Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - October Patch Tuesday Preview (CVE-2013-3893 patch coming!) InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

October Patch Tuesday Preview (CVE-2013-3893 patch coming!)

Published: 2013-10-03
Last Updated: 2013-10-03 22:29:21 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

So far, we got pre-announcements from Microsoft and Adobe.

Microsoft promises 8 bulletins, split evenly between critical and important. The critical bulletins affect Windows, Internet Explorer and the .Net framework, while the important bulletins affect Office and Silverlight.

So this sounds like an average, very client heavy patch Tuesday. On the server end, only Sharepoint server (again) and Office Server are affected.

Important: The cumulative IE update included will include a patch for CVE-2013-3893, the currently un-patched but exploited vulnerability in Internet Explorer. This bulletin should be applied as soon as possible once released.

For details, see http://technet.microsoft.com/en-us/security/bulletin/ms13-oct

Adobe pre-announced only one patch for Acrobat and PDF Reader. For details see http://blogs.adobe.com/psirt/2013/10/prenotification-upcoming-security-updates-for-adobe-reader-and-acrobat-apsb13-25.html

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: adobe ie msft patch
0 comment(s)
Diary Archives