Microsoft Patch Tuesday – November 2013

So it is finally patch Tuesday today! Last two weeks have been quite busy as we all heard about targeted and not targeted attacks exploiting 0 day vulnerabilities. As usual we will share some highlights of the MS Security Bulletin.

Firstly as mentioned above we have seen a 0 day vulnerability in Microsoft Graphics component’s code  for parsing TIFF images. This can be exploited by embedding malicious TIFF images in MS Office documents. Microsoft is not releasing a patch for this today, but has released a Fixit solution for now. The November update for IBM’s IPS solutions will add a new signature to detect the exploitation of this vulnerability. You can find more details in the alert that we released here.

Secondly, last weekend Fireye announced that they have seen two IE 0 day vulnerabilities being exploited to achieve remote code execution. One of the vulnerability is a critical remote code execution vulnerability and the other one is an information disclosure vulnerability. Microsoft is patching the remote code execution vulnerability by  MS13-090 and they have done a pretty good job at explaining these two vulnerabilities here.

You can find details about today’s bulletin here.