It’s Patch Tuesday again, and Microsoft has served up eight bulletins this month, three of them rated Critical. One of the three critical bulletins – MS13-090 – deserves special mention, as it fixes a zero-day vulnerability (CVE-2013-3918) found just last week in an Internet Explorer ActiveX control. Separately, IE itself fixed ten vulnerabilities as part of MS13-088.
It’s worth noting that another recent TIFF-related zero-day that we discussed has not been patched as part of this month’s update, so the recommendations and work-arounds that were suggested at that time remain in effect.
We strongly urge all users to apply these updates as soon as possible. Trend Micro users may also use the following Deep Security rules to protect themselves from threats exploiting these patched vulnerabilities.
- 1005705 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3871)
- 1005784 Internet Explorer Information Disclosure Vulnerability (CVE-2013-3908)
- 1005778 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3910)
- 1005781 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3911)
- 1005782 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3912)
- 1005774 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3914)
- 1005775 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3915)
- 1005777 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3916)
- 1005773 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3917)
- 1005783 Microsoft Windows Graphics Device Interface Integer Overflow Vulnerability (CVE-2013-3940)
- 1005779 Microsoft Internet Explorer ActiveX Control Code Execution Vulnerability (CVE-2013-3918)
- 1005785 Restrict Information Card Signin Helper ActiveX Control
Leave a reply
