![\"win7\"](\"https:\/\/borncity.com\/blog\/wp-content\/uploads\/2012\/03\/win7_thumb1.jpg\" "\\"win7\\"")
Microsoft hat mal wieder ein Sicherheits-Bulletin zum Dezember Patchday mit Informationen zu den zu schlie\u00dfenden Sicherheitsl\u00fccken in Windows, Office, Lync, Internet Explorer, Exchange, SharePoint und ASP.NET herausgegeben. \u00a0Von den 11 Patches sind 5 als kritisch eingestuft.\u00a0Zudem hat auch Adobe wieder flei\u00dfig gepatcht.<\/p>\n
<\/p>\n
Die Details zum Dezember-Patchday finden sich auf dieser Website<\/a>. Insgesamt ver\u00f6ffentlicht Microsoft 11 Patches, die zahlreiche Sicherheitsl\u00fccken in Windows, Office, Lync, Internet Explorer, Exchange, SharePoint und ASP.NET schlie\u00dfen.<\/p>\n MS13-096<\/a>: Vulnerability in Microsoft Graphics Component Could allow Remote Code Execution <\/strong>(2908005<\/strong>)<\/strong> Anmerkung: Dieser Patch schlie\u00dft die TIFF-L\u00fccke, die ich hier schon mal adressiert <\/a>hatte.<\/p><\/blockquote>\n MS13-097<\/a>: Cumulative Security Update for Internet Explorer (2898785<\/strong>)<\/strong> MS13-098<\/a>: Vulnerability in Windows <\/strong>Could Allow Remote Code Execution (2893294<\/strong>)<\/strong> MS13-099<\/a>: Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution (2909158)<\/strong> <\/strong> MS13-105<\/a>: Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution <\/strong>(<\/strong>2915705<\/strong>)<\/strong> MS13-100<\/a>: Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2904244)<\/strong> <\/strong> MS13-101<\/a>: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege <\/strong>(2880430<\/strong>)<\/strong> MS13-102<\/a>: Vulnerability in LRPC Client Could Allow Elevation of Privilege<\/strong> (<\/strong>2898715<\/strong>)<\/strong> MS13-103<\/a>: Vulnerability in <\/strong>ASP.NET <\/strong>SignalR<\/strong> Could A<\/strong>llow Elevation of Privilege (2905244<\/strong>)<\/strong> MS13-104: Vulnerability in Microsoft Office Could Allow Information Disclosure (2909976)<\/strong> <\/strong> MS13-106<\/a>: Vulnerability in a Microsoft Office Shared Component Could Allow Security Feature <\/strong>Bypass <\/strong>(2905238)<\/strong> Auch die Firma Adobe hat am 10.12.2013 ihren Patchday gehabt. Laut heise.de<\/a>\u00a0ver\u00f6ffentlichte Adobe neue Versionen von Flash, Shockwave und AIR.\u00a0Bei Flash beseitigen die 11.9.900.170 f\u00fcr Windows und Mac und 11.2.202.332 f\u00fcr Linux Sicherheitsl\u00fccken. \u00c4hnliches gilt f\u00fcr\u00a0Shockwave-Version 12.0.7.148. Einige zus\u00e4tzliche Hinweise finden sich hier bei heise.de<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Microsoft hat mal wieder ein Sicherheits-Bulletin zum Dezember Patchday mit Informationen zu den zu schlie\u00dfenden Sicherheitsl\u00fccken in Windows, Office, Lync, Internet Explorer, Exchange, SharePoint und ASP.NET herausgegeben. \u00a0Von den 11 Patches sind 5 als kritisch eingestuft.\u00a0Zudem hat auch Adobe wieder … Weiterlesen
\n<\/strong>
\n<\/strong>This security update resolves a publicly disclosed vulnerability in Microsoft Windows, Microsoft Office, and Microsoft Lync. The vulnerability could allow remote code execution if a user views content that contains specially crafted TIFF files.
\nCritical Remote Code Execution – May require restart
\nMicrosoft Windows, Microsoft Office, Microsoft Lync<\/p>\n
\n<\/strong>
\n<\/strong>This security update resolves seven privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
\nCritical – Remote Code Execution – Requires restart
\nMicrosoft Windows, Internet Explorer<\/p>\n
\n<\/strong>
\n<\/strong>This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user or application runs or installs a specially crafted, signed portable executable (PE) file on an affected system.
\nCritical – Remote Code Execution – Requires restart
\nMicrosoft Windows<\/p>\n
\n<\/strong>
\n<\/strong>This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker convinces a user to visit a specially crafted website or a website that hosts specially crafted content. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
\nCritical – Remote Code Execution – May require restart
\nMicrosoft Windows<\/p>\n
\n<\/strong>
\n<\/strong>This security update resolves three publicly disclosed vulnerabilities and one privately reported vulnerability in Microsoft Exchange Server. The most severe of these vulnerabilities exist in the WebReady Document Viewing and Data Loss Prevention features of Microsoft Exchange Server. These vulnerabilities could allow remote code execution in the security context of the LocalService account if an attacker sends an email message containing a specially crafted file to a user on an affected Exchange server. The LocalService account has minimum privileges on the local system and presents anonymous credentials on the network.
\nCritical – Remote Code Execution – Does not require restart – Microsoft Exchange<\/p>\n
\n<\/strong>
\n<\/strong>This security update resolves multiple privately reported vulnerabilities in Microsoft Office server software. These vulnerabilities could allow remote code execution if an authenticated attacker sends specially crafted page content to a SharePoint server. An attacker who successfully exploited these vulnerabilities could run arbitrary code in the security context of the W3WP service account on the target SharePoint site.
\nImportant – Remote Code Execution – May require restart
\nMicrosoft SharePoint<\/p>\n
\n<\/strong>
\n<\/strong>This security update resolves five privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
\nImportant – Elevation of Privilege – Requires restart
\nMicrosoft Windows<\/p>\n
\n<\/strong>
\n<\/strong>This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker spoofs an LRPC server and sends a specially crafted LPC port message to any LRPC client. An attacker who successfully exploited the vulnerability could then install programs; view, change, or delete data; or create new accounts with full administrator rights. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
\nImportant – Elevation of Privilege – Requires restart
\nMicrosoft Windows<\/p>\n
\n<\/strong>
\n<\/strong>This security update resolves a privately reported vulnerability in ASP.NET SignalR. The vulnerability could allow elevation of privilege if an attacker reflects specially crafted JavaScript back to the browser of a targeted user.
\nImportant – Elevation of Privilege – Does not require restart
\nMicrosoft Developer Tools<\/p>\n
\n<\/strong>
\n<\/strong>This security update resolves one privately reported vulnerability <\/strong>in Microsoft Office that could allow information disclosure if a user attempts to open an Office file hosted on a malicious website. An attacker who successfully exploited this vulnerability could ascertain access tokens used to authenticate the current user on a targeted SharePoint or other Microsoft Office server site.
\nImportant – Information Disclosure – May require restart
\nMicrosoft Office<\/p>\n
\n<\/strong>
\n<\/strong>This security update resolves one publicly disclosed vulnerability <\/strong>in a Microsoft Office shared component that is currently being exploited. The vulnerability could allow security feature bypass if a user views a specially crafted webpage in a web browser capable of instantiating COM components, such as Internet Explorer. In a web-browsing attack scenario, an attacker who successfully exploited this vulnerability could bypass the Address Space Layout Randomization (ASLR) security feature, which helps protect users from a broad class of vulnerabilities. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability that could take advantage of the ASLR bypass to run arbitrary code.
\nImportant – Security Feature Bypass – May require restart
\nMicrosoft Office<\/p>\nBei Adobe wird auch gepatcht<\/span><\/h3>\n