Secure it! » Alerts

OCISO Bulletin: Cryptolocker Malware

Victor Gonzalez — Mon, 16 Jun 2014 19:34:08 +0000

We want to inform you of a growing threat from Cryptolocker. Please read the FAQ below to better inform and protect yourself.

What is Cryptolocker?

Cryptolocker is malware categorized as ransomware that targets computers running Microsoft Windows. When the device is infected, it will begin encrypting your files in the background. When it finishes, it will display a window that will inform you that your files are encrypted and that you have 72 hours to pay in order to get them decrypted.

How could I become infected with Cryptolocker?

The method of delivery is usually through email messages pretending to be from a reputable organization. The message will have a zip file attachment that will contain the malware disguised as a PDF file. This is not the only avenue for infection, so also avoid opening files from untrusted sources or files that have the EXE extension.

What should I do if my computer is infected with Cryptolocker?

For devices owned by the University or that contain University data, please contact the OCISO at 956-665-7124 to understand the impact of the incident. If there is no University data involved, the owner must make the choice to either pay the ransom or lose the data.

What can I do to protect myself?

The best protection against this threat is to use good judgment when opening email attachments and avoid opening files from untrusted sources. The other thing you can do to protect your data is to have a backup. Please beware, if you have your backup service as a mounted drive, there is a great chance that it will also be encrypted. To protect your backup from this threat, don’t mount it as a drive or use a service that allows you to restore from older backups.

Related articles

US-Cert: CryptoLocker Ransomware Infections

https://www.us-cert.gov/ncas/alerts/TA13-309A

Sans OUCH!: What is Malware

http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201402_en.pdf

Sophos Naked Security: CryptoLocker ransomware – see how it works, learn about prevention, cleanup and recovery

http://nakedsecurity.sophos.com/2013/10/18/CryptoLocker-ransomware-see-how-it-works-learn-about-prevention-cleanup-and-recovery/

Security vulnerability that might affect you (Heartbleed)

Victor Gonzalez — Tue, 22 Apr 2014 19:16:51 +0000

Recently, there was a very significant security vulnerability known as Heartbleed. Please read the information below to better inform yourself about the risks and how to protect yourself.

What is the Heartbleed vulnerability?

It is a weakness that was discovered on April 7^th, 2014, that affects some web services that use SSL to encrypt communications. In the time window between the vulnerability was discovered and remediated, a hacker might have taken advantage of this weakness to steal sensitive information from vulnerable servers.

Did this vulnerability affect UTPA servers?

Some web servers were affected by this vulnerability and we immediately responded to the threat. None of our systems hosting student or employee data were at risk.

Why should I be concerned?

There could be web services that you are using from your computer or mobile device that may be or may have been vulnerable.
There are also phishing attempts from people taking advantage of the circumstances to attempt to steal your username and password.

What can I do to protect myself?

Change your passwords on the websites that you know were vulnerable and have dealt with the vulnerability. Reference the related article below for resources that could help you identify sites that were or are still vulnerable.
Do not click on hyperlinks inside email messages telling you to click to change your username and password because of this vulnerability.
Use a different password for each website registration, use strong passwords and enable two-step verification for websites that support it.

Related Articles

Sans OUCH! Heartbleed – Why Do I Care?

http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-2014-special_en.pdf

Security Bulletins for February 2014

Victor Gonzalez — Tue, 18 Feb 2014 14:58:31 +0000

Below is a summary of the combined security bulletins for the month of February 2014. Computers that are joined to the UTPA domain will receive the applicable updates automatically on Thursday, February 20th, at 11:00pm. If your computer is not a part of the UTPA domain or is not running Microsoft Windows, please make sure that it is configured to update automatically.

How to update your PC

How to update your Mac

Important notice to computers joined to the UTPA domain: The update distribution process has recently changed. On the day that the updates are distributed, your computer will present you with a notification (see screenshot below) giving you the choice to update your computer before the deadline of 11:00pm. This will allow people to be familiar with the updates that are being installed and it will also give the opportunity for installing the updates at your convenience (this way your machine is not forcefully restarted during the evening).

: Software Update Installation Notification

Microsoft Security Updates
- MS14-005 : Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2916036)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms14-005
  Severity : Important
- MS14-006 : Vulnerability in IPv6 Could Allow Denial of Service (2904659)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms14-006
  Severity : Important
- MS14-007 : Vulnerability in Direct2D Could Allow Remote Code Execution (2912390)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms14-007
  Severity : Critical
- MS14-009 : Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2916607)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms14-009
  Severity : Important
- MS14-010 : Cumulative Security Update for Internet Explorer (2909921)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms14-010
  Severity : Critical
- MS14-011 : Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms14-011
  Severity : Critical
Microsoft Security Advisory
- KB2862973: Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
  More info: http://technet.microsoft.com/en-us/security/advisory/2862973
- KB2929825: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
  More info: https://support.microsoft.com/kb/2929825
- Update MSXML 4 to SP3
  More info: http://www.microsoft.com/en-us/download/details.aspx?id=15697
Microsoft Non-Security Updates
- KB2908816: Update for Windows 8.1
  More info: http://support.microsoft.com/kb/2908816
- KB2913751: Update for Windows 7
  More info: http://support.microsoft.com/kb/2913751
- KB2917929: Update for Windows 8.1
  More info: http://support.microsoft.com/kb/2917929
- KB2919393: Update for Windows 8
  More info: http://support.microsoft.com/kb/2919393
- KB2919394: Update for Windows 8.1
  More info: http://support.microsoft.com/kb/2919394
- KB2919907: Update for Windows 8.1
  More info: http://support.microsoft.com/kb/2919907
- KB2922474: Update for Windows 8.1
  More info: http://support.microsoft.com/kb/2922474
- KB2923300: Update for Windows 8.1
  More info: http://support.microsoft.com/kb/2923300
- KB2923528: Update for Windows 8.1
  More info: http://support.microsoft.com/kb/2923528
- KB2923768: Update for Windows 8.1
  More info: http://support.microsoft.com/kb/2923768
- February 2014 Office Update Release
  More info : http://blogs.technet.com/b/office_sustained_engineering/archive/2014/02/11/february-2014-office-updates-release.aspx
Adobe
- Update Adobe Flash Player to version 12.0.0.44
  Severity: Critical
  More info: http://helpx.adobe.com/security/products/flash-player/apsb14-04.html
- Update Adobe Shockwave Player to version 12.0.9.149
  Severity: Critical
  More info: http://helpx.adobe.com/security/products/shockwave/apsb14-06.html
- Update Adobe Air to version 4.0.0.1390
  More info: http://helpx.adobe.com/security/products/flash-player/apsb14-02.html

Security Bulletins for January 2014

Victor Gonzalez — Wed, 22 Jan 2014 17:57:39 +0000

Below is a summary of the combined security bulletins for the month of January 2014. Computers that are joined to the UTPA domain will receive the applicable updates automatically on Thursday, January 23rd, at 11:00pm. If your computer is not a part of the UTPA domain or is not running Microsoft Windows, please make sure that it is configured to update automatically.

How to update your PC

How to update your Mac

: Software Update Installation Notification

Microsoft Security Updates
- MS14-001 : Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms14-001
  Severity : Important
- MS14-002 : Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2914368)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms14-002
  Severity : Important
- MS14-003 : Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2913602)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms14-003
  Severity : Important
Microsoft Security Advisory
- KB2917500: Improperly Issued Digital Certificates Could Allow Spoofing
  More info: http://support.microsoft.com/kb/2917500
- KB2916626: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
  More info: http://support.microsoft.com/kb/2916626

Microsoft Non-Security Updates
- KB2877213 : Update for Windows 8
  More info : https://support.microsoft.com/kb/2877213
- KB2911101: Update for Windows 8
  More info: http://support.microsoft.com/kb/2911101
- KB2917499: Update for Windows 8
  More info: http://support.microsoft.com/kb/2917499
- KB2913270: Update for Windows 8.1
  More info: http://support.microsoft.com/kb/2913270
- KB2911106: Update for Windows 8.1
  More info: http://support.microsoft.com/kb/2911106
- KB2902892: Update for Windows 8.1
  More info: http://support.microsoft.com/kb/2902892
- KB2883200: Update for Windows 8.1
  More info: http://support.microsoft.com/kb/2883200
- KB2884846: Update for Windows 8.1
  More info: http://support.microsoft.com/kb/2884846
- KB2760587: Definition Update for Microsoft Office 2013
  More info: http://support.microsoft.com/kb/2760587/en-US
- KB982726: Definition Update for Microsoft Office 2010
  More info: http://support.microsoft.com/kb/982726
- January 2014 Office Update Release
  More info: http://blogs.technet.com/b/office_sustained_engineering/archive/2014/01/14/january-2014-office-update.aspx
Adobe
- Update Adobe Flash Player to version 12.0.0.38
  Severity: Critical
  More info: http://helpx.adobe.com/security/products/flash-player/apsb14-02.html
- Update Adobe Reader/Acrobat 11 to version 11.0.6
  Severity: Critical
  More info: http://helpx.adobe.com/security/products/acrobat/apsb14-01.html
- Update Adobe Reader/Acrobat 10 to version 10.1.9
  Severity: Critical
  More info: http://helpx.adobe.com/security/products/acrobat/apsb14-01.html

Security Bulletins for December 2013

Victor Gonzalez — Wed, 18 Dec 2013 15:36:41 +0000

Below is a summary of the combined security bulletins for the month of December 2013. Computers that are joined to the UTPA domain will receive the applicable updates automatically on Thursday, December 19th, at 11:00pm. If your computer is not a part of the UTPA domain or is not running Microsoft Windows, please make sure that it is configured to update automatically.

How to update your PC

How to update your Mac

: Software Update Installation Notification

Microsoft Security Updates
- MS13-096 : Vulnerability in Microsoft Graphics Component Could allow Remote Code Execution (2908005)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms13-096
  Severity : Critical
- MS13-097 : Cumulative Security Update for Internet Explorer (2898785)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms13-097
  Severity : Critical
- MS13-098 : Vulnerability in Windows Could Allow Remote Code Execution (2893294)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms13-098
  Severity : Critical
- MS13-099 : Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution (2909158)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms13-099
  Severity : Critical
- MS13-101 : Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2880430)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms13-101
  Severity : Important
- MS13-102 : Vulnerability in LRPC Client Could Allow Elevation of Privilege (2898715)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms13-102
  Severity : Important
- MS13-104 : Vulnerability in Microsoft Office Could Allow Information Disclosure (2909976)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms13-104
  Severity : Important
- MS13-106 : Vulnerability in a Microsoft Office Shared Component Could Allow Security Feature Bypass (2905238)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms13-106
  Severity : Important
Microsoft Security Advisory
- KB2871690: Security Update for Windows 8
  More info: http://technet.microsoft.com/en-us/security/advisory/2871690
- KB2907997: Security Update for Internet Explorer Flash Player for Windows 8
  More info: http://technet.microsoft.com/en-us/security/advisory/2755801
Security Mitigations
- Deploy Microsoft Undo Fix it solution for Microsoft Security Advisory 2896666
  More info: http://technet.microsoft.com/en-us/security/advisory/2896666
- KB2907566: Update for Forefront Endpoint Protection 2010 Client
  More info: http://support.microsoft.com/kb/2907566
Microsoft Non-Security Updates
- KB2877213 : Update for Windows 8
  More info : https://support.microsoft.com/kb/2877213
- KB2899189 : Update for Microsoft Camera Codec Pack for Windows 8.1
  More info : http://support.microsoft.com/kb/2899189
- KB2899190 : Update for Microsoft Camera Codec Pack for Windows 8
  More info : http://support.microsoft.com/kb/2899190
- KB2903938 : Update for Windows 8
  More info : http://support.microsoft.com/kb/2903938
- KB2903939 : Update for Windows 8.1
  More info : http://support.microsoft.com/kb/2903939
- KB2909569 : Update for Windows 8.1
  More info : http://support.microsoft.com/kb/2909569
- KB2913320 : Update for Windows 8.1
  More info : http://support.microsoft.com/kb/2913320
- December 2013 Office Update Release
  More info : http://blogs.technet.com/b/office_sustained_engineering/archive/2013/12/09/december-2013-office-update-release.aspx
Adobe
- Update Adobe Flash Player to version 11.9.900.170
  Severity: Critical
  More info: http://helpx.adobe.com/security/products/flash-player/apsb13-28.html
- Update Adobe Shockwave Player to version 12.0.7.148
  Severity: Critical
  More info: http://helpx.adobe.com/security/products/flash-player/apsb13-29.html

Security Bulletins for November 2013

Victor Gonzalez — Tue, 19 Nov 2013 22:33:46 +0000

Below is a summary of the combined security bulletins for the month of November 2013. Computers that are joined to the UTPA domain will receive the applicable updates automatically on Thursday, November 21st, at 11:00pm. If your computer is not a part of the UTPA domain or is not running Microsoft Windows, please make sure that it is configured to update automatically.

How to update your PC

How to update your Mac

: Software Update Installation Notification

Microsoft Security Updates
- MS13-088 : Cumulative Security Update for Internet Explorer (2888505)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms13-088
  Severity : Critical
- MS13-089 : Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution (2876331)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms13-089
  Severity : Critical
- MS13-090 : Cumulative Security Update of ActiveX Kill Bits (2900986)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms13-090
  Severity : Critical
- MS13-091 : Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2885093)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms13-091
  Severity : Important
- MS13-092 : Vulnerability in Hyper-V Could Allow Elevation of Privilege (2893986)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms13-092
  Severity : Important
- MS13-093 : Vulnerability in Windows Ancillary Function Driver Could Allow Information Disclosure (2875783)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms13-093
  Severity : Important
- MS13-094 : Vulnerability in Microsoft Outlook Could Allow Information Disclosure (2894514)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms13-094
  Severity : Important
- MS13-095 : Vulnerability in Digital Signatures Could Allow Denial of Service (2868626)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms13-095
  Severity : Important
Microsoft Security Advisory
- KB2862152: Vulnerability in DirectAccess Could Allow Security Feature Bypass
  More info: http://technet.microsoft.com/en-us/security/advisory/2862152
- KB2868725: Security Update for Windows
  More info: http://technet.microsoft.com/en-us/security/advisory/2868725
- KB2880289 : Update for vulnerabilities in Adobe Flash Player in Internet Explorer
  More info : http://support.microsoft.com/kb/2898108
Microsoft Non-Security Updates
- KB931125 : Update for Root Certificates for Windows
  More info: http://support.microsoft.com/kb/931125
- KB2882780: Update for Windows 8
  More info: http://support.microsoft.com/kb/2882780
- KB2889784: Update for Windows 8
  More info: http://support.microsoft.com/kb/2889784
- KB2887595: Update for Windows 8.1
  More info: http://support.microsoft.com/kb/2887595
- KB2890141: Update for Windows 8.1
  More info: http://support.microsoft.com/kb/2890141
- KB2890142: Update for Windows 8.1
  More info: http://support.microsoft.com/kb/2890142
- KB2897942: Update for Windows 8.1
  More info: http://support.microsoft.com/kb/2897942
- KB2902816: Update for Windows 8.1
  More info: http://support.microsoft.com/kb/2902816
- KB2864366 : Update for Forefront Endpoint Protection 2010 Client
  More info : http://support.microsoft.com/kb/2864366
- KB2890573: Update for Microsoft Visual Studio 2010 Service Pack 1
  More info: http://support.microsoft.com/kb/2890573
Adobe
- Update Adobe Flash Player to version 11.9.900.152
  Severity: Critical
  More info: http://www.adobe.com/support/security/bulletins/apsb13-26.html

Security Bulletins for October 2013

Victor Gonzalez — Tue, 15 Oct 2013 19:58:45 +0000

Below is a summary of the combined security bulletins for the month of October 2013. Computers that are joined to the UTPA domain will receive the applicable updates automatically on Thursday, October 17th, at 11:00pm. If your computer is not a part of the UTPA domain or is not running Microsoft Windows, please make sure that it is configured to update automatically.

How to update your PC

How to update your Mac

: Software Update Installation Notification

Microsoft Security Updates
- MS13-080 : Cumulative Security Update for Internet Explorer (2879017)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms13-080
  Severity : Critical
- MS13-081 : Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms13-081
  Severity : Critical
- MS13-082 : Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2878890)
  More info: http://technet.microsoft.com/en-us/security/bulletin/ms13-082
  Severity : Critical
- MS13-083 : Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2864058)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms13-083
  Severity : Critical
- MS13-084 : Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2885089)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms13-084
  Severity : Important
- MS13-085 : Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms13-085
  Severity : Important
- MS13-086 : Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2885084)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms13-086
  Severity : Important
- MS13-087 : Vulnerability in Silverlight Could Allow Information Disclosure (2890788)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms13-087
  Severity : Important
Microsoft Non-Security Updates
- KB2802618 : Update for Windows 8
  More info : https://support.microsoft.com/kb/2802618
- KB2869628 : Update for Windows 8
  More info : http://support.microsoft.com/kb/2869628
- KB2883201 : Update for Windows 8
  More info : http://support.microsoft.com/kb/2883201
- KB2886439 : Update for Windows 8
  More info : http://support.microsoft.com/kb/2886439

Adobe
- Update Adobe Flash Player to version 11.9.900.117
  Severity: Critical
  More info: http://www.adobe.com/support/security/bulletins/apsb13-21.html
- Update Adobe Reader 11 to version 11.0.5
  Severity: Critical
  More info: http://www.adobe.com/support/security/bulletins/apsb13-25.html

Security Bulletins for September 2013

Victor Gonzalez — Wed, 18 Sep 2013 21:02:07 +0000

Below is a summary of the combined security bulletins for the month of September 2013. Computers that are joined to the UTPA domain will receive the applicable updates automatically on Thursday, September 19, at 11:00pm. If your computer is not a part of the UTPA domain or is not running Microsoft Windows, please make sure that it is configured to update automatically.

How to update your PC

How to update your Mac

: Software Update Installation Notification

Microsoft Security Updates
- Microsoft Non-Security Updates
  - KB2868116 : Update for Windows
    More info : http://support.microsoft.com/kb/2868116
  - KB2871389 : Update for Windows 8
    More info : http://support.microsoft.com/kb/2871389
  - KB2871777 : Update for Windows 8
    More info : http://support.microsoft.com/kb/2871777
  - KB2876415 : Update for Windows 8
    More info : http://support.microsoft.com/kb/2876415
  - September 2013 Office Update Release
    More info : http://blogs.technet.com/b/office_sustained_engineering/archive/2013/09/11/september-2013-office-update-release.aspx
- Microsoft Security Advisories
  - KB2880289 : Update for vulnerabilities in Adobe Flash Player in Internet Explorer 10
    More info : http://support.microsoft.com/kb/2880289
- Adobe
  - Update Adobe Flash Player to version 11.8.800.168
    Severity: Critical
    More info: http://www.adobe.com/support/security/bulletins/apsb13-21.html
  - Update Adobe Reader 10 to version 10.1.8
    Severity: Critical
    More info: http://www.adobe.com/support/security/bulletins/apsb13-22.html
  - Update Adobe Reader 11 to version 11.0.4
    Severity: Critical
    More info: http://www.adobe.com/support/security/bulletins/apsb13-22.html
  - Update Adobe Shockwave Player to version 12.0.4.144
    Severity: Critical
    More info: http://www.adobe.com/support/security/bulletins/apsb13-23.html

Security Bulletins for August 2013

Victor Gonzalez — Tue, 20 Aug 2013 21:12:54 +0000

Below is a summary of the combined security bulletins for the month of August 2013. Computers that are joined to the UTPA domain will receive the applicable updates automatically on Thursday, August 22nd, at 11:00pm. If your computer is not a part of the UTPA domain or is not running Microsoft Windows, please make sure that it is configured to update automatically.

How to update your PC

How to update your Mac

: Software Update Installation Notification

Microsoft Security Updates
- Microsoft Non-Security Updates
  - KB2862768 : Update for Windows 8
    More info : http://support.microsoft.com/kb/2862768
  - KB2862966 : An update is available that improves management of weak certificate cryptographic algorithms in Windows
    More info : http://support.microsoft.com/kb/2862966
  - KB982671 : Microsoft .NET Framework 4 for Windows
    More info: http://support.microsoft.com/kb/982671
  - KB2831312 : Update for Forefront Endpoint Protection 2010 Client
    More info : http://support.microsoft.com/kb/2831312
  - August 2013 Office Update Release
    More info : http://blogs.technet.com/b/office_sustained_engineering/archive/2013/08/13/august-public-update.aspx

Security Bulletins for July 2013

Victor Gonzalez — Tue, 16 Jul 2013 20:09:29 +0000

Below is a summary of the combined security bulletins for the month of July 2013. Computers that are joined to the UTPA domain will receive the applicable updates automatically on Thursday, July 18th, at 11:00pm. If your computer is not a part of the UTPA domain or is not running Microsoft Windows, please make sure that it is configured to update automatically.

How to update your PC

How to update your Mac

: Software Update Installation Notification

Microsoft Security Updates
- MS13-052 : Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution (2861561)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms13-052
  Severity : Critical
- MS13-053 : Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms13-053
  Severity : Critical
- MS13-054 : Vulnerability in GDI+ Could Allow Remote Code Execution (2848295)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms13-054
  Severity : Critical
- MS13-055 : Cumulative Security Update for Internet Explorer (2846071)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms13-055
  Severity : Critical
- MS13-056 : Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2845187)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms13-056
  Severity : Critical
- MS13-057 : Vulnerability in Windows Media Format Runtime Could Allow Remote Code Execution (2847883)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms13-057
  Severity : Critical
- MS13-058 : Vulnerability in Windows Defender Could Allow Elevation of Privilege (2847927)
  More info: https://technet.microsoft.com/en-us/security/bulletin/ms13-058
  Severity : Important

Microsoft Non-Security Updates
- KB2857645 : Update for Internet Explorer Flash Player for Windows 8
  More info : http://support.microsoft.com/kb/2857645
- KB2855336 : Update for Windows 8
  More info : http://support.microsoft.com/kb/2855336
- July 2013 Office Update Release
  More info : http://blogs.technet.com/b/office_sustained_engineering/archive/2013/07/09/july-2013-office-update-release.aspx
Microsoft Security Mitigations
- Update EMET to version 4.0
  More info: http://blogs.technet.com/b/srd/archive/2013/06/17/emet-4-0-now-available-for-download.aspx
Adobe
- Update Adobe Flash Player to version 11.8.800.94
  Severity: Critical
  More info: http://www.adobe.com/support/security/bulletins/apsb13-17.html
- Update Adobe Shockwave Player to version 12.0.3.133
  Severity: Critical
  More info: http://www.adobe.com/support/security/bulletins/apsb13-18.html
Apple
- Security Update 2013-003
  Severity: High
  More info: http://support.apple.com/kb/HT5806