Internet Explorer (IE), Office, Silverlight, .NET Framework are just some of the software addressed in this month’s Microsoft Patch Tuesday. Among these software, however, users must prioritize the IE vulnerability (CVE-2013-3893) ...
Internet Explorer (IE), Office, Silverlight, .NET Framework are just some of the software addressed in this month’s Microsoft Patch Tuesday. Among these software, however, users must prioritize the IE vulnerability (CVE-2013-3893) as this was said to be exploited in certain targeted attacks.
Among the eight bulletins released October 2013 Patch Tuesday, four were rated Critical while the rest were Important. One of these four Critical bulletins includes a fix for the recent Internet Explorer zero-day, which was used in attacks aimed at organizations in the Asia Pacific region and three other targeted attack campaigns.
This threat surfaced just a week after last month’s Patch Tuesday and as an immediate solution, Microsoft released a “Fix It” workaround tool. This security bulletin offers a permanent solution to the said vulnerability as well as nine other privately disclosed bugs.
Trend Micro Deep Security and Intrusion Defense Firewall (IDF) has already been protecting customers from this threat via the following DPI rule:
1005689 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3893)
The other bulletins tagged as Critical address vulnerabilities in Microsoft Windows and the .NET Framework. These Critical vulnerabilities may allow malicious actors to execute malware that may steal information or enable attackers to control the vulnerable system.
Though not as immediate in terms of priority, the remaining four Important bulletins offers solution to crucial vulnerabilities in Microsoft Office and Silverlight. If not addressed, malicious threat actors may use this to gain access to valuable information or to a certain extent, allow them to execute malicious files (given certain conditions).
Users are advised to apply these security updates as soon as possible. You may also visit our Trend Micro Threat Encyclopedia page to know more about our Deep Security solution.
Post from: Trendlabs Security Intelligence Blog - by Trend MicroOctober Patch Tuesday Addresses IE Zero-Day Exploit