Microsoft: May 2013 Patch Tuesday Fixes 33 Vulerabilites, Rolls out UEFI Firmware Updates

Microsoft fixes 33 vulnerabilitiess in IE, Windows, Office, Server/Tools, .NET. Rolls out updates for Surface Pro and Surface RT as part of Patch Tuesday.

Microsoft is now ready to abandon the traditional "service pack" starting with the upcoming Windows 8.1, as the Tami Reller during the JP Morgan Technology & Media Conference in Boston, said that "Windows 8.1 shouldn't be considered a service pack."

"It's just a Windows 8 update," she said, suggesting that the first major Windows 8 makeover could also mark the end of the service pack.

Brandon LeBlanc also confirms the no service packs plan stating that "You'll immediately benefit from continual updates - whether it's from app updates through the Windows Store, performance updates through Windows Update or the Windows 8.1 update later this year."

Also, today, as part of the Patch Tuesday, the company has released 10 securtiy bulletins, "addressing 33 vulnerabilitiess in Internet Explorer, Windows, Office, Server and Tools, and .NET Framework."

Microsoft also notes, that going forward, "customers will be able to clearly identify key security updates within advisories." For further details, visit Knowledge Base article 2849195.

MS13-037 for Internet Explorer rated critical addresses remote code execution vulnerability on all IE versions.

MS13-038 for Internet Explorer 8 addresses the zero-day flaw that allowed cybercriminals to exploit unpatched systems through compromised websites.

MS13-039 vulnerability in HTTP.sys resolves "Denial of Service" issue in Microsoft Windows server or client. "The security update is rated Important for supported editions of Windows 8 and Windows Server 2012," MSRC stated.

The updates will be pushed through the WSUS, or you can download the security release ISO Image May 2013 here

Also, today, Surface Pro received a new firmware update, and packs three major firmware and performance improvements.

UEFI firmware update enables the PXE boot feature on both Intel-based Pro and ARM-based RT models. "This feature is only available when using the Surface Pro Ethernet Adapter due to the UEFI integration needed to implement PXE boot," reads the release notes.

In addition, the firmware update also improves "Trackpad Settings Driver for Surface Type Cover" to enable interaction with the Trackpad Settings app for Japanese customers.

Microsoft also mad improvements in Wi-Fi connectivity and stability have also been implemented.

Here's a full list of what's available for both Surfaces RT and Surface Pro:

For Surface Pro:

  • UEFI firmware update enables the PXE boot feature. (This feature is only available when using the Surface Pro Ethernet Adapter)
  • Trackpad Settings driver for Surface Type Cover to enable interaction with the Trackpad Settings app for Japanese customers
  • Continued improvement in Wi-Fi connectivity and stability

For Surface RT:

  • UEFI firmware update that enhances Surface RT speaker volume and improves system stability
  • Driver pack that improves performance and works with the updated UEFI firmware to enhance Surface RT speaker volume
  • Trackpad Settings driver for Surface Type Cover to enable interaction with the Trackpad Settings app for Japanese customers

Surface users can proactively grab the new updates using this process.

In other Microsoft products update today, Office 2013 gets "Audit and Control Management Server (ACM)," and "Discovery and Risk Assessment."

With this release, the new Office suite has 5 features designed to help you manage the use of Excel spreadsheets and Access databases that include: "Audit and Control Management Server (new); Discovery and Risk Assessment (new); Spreadsheet Inquire; Spreadsheet Compare; and Database Compare."

With these 5 new applications, Office 2013 now offer much-needed tools to help organizations begin to gain control of their EUCs:

  • "Now, you can find and assess the complexity and risk of your EUCs using Microsoft Office 2013's Discovery and Risk Assessment.
  • End users, auditors, spreadsheet developers, and analysts now have a powerful analytical tools for spreadsheets with the introduction of Spreadsheet Inquire.
  • Anyone can quickly and easily determine differences between any 2 spreadsheets by using Spreadsheet Compare, and likewise for Access databases with Database Compare.
  • And, to round out the suite of EUC control applications, your organization can monitor and track changes down to the cell level using Audit and Control Management Server," explains Office team.

Also, Team Foundation Service "Update May 13" is now available. The improvements "aren't major" but there's a few nice things such as "some updates to UI styling with a greater use of color, some navigation improvements that include the ability to see the task board for all sprints (rather than just the current), and support for multiple Git repos per Team Project," Microsoft wrote.

It also comes with a bunch of changes to authentication code. "We're working to better support people who use multiple Microsoft Accounts (Live IDs) and working towards ultimately supporting Active Directory Federation and O365 accounts," Microsoft stated.

Check the release notes here.

Microsoft also announced that System Center Update Publisher (SCUP) 2011 now supports Windows Server 2012.

  • ""Compatibility issue - WSUS 4.0 with WSUS 3.0 (with or without Service Packs):

    Publishing to a server that runs Windows Server Update Services version 4.0 (WSUS 4.0), such as Windows Server 2012 should be performed from a server that runs Windows Server 2012 or a computer that runs Windows 8 and Remote Server Administration Tools. You cannot publish to a WSUS 4.0 server from a server that runs any version of WSUS 3.0 due to an incompatibility between WSUS 4.0 and WSUS 3.0, as it results in the error "WSUS version mismatch error".

  • WSUS administrator must be a member of the local administrators group of the System Center Update Publisher 2011 Server to use and publish updates to Windows Server 2012. You can find a work-around for this here," explains Microsoft.

msnNOW for Firefox is now generally available as of may 14, and allows you to see what's trending across the web on msnNOW in a convenient sidebar view within the Firefox browser*.

If you use Firefox, you can go to​​now-for-firefox and enable it in your browser.

Or, download Firefox with MSN optimized.

Update 05/18: For those who couldn't attend the live webcast, here is the May 2013 Security Bulletin Webcast Questions & Answers video:

However, a new data from Microsoft shows the relative prevalence of viruses trending upward. According to Microsoft Director of Trustworthy Computing Tim Rains, it's rare to see viruses detected in more than 5 percent the world's computer systems.

"The prevalence worldwide for the virus threat category was 7.8 percent in the fourth quarter of 2012 (4Q12)," Rains wrote in a Thursday post over on the Microsoft Security Blog. "Locations with high levels of viruses included Pakistan (viruses found on 44 percent of systems with detections), Indonesia (40 percent), Ethiopia (40 percent), Bangladesh (38 percent), Somalia (37 percent), Egypt (36 percent) and Afghanistan (35 percent)," writes Rains.