Internet Explorer (IE), Office, Silverlight, .NET Framework are just some of the applications patched in this month’s Microsoft Patch Tuesday. Perhaps the most important vulnerability fixed this month was a zero-day vulnerability in Internet Explorer (CVE-2013-3893) which was exploited in certain targeted attacks.
Among the eight bulletins released October 2013 Patch Tuesday, four were rated Critical while the rest were Important. One of these four Critical bulletins covers the recent Internet Explorer zero-day, which was used in attacks aimed at organizations in the Asia Pacific region and three other targeted attack campaigns.
This zero-day surfaced a week after last month’s Patch Tuesday and as an immediate solution, Microsoft released a “Fix It” workaround tool. This security bulletin offers a permanent solution to the said vulnerability as well as nine other privately disclosed bugs.
Trend Micro Deep Security and Intrusion Defense Firewall (IDF) have already been protecting customers from this threat via the following DPI rule:
- 1005689 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3893)
The other bulletins tagged as Critical address vulnerabilities in Microsoft Windows and the .NET Framework. These may allow malicious actors to execute malware that may steal information or enable attackers to control the vulnerable system.
Though not as immediate in terms of priority, the remaining four Important bulletins offer solutions to serious vulnerabilities in Microsoft Office and Silverlight. If not addressed, malicious threat actors may use this to gain access to valuable information or to a certain extent, allow them to execute malicious files (given certain conditions).
Users are advised to apply these security updates as soon as possible, as well as visiting the Trend Micro Threat Encyclopedia page to know more about our Deep Security solution.