Microsoft previews fixes for upcoming Patch Tuesday

Share this article:

Patch Tuesday is coming on Oct. 8 and Microsoft users should prepare themselves for eight patches, four of them critical.

The first critical patch deals with Internet Explorer, according to Microsoft's advance notification released on Thursday.

Several experts are expecting it to be a permanent fix for a zero-day Internet Explorer flaw that allowed attackers to compromise at least three major Japanese media websites. The bug, CVE-2013-3893, which has also been picked up by numerous hacking groups to target users, spurred Microsoft to issue a temporary fix at the end of September for the vulnerability.

While the zero-day is a remote code execution vulnerability in IE 8 and 9, the issue could impact users running all supported versions of the web browser. Last week, Darien Kindlund, manager of threat intelligence at FireEye, told SCMagazine.com that one media site serving up the exploit had been visited at least 75,000 times before the issue was resolved.

The remaining critical patches address Windows and Microsoft .NET framework issues, while the other four patches are listed as important and deal with Office – notably 2007, 2010 and 2013 versions of content management application SharePoint – and Silverlight problems.

Considering how vulnerable SharePoint has been lately and how difficult it is to patch, Tyler Reguly, technical manager of security research and development with IT security software company Tripwire, questioned the value it still provides over similar offerings.

“Bulletin 5 needs more attention as internet-facing servers and services are usually first to be targeted,” said Tommy Chin, technical support engineer with computer and network security company CORE Security. “It is likely, however, that Bulletin 1 will affect a larger group of regular users. There aren't any privilege escalation disclosures this month, which means that the potential attacks will be geared toward unprivileged account access.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Tinba variant aimed at U.S., international banks

Tinba variant aimed at U.S., international banks

Researchers at AVAST have unlocked a Tinba variant and discovered it has been customized to target U.S. financial institutions.

Adobe makes delayed updates for Reader, Acrobat available

The Reader and Acrobat fixes were delayed a week due to issues found during testing.

Nigerian police search for ringleader in major bank heist

The suspect, Godswill Oyegwa Uyoyou, conspired with others to hack bank systems and divert 6.28 billion Naira to mule accounts.