14 DAY TRIAL // The October 2013 Patch Tuesday brought us a total of eight security bulletins supposed to fix 26 vulnerabilities in several products, including Windows, Internet Explorer, Office, and Silverlight.
Microsoft recommends users to prioritize the deployment of MS13-080, MS13-081, and MS13-083, which are aimed at patching holes in Internet Explorer and Windows.
First of all, MS13-080 is supposed to resolve 10 issues in Internet Explorer, with the most severe allowing attackers to gain the same rights as the current user browsing the web with Microsoft’s in-house app that will soon reach version 11 in Windows 8.1.
“The most severe vulnerabilities could allow remote code execution if a customer views a specially crafted webpage using Internet Explorer, as described in Microsoft Security Advisory 2887505. An attacker who successfully exploited these vulnerabilities could gain the same rights as the current user running Internet Explorer. All but one of these issues were privately disclosed,” the company noted in a security advisory.
MS13-081, on the other hand, tries to patch seven issues in Windows, with Redmond claiming that no successful exploits have been reported, as all flaws were privately reported.
“The most severe vulnerability could allow remote code execution if a user views a malicious webpage with specially crafted OpenType fonts. This release also addresses vulnerabilities that could allow elevation of privilege if an attacker gains access to a system, in some cases physical access to a USB port is required,” it explained.
Last but not least, MS13-083 is only aimed at a single issue in Windows that would allow remote code execution if an unpatched system is available via an ASP.NET web application. Again, no successful exploits have been reported, says Microsoft.
As usual, all these patches are being delivered through Windows Update, so just make sure you are connected to the Internet to download and deploy all of them.