Patch Tuesday Roundup for November 2013
Today is Patch Tuesday for November 2013. Microsoft released eight bulletins, three of which are considered critical. The bulletins include fixes for vulnerabilities affecting Windows, Internet Explorer, and Microsoft Office. For more information, see the Microsoft Security Bulletin Summary for November 2013.
Microsoft also addressed two recent zero-day vulnerabilities. (Zero-day vulnerabilities are those that exploit previously unknown vulnerabilities and for which there is no available patch.) One, involving an Active X control in Internet Explorer, is fixed by today’s bulletins.
The bulletins do not fix the second zero-day vulnerability, which involves maliciously crafted TIFF graphics files. However, Microsoft has released a “fix-it” (available at support.microsoft.com/kb/2896666) as a workaround to mitigate the risk of your system being affected while it prepares a full security update.
Adobe also released security updates for Adobe Flash Player. For more information, see the security bulletin for November 12, 2013. To download the latest version of the Flash Player, visit get.adobe.com/flashplayer.