October Patch Tuesday Addresses IE Zero-Day Exploit
Internet Explorer (IE), Office, Silverlight, .NET Framework are just some of the software addressed in this month’s Microsoft Patch Tuesday. Among these software, however, users must prioritize the IE vulnerability (CVE-2013-3893) as this was said to be exploited in certain targeted attacks.
Among the eight bulletins released October 2013 Patch Tuesday, four were rated Critical while the rest were Important. One of these four Critical bulletins include a fix for the zero-day incident affecting IE version 6 to 11, an exploit of which is found being actively used in attacks aimed at organizations located in the Asia Pacific region and three other targeted attack campaigns. This threat surfaced just a week after last month’s Patch Tuesday and as an immediate solution, Microsoft released a “Fix It” workaround tool. But this security bulletin offers a more permanent solution to the said vulnerability and the nine other privately disclosed IE bugs.
Fortunately, Trend Micro Deep Security and Intrusion Defense Firewall (IDF) has been protecting customers from this threat via the following DPI rule:
- 1005689 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3893)
The other bulletins tagged as Critical address vulnerabilities in Microsoft Windows and .NET Framework. If not addressed promptly, the four Critical vulnerabilities may allow malicious actors to execute malware that may steal information or enable attackers to control the vulnerable system.
Though not as immediate in terms of priority, the remaining four Important bulletins offers solution to crucial vulnerabilities in Microsoft Office and Silverlight. If not addressed, malicious threat actors may use this to gain access to valuable information or to a certain extent, allow them to execute malicious files (given certain conditions).
Users are advised to apply these security updates the soonest possible. You may also visit our Trend Micro Threat Encyclopedia page to know more about how Deep Security solution.