Microsoft released eight new security bulletins for the November Patch Tuesday, bringing the total for 2013 to 95 security bulletins so far. With only three Critical, and five Important security bulletins, it’s a generally light month for IT admins.
The two highest priorities are MS13-088 – the Cumulative Update for Internet Explorer, and MS13-090 – a Cumulative Security Update for ActiveX Kill Bits, which addresses a zero-day vulnerability that is already being actively exploited in the wild. Aside from those two, the security bulletins this month are relatively tame, and IT admins should be able to enjoy the Thanksgiving break with some peace of mind.
This blog post is also available in the PDF format in a TechRepublic Download. Falling behind on your patch deployments, catch up with previously published Microsoft Patch Tuesday blog posts.
This month’s eight security bulletins address a total of 19 separate vulnerabilities spanning Internet Explorer, Microsoft Office, Hyper-V virtualization, the Graphics Device Interface (GDI), and more.
MS13-088 / KB2888505 – Cumulative Security Update for Internet Explorer
More than half of the vulnerabilities this month are addressed with this one update. MS13-088 resolves ten separate vulnerabilities affecting all versions of Internet Explorer from IE6 to IE11. Two of the flaws could allow information disclosure, and the remaining eight are memory corruption issues that could be exploited to enable an attacker to execute malicious code remotely on the vulnerable system. There are no known exploits in the wild currently for these vulnerabilities, but an attacker could execute an exploit by crafting a malicious Web page and luring users to visit it…
Read the full breakdown of the November Patch Tuesday security bulletins on TechRepublic: It’s Microsoft Patch Tuesday: November 2013.
- Julie Smith Shares Identity Security Guidance for 2023 - January 19, 2023
- Mark Thomas Talks about Threat Hunting - January 5, 2023
- Malcom Harkins Talks about Ethical and Legal Obligations of the CISO - October 20, 2022