MS13-096: Vulnerability in Microsoft Graphics component could allow remote code execution: December 10, 2013

<html><body><p>Resolves a vulnerability in Microsoft Windows, Microsoft Office, and Microsoft Lync that could allow remote code execution if a user views content that contains specially crafted TIFF files.</p><h2>INTRODUCTION</h2><div>Microsoft has released security bulletin MS13-096. To view the complete security bulletin, visit one of the following Microsoft websites:<br /><ul><li>Home users:<br /><div><a href=“http://www.microsoft.com/security/pc-security/updates.aspx” target=“_self”>http://www.microsoft.com/security/pc-security/updates.aspx</a></div><span>Skip the details</span>: Download the updates for your home computer or laptop from the Microsoft Update website now:<br /><div><a href=“http://update.microsoft.com/microsoftupdate/” target=“_self”>http://update.microsoft.com/microsoftupdate/</a></div></li><li>IT professionals:<br /><div><a href=“http://technet.microsoft.com/security/bulletin/ms13-096” target=“_self”>http://technet.microsoft.com/security/bulletin/MS13-096</a></div></li></ul><h3>How to obtain help and support for this security update</h3>Help installing updates:<br /><a href=“https://support.microsoft.com/ph/6527” target=“_self”>Support for Microsoft Update</a><br /><br />Security solutions for IT professionals:<br /><a href=“http://technet.microsoft.com/security/bb980617.aspx” target=“_self”>TechNet Security Troubleshooting and Support</a><br /><br />Help protect your computer that is running Windows from viruses and malware:<br /><a href=“https://support.microsoft.com/contactus/cu_sc_virsec_master” target=“_self”>Virus Solution and Security Center</a><br /><br />Local support according to your country:<br /><a href=“https://support.microsoft.com/common/international.aspx” target=“_self”>International Support</a><br /><br /></div><h2>More Information</h2><div><h3>Known issues and additional information about this security update</h3>The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. If this is the case, the known issue is listed below each article link.<br /><br /><ul><li><a href=“https://support.microsoft.com/en-us/help/2817641”>2817641 </a> MS13-096: Description of the security update for the 2007 Office system and the Office Compatibility Pack: December 10, 2013</li><li><a href=“https://support.microsoft.com/en-us/help/2817670”>2817670 </a> MS13-096: Description of the security update for Office 2010: December 10, 2013</li><li><a href=“https://support.microsoft.com/en-us/help/2850047”>2850047 </a> MS13-096: Description of the security update for Office 2003: December 10, 2013</li><li><a href=“https://support.microsoft.com/en-us/help/2850057”>2850057 </a> MS13-096: Description of the security update for Lync 2013: December 10, 2013</li><li><a href=“https://support.microsoft.com/en-us/help/2899393”>2899393 </a> MS13-096: Description of the security update for Lync 2010 Attendee (user level install): December 10, 2013</li><li><a href=“https://support.microsoft.com/en-us/help/2899395”>2899395 </a> MS13-096: Description of the security update for Lync 2010 Attendee (Administrator level installation): December 10, 2013</li><li><a href=“https://support.microsoft.com/en-us/help/2899397”>2899397 </a> MS13-096: Description of the security update for Lync 2010: December 10, 2013</li><li><a href=“https://support.microsoft.com/en-us/help/2901674”>2901674 </a> MS13-096: Description of the security update for Windows Vista and Windows Server 2008: December 10, 2013</li></ul></div><h2>Fix it for me</h2><div>The Fix it solution described in this section is not intended to be a replacement for any security update. We recommend that you always install the latest security updates. However, we offer this Fix it solution as a workaround option for some scenarios. <br /><br />For more information about this workaround, go to the following Microsoft Security Advisory webpage: <div><a href=“http://technet.microsoft.com/security/advisory/2896666” target=“_self”>http://technet.microsoft.com/security/advisory/2896666</a></div> The advisory provides more information about the issue. This includes the following: <ul><li>The scenarios in which you might apply or disable the workaround </li><li>How to manually apply the workaround </li></ul>Specifically, to see this information, look for the <strong>General Information</strong> heading, expand the <strong>Suggested actions</strong> section, and then expand the <strong>Workaround</strong> section. <br /><h4><span>Disable the TIFF codec</span></h4> <br /> <br /> <br />To enable or disable this Fix it solution, click the <strong>Fix it</strong> button or link under the <strong>Enable this Fix it</strong> heading or the <strong>Disable this Fix it</strong> heading, click <strong>Run</strong> in the<strong> File Download</strong> dialog box, and then follow the steps in the Fix it wizard.<br /><div><table><tr><th><span>Enable this Fix it</span></th><th><span>Disable this Fix it</span></th></tr><tr><td><span><div></div></span></td><td><span><div></div></span></td></tr></table></div></div><h2>FILE INFORMATION</h2><div><div><div><div><span><span></span></span><span><span>File hash information</span></span></div><div><span><div><div><table><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>ArchService.msp</td><td>5806606396D064A92F107FB799A017D8F4EDA950</td><td>BCDE00495C7D5D65AA487B8BB424C2A9D5C5DB078EFB7813797541A8262B7622</td></tr><tr><td>AttendeeAdmin.msp</td><td>E9AB7981B64754528C1CAA9992946BE6A8030F2E</td><td>749DCE043DECF7C44759A394A87FCA75BF63FDCDDA4AB1D5161D00F445CC5D85</td></tr><tr><td>AttendeeUser.msp</td><td>36626105BACF0EC8F0AFEC979BBB4F5C0FC63D82</td><td>80199310D6E7F1913008DA03CB26710D20C640B573F338927931A0CDF4EAEE85</td></tr><tr><td>ClientSdk.msp</td><td>33D4A62D84ABAD24A89E9A1AA7BB8F0003931051</td><td>BD2DE38A198B06AA94CA8D07E9768B26750980C4BB49701A45083153B1AD0DCB</td></tr><tr><td>Lync.msp</td><td>DB86605F8A690DA49FA149B927FAC33A74B1850A</td><td>A007D3658D242BCE1BC44939DAC7E895F464487CDCFB9141ABCDEFD704F72C4A</td></tr><tr><td>LyncLite.msp</td><td>3282697BAF2CE58567FC7D01D3B3FE3BB66CF0CA</td><td>7EB625DAD42717B97E457B5BA122E84BAD70F478F6A52D9C39DD2DAA049BE456</td></tr><tr><td>lyncloc2013-kb2850057-fullfile-x64-glb.com</td><td>1C2A41EF7BD7A488F5B6B59D587CA3854B505107</td><td>BFA75C008CEFB14F382DE934DF6A15226238EA2898ACFD74A056A695607A7482</td></tr><tr><td>lyncloc2013-kb2850057-fullfile-x86-glb.com</td><td>87BA717A5AF4DF194A9BAE62896803DE1F1ECB41</td><td>6EEAAC3E286489D7B2BD8BB55C47A68B60FEE7A18D029D0D0765F592182BB201</td></tr><tr><td>LyncServerUpdateInstaller.exe</td><td>ED0DE683FC125E9FBBAB0EAC0E1531FF9A3AF95D</td><td>FDA985CE6A048D4C25032F9545848CEA113C74D288725C0E5424DF7C366DE72D</td></tr><tr><td>MgcAdmin.msp</td><td>658CB4A63D1C7EEF3F137FEC373D2260211533F5</td><td>DBEEF16BFD38E4242489E35C9A92F77D92C0644797680394A4BDD37A0A482D71</td></tr><tr><td>MgcClient.msp</td><td>22D6AB1C00DDB070FC9B8C59C0313626E4CCCF2A</td><td>E9D69128B6284BB5553BAC154C3043A432A594D6F9CFE00175AE3AF2BD37414E</td></tr><tr><td>MonitoringServer.msp</td><td>2BE611703B76779E65E11274D434CC24F0002F46</td><td>A1424B61591EBF4DE8621C72BBBB6C25D2227D5D174F5C8CB3F31760028584DD</td></tr><tr><td>OCSCore.msp</td><td>70185EECFB3530BF7708B4F46580E037D3E5005D</td><td>7963F88709CAF1C943A853CA6A7C5A76B6804A7601C63DA3DD15FABE69DEF5D4</td></tr><tr><td>office2003-kb2850047-fullfile-ara.exe</td><td>304F46CBE06DAB91FB470711B9553D7612C2364D</td><td>DC5F8C316354BFF6753905C01D28523BC6EB63A3EA7A5C47FFC86F71A84A40FC</td></tr><tr><td>office2003-kb2850047-fullfile-bgr.exe</td><td>DF369F78E419A91F86707146DA41B49295C73615</td><td>CE5BE5CC5EEDDF8B4280FB70642BDA5C42CC28D952FABD46C77D54158A878FAF</td></tr><tr><td>office2003-kb2850047-fullfile-chs.exe</td><td>DE1BFCA22FB8F600741257987ABCDD556431E110</td><td>CD305F065F613DF47EBD81F668E3312AA60F3B5AA7A766744DABCD6AF9ABEABC</td></tr><tr><td>office2003-kb2850047-fullfile-cht.exe</td><td>E90D47789F693441E1B2C52314FA13D6915C2018</td><td>29BBF9B65E3E36658BD15524C173EB79929DB13F2FDBE82362DDA8E6C264A220</td></tr><tr><td>office2003-kb2850047-fullfile-csy.exe</td><td>49ED5C813F968E44D1DB7BB53D4D7A03419B7B9F</td><td>839150EED06A0FAAAC1A525E168FEA1505AD562BA8D6CAFC1D2995A8D114BCC1</td></tr><tr><td>office2003-kb2850047-fullfile-dan.exe</td><td>FD20D4D49F0A22F06AEC6C1566DF02F0EC3B713B</td><td>626E596035ABCEB0EADA576085ED63146397F1C22826266F8FD2F97D45F2CF72</td></tr><tr><td>office2003-kb2850047-fullfile-deu.exe</td><td>AABB2BF953FC9BBA6B1CB39A75CFC1705B302FF3</td><td>1A830043E423A7AA9A003AF9321014B45CD054C701224D6A10E95320A3CDE947</td></tr><tr><td>office2003-kb2850047-fullfile-ell.exe</td><td>7E580832B223FBDC70B4471DEAD59D6D9F653292</td><td>AC8F643FB65C0978EC4CB11EB5B35250C37CF3C37009DAF1875A29CD545A39C2</td></tr><tr><td>office2003-kb2850047-fullfile-enu.exe</td><td>21710EB6983F9DB4F43C78B0FC634685420F7357</td><td>2A9A72682E582709DF4930B62CE1E337B42D27B386A153CF1F247328AEF86011</td></tr><tr><td>office2003-kb2850047-fullfile-esn.exe</td><td>6BE8977C1E273864B6E1E9A772643460F7FC5E20</td><td>84E83B7E5D445B7DFB12D591BCEF0E850072C5E023055444B1D0742B906BBC63</td></tr><tr><td>office2003-kb2850047-fullfile-eti.exe</td><td>4ECF7B71E4FE76929F20A4FE1182D0A38179EF60</td><td>CF52188A77568D824CF6F3A26F47ADB416E7BB0FE7A2250F17651B5DB4A7E906</td></tr><tr><td>office2003-kb2850047-fullfile-fin.exe</td><td>76A9BF7089B5E527C1CF48424F4C0E886615355B</td><td>5E62EBB54F9E6124F5E337293376E21F09BCFBD1453DF9D210991477E02A67BB</td></tr><tr><td>office2003-kb2850047-fullfile-fra.exe</td><td>4CCB035307D5652B2F2829BB721DFB2D4097EA45</td><td>1E3E1CF93C821518B2A5912B368F37E0116C9B058B1F1CF681231FF7986DBA20</td></tr><tr><td>office2003-kb2850047-fullfile-heb.exe</td><td>C8E912EE9E10AEC2C4F8DA6191AFFCAD02846BF6</td><td>4D10872FE714EA5459136A030CD61E52DF4DB42632910CE1342243AD8EF17B69</td></tr><tr><td>office2003-kb2850047-fullfile-hin.exe</td><td>45CA9EBD6482507EDB7B318AB750ACF06C22AC60</td><td>168762525CB6D5E70F7A32CF7EAA357E752A9D809B2EA26F1D15355FAF5F737D</td></tr><tr><td>office2003-kb2850047-fullfile-hrv.exe</td><td>E86A391251E20B0C6B86EA9F137D2632FCDCD6A7</td><td>A3E3C4E36F55F08D0565D40619A5315C72908822FFE3D91F8A4458B72FC035DE</td></tr><tr><td>office2003-kb2850047-fullfile-hun.exe</td><td>82DFBCD0EF51E62C7C76040FDFA29467A2D7BF0C</td><td>123C78C2404EA4C0AABE1B2DBDC18349BDF724D4B12540780A2C58B267FCCD0B</td></tr><tr><td>office2003-kb2850047-fullfile-ita.exe</td><td>83BC2FBF537A56D6839FE65C2BC90808FEA1AD80</td><td>87E85AC338FC609EF186145E11958A2841A32CD2314AF920972F9D6238C55032</td></tr><tr><td>office2003-kb2850047-fullfile-jpn.exe</td><td>06749E6C9A856E868E566DA9CCB8BA7D5D668268</td><td>0D7078D74BDF3CBA25EDAF7D669A6B41AC29C0A000A60AF6CD402962A03DEF55</td></tr><tr><td>office2003-kb2850047-fullfile-kor.exe</td><td>EB992DDE2271EF6C34A628437A8A93CB13E7D252</td><td>6EA3D281FC0F7D9A8713872AA8166C4CB9245F7EC53DBC0AA1804F7F448BC180</td></tr><tr><td>office2003-kb2850047-fullfile-lth.exe</td><td>3A2177FF85714175A5EDD9AFCE91FB538F462DFF</td><td>45EC6B459029612B35047EC130EB948B4282852152B1AF65923E4B3EA6CD8C14</td></tr><tr><td>office2003-kb2850047-fullfile-lvi.exe</td><td>106C6234494460AB3078F67B343BEC94E0F73A19</td><td>C4F3949F086863CB8B1FCAD00011405F7A4B90E5E26C8D3638541BD5231CFAEB</td></tr><tr><td>office2003-kb2850047-fullfile-nld.exe</td><td>990CD58DE72F15C0B86379814D07A20952D5C6C3</td><td>3F626D879D1E7710DABAE5D323FC33D4F83DA35A3950E699FE4CFD81A36F4F5D</td></tr><tr><td>office2003-kb2850047-fullfile-nor.exe</td><td>A865645FF1FF6CF68FF948ECF4D5798137B36CAC</td><td>792D750978CB3A07E4B3C3EFC010775CFB85CC5CCD6ED474839B5C8B3D970D0B</td></tr><tr><td>office2003-kb2850047-fullfile-plk.exe</td><td>9793EF4ECD22D341DD9F3EC0AB17B7A7EA5D2B8E</td><td>1A28BCC3F7B2B680FEE823209892714838AF1A5D0F1A928D796013723DDA8E0E</td></tr><tr><td>office2003-kb2850047-fullfile-ptb.exe</td><td>92AFE684ABFDF167C72491212D31388169796FCC</td><td>AB7994296EB0883782BC8D2252A110E31A07FFB584DF1ED1CFF8B4E9CFD3BF30</td></tr><tr><td>office2003-kb2850047-fullfile-ptg.exe</td><td>0230800A0D3278C30FFB37A2D7A31E9BCA92F00D</td><td>DDF37F7427747869195863994EA9D5C2D2830B77A2D50CBC157143ECBD366D0A</td></tr><tr><td>office2003-kb2850047-fullfile-rom.exe</td><td>64C5DB8B06E7F0F9DE48743D7EB7622164D5B2C6</td><td>7A621D0FD277490E850AF2BDD64898F628AB7427DFCDE1BDADCE4EA78685A77F</td></tr><tr><td>office2003-kb2850047-fullfile-rus.exe</td><td>5870FEB951360C7EEB3E0C06E4ACD292298DA180</td><td>92C5617888127ECC9C11D826F38CF6A19F6D2F20913DE4E9372895108EF38C4E</td></tr><tr><td>office2003-kb2850047-fullfile-sky.exe</td><td>4A80F8C2986821E4DA72A69DB4A7D1DF381C3213</td><td>F6CCEC87C8B055E702BDA9D757283F3C80A22F873020FC04DA8CE51632EE3B09</td></tr><tr><td>office2003-kb2850047-fullfile-slv.exe</td><td>F4C09DFAB859F861806D9649F06B6A15A19B3067</td><td>F63ABCA197B40A67D490EF2A45EFBB961E6477002CA429400E73978908B0BD99</td></tr><tr><td>office2003-kb2850047-fullfile-srl.exe</td><td>EC7360B4E31B44678AA2C428C32FB023A6A0CEA1</td><td>23DFF79A5A9505E5308CEA4D24195972845076AC203823F10E6552CEA4555F85</td></tr><tr><td>office2003-kb2850047-fullfile-sve.exe</td><td>C8E2CE80E0CFA80361CC56181E8DBD130F76E825</td><td>AA102586AFF05A72DCD2D1CEE92B0F52AD10C99D4A5B4C1B04A68A3DAF2DAADB</td></tr><tr><td>office2003-kb2850047-fullfile-tha.exe</td><td>6153E26BF43E5CED710EEE7925F75BEA26B13B77</td><td>B64E0FE49DC3DEFC1F05928DE489CA071DD2B79BE5A226BC88DCE54BCD422252</td></tr><tr><td>office2003-kb2850047-fullfile-trk.exe</td><td>E26C07AA5DAF52484E8A7DDE11CE2C3A55DDBFCB</td><td>B55A132191B1B92C2643F1CD2E514C94F11D9E2775CE93700D1C7DB7F04ABD19</td></tr><tr><td>office2003-kb2850047-fullfile-ukr.exe</td><td>90C84BF6BE0F61CFBADB20369A4BC52035A31B9A</td><td>1A5FBE0A64FEA25F9976661E74D2D710D49856B011AC1BA0364690F020C927EA</td></tr><tr><td>office2003-kb2850047-fullfile-zhh.exe</td><td>2C30186C1A0EE3246F5DA496DE144DB98B0D2386</td><td>8202F06C883715DE481E8E0AB8D2A1AA8A17C06868DB6EFB8E22F6E021B60C58</td></tr><tr><td>ogl2007-kb2817641-fullfile-x86-glb.exe</td><td>639F5D99D57E9DC21243C35C566E68937883A141</td><td>D714F4D7D881DB3976FBF59824D7D643C5C368A9852C3791DE598C7913D77FC6</td></tr><tr><td>ogl2010-kb2817670-fullfile-x64-glb.exe</td><td>2314A050D80EF90CAF28195D54AB26FA4372F0FA</td><td>B5779B887AAAF190528635F9FC4933A81D2E60C0D8F1E710C6C9B104B0274F3D</td></tr><tr><td>ogl2010-kb2817670-fullfile-x86-glb.exe</td><td>CC3DBC5CC653EE9FD9A3962B052D6F5E1C17BB52</td><td>75EA800899FBCC531CE2B41047CBF736955AD44CEFA81801B42EF6ABA91714A6</td></tr><tr><td>TenantAdminUI.msp</td><td>EE9E5CEEE1998F6D0FDB44B183596EDD42088388</td><td>6BD9A76AABB9981578C605102B01A6BDB6C6C2F5AC36D9FA403A0E8C1550A566</td></tr><tr><td>UcmaRuntime.msp</td><td>1F2B385E675C8958ADBB80687C8E581988FBCE27</td><td>58894ECCD957E9A5976F3CFFE6FC9034EA20918D30A46741730DF27C6FE656EA</td></tr><tr><td>UcmaWorkflowRuntime.msp</td><td>1F24C18114CA16130E7E46173C189917596BC017</td><td>F0E7B874B4D0BAF0BB5A2663007DE694051043559B9F6BEA2C065EBBF02D93A8</td></tr><tr><td>Windows6.0-KB2901674-ia64.msu</td><td>B2B380B574125B685EDC6E5B3729C060A7400E47</td><td>E5F5FD38D9273FB203076BF0DA2588316A234E7D14FC35A750548365753ACCD7</td></tr><tr><td>Windows6.0-KB2901674-x64.msu</td><td>626F096C835BC28D7ADA1D4360149229CF248D1F</td><td>7B9772908723911A28F40249B8D6FFA2AE0816605E64AF490AC23EEA3943892B</td></tr><tr><td>Windows6.0-KB2901674-x86.msu</td><td>E513D85F41A183BEB0F16442C64BF7B0B1C7A632</td><td>DA811A32051695C9F5DAA81B9AA7EC9388D774FF55957264E3E7339B443F50A3</td></tr></table></div></div><br /></span></div></div></div></div></body></html>