October 2013 Patch Tuesday to include four critical vulnerabilities

Brandan Blevins, Assistant Site Editor

Microsoft next week plans to issue eight bulletins, including four critical, addressing vulnerabilities in Microsoft Windows, Internet Explorer (IE), Microsoft Office and its other products.

The first four bulletins will patch critical vulnerabilities in Microsoft Windows, Internet Explorer and the Microsoft .NET Framework, according to a

Requires Free Membership to View

Microsoft Advanced Notification issued on Oct. 3.

Bulletins 1-4, deemed "critical" by the Redmond, WA.-based software vendor, could allow for remote code execution. The first, second and fourth bulletins will definitely require a restart, while the third may require one.

Particular attention is being paid to the first bulletin, which may contain a permanent fix for a high-profile IE zero-day vulnerability that was discovered within the last month. Security firm FireEye, who initially uncovered the IE vulnerability, has since learned that at least three separate attack campaigns are actively exploiting the zero-day.

Though Microsoft issued a temporary "Fix it" in September for the vulnerability, pressure to provide a permanent patch increased on Monday when the popular penetration-testing tool Metasploit released a module for the zero-day. As for whether Bulletin 1 does indeed resolve the IE zero-day, Ross Barrett, senior manager of security engineering at Boston-based Rapid7, is hopeful.

"The answer is, we won't know for sure until Tuesday, but it could and it should," Barrett said. "This is definitely where I would focus my patching efforts."

Bulletins 2, 3 and 4 address vulnerabilities on a wide range of Microsoft products, including Windows XP, 7 and 8, and Windows Server 2003, 2008 and 2012.

In addition to the critical bulletins, Microsoft has marked four more bulletins as "important." Of these bulletins, three may require a restart and one does not.

Bulletins 5, 6 and 7 address vulnerabilities that could allow for remote code execution.

The bulletins will be released on Oct. 8.

Separately, Adobe Systems Inc. is currently preparing to patch critical vulnerabilities in two of its products, Reader and Acrobat. The vulnerabilities were assigned a "priority rating" of 2, which signals that the products have historically been at elevated risk, according to Adobe's rating system. The patches should go live on Oct. 8 too.



There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: