Microsoft Advance Notification for November 2013

Microsoft will release eight bulletins for Patch Tuesday inNovember. Four of them will result in Remote Code Execution and three of thoseare rated as critical. In addition, there is one elevation of privilege, twoinformation disclosures and a denial of service all rated as Important. All the bulletins impact Microsoft Windowsitself or a component of Microsoft Office and one also impactingInternet Explorer.

In addition to the eight bulletins, Microsoft has warned of azero-day attack being actively exploited in the wild and directed against users ofMicrosoft Office. Microsoft has alreadyreleased a 'Fix-It' tool to help remediate this vulnerability but we willprobably have to wait until next month for a full patch. The issues centersaround how some components of Microsoft Office render TIFF files and can resultin remote code execution.

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.