Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Microsoft Advance Notification for October 2013

It is on a monthly schedule but for some reason Microsoft'sPatch Tuesday sneaks up on me every month. Tomorrow, Microsoft is expected topush out eight new bulletins. This is quickly becoming a big patch period withAdobe releasing one patch along with Microsoft, Cisco releasing eightpatches to IOS in September and Oracle's CPU expected within the next week or so.

As for Microsoft, the first bulletin will be a criticalupdate to Internet Explorer, most likely to cover the zero-day that was found inthe wild and for which Microsoft issued a fix-it for last month. However, since the vulnerability's inclusion in Metasploit it has become much morewidespread.

The next three bulletins are also all rated critical andimpact .NET Framework or Windows itself including XP, 8 and RT. The next three bulletins are rated Important.Two of which are file format vulnerabilities resulting in remote code executionin MS Office, specifically Excel and Word. The third bulletin is an issue with Sharepoint Server that could alsoresult in remote code execution.

The final bulletin of the eight this month is an informationdisclosure vulnerability found in Silverlight.

Look for our blog post tomorrow that will have the detailsfor all these bulletins.

Related SpiderLabs Blogs