Tuesday 8 October 2013

Microsoft Patch Tuesday - 8 Security Updates, 4 critical vulnerabilities, including Internet Explorer zero-day

October is turning out to be a busy month for patches. This month also marks the 10-year anniversary of the Patch Tuesday program, which Microsoft started in October of 2003.

Scheduled for tomorrow, Microsoft has announced that they will release eight security updates including four critical, addressing vulnerabilities in Microsoft Windows, Internet Explorer (IE), Microsoft Office and its other products.

Bulletin 1 is almost certainly to a zero-day vulnerability CVE-2013-3893 that has been actively exploited by hackers in targeted attacks. Though Microsoft issued a temporary "Fix it" in September for the vulnerability,

Bulletins 2, 3 and 4 address vulnerabilities in a wide range of Microsoft products, including Windows XP, 7 and 8, and Windows Server 2003, 2008 and 2012.




Bulletins 5, 6 and 7 address vulnerabilities that could allow for remote code execution. Bulletin 8 addresses an information disclosure vulnerability in SIlverlight and is the least urgent of the eight patches.

Microsoft's pre-release notice provides more details of the affected software packages.

Adobe will also be releasing updates on Tuesday for Reader XI and Acrobat XI for Windows. Both are rated 2, which means it's a critical vulnerability, but not known to be in use.

No comments:

Post a Comment