Happy birthday, Patch Tuesday! Not many will know that it has been ten years since Microsoft first transitioned to a monthly update cycle for its products. But here we are a full storied decade later.
The October 2013 Patch Tuesday update has brought along a total of eight security bulletins.
These are supposed to fix 26 vulnerabilities in programs like Windows, Office, Internet Explorer and Silverlight. Microsoft actually recommends users to absolutely prioritize the development of three of these — namely MS13-080, MS13-081 and MS13-083.
And as you would have guessed, these three amigos patch flaws in Internet Explorer and Windows.
Redmond put up the details in its security advisory, confirming that MS13-080 resolves ten issues in Internet Explorer, with the most sever one allowing cybercriminals to gain the same rights as the user:
“The most severe vulnerabilities could allow remote code execution if a customer views a specially crafted webpage using Internet Explorer, as described in Microsoft Security Advisory 2887505. An attacker who successfully exploited these vulnerabilities could gain the same rights as the current user running Internet Explorer. All but one of these issues were privately disclosed.”
MS13-081 patches seven issues in Windows, and luckily all flaws were privately reported — meaning no successful exploits have been reported.
The MS13-083 update, on the other hand, takes care of a single issue in Windows that allows remote code execution on unpatched systems that are available via an ASP.NET web application. Once again, no successful exploits are reported.
You can read up on the details at the link above, and then start deploying these patches, which are being delivered through Windows Update right now.