout policy has

File Information See Microsoft Knowledge Base Article 2876331 Other Information Acknowledgments Microsoft thanks the following for working with us to help protect customers: Hossein Lotfi of Secunia Research for reporting the In the Select a web content zone to specify its current security settings box, click Trusted Sites, and then click Sites. The links provided point to pages on the vendors' websites. File information See Microsoft Knowledge Base Article 2893294 Registry key verification Note A registry key does not exist to validate the presence of this update.   Windows Server 2008 (all editions)

When WordPad parses the Windows Write file, the Windows Graphics Device Interface improperly processes the specially crafted image, which causes the memory corruption.