Microsoft and Adobe’s October Patch Tuesday – Security Snippets

SecuritySnippets

  • Microsoft’s Monthly: It’s remote code execution holes all the way down in this months Patch Tuesday. From a bundle of Internet Explorere fixes in MS13-080 to a crunchy critical remote code execution and extra ‘important’ privilege escalation holes in Windows drivers, MS13-081 going all the way back to XP SP3 and all the way up to Windows 8. But wait, there’s more according to the cumulative advisory, MS13-Oct. Critical remote code execution holes in .NET Framework (MS13-082) and Windows Common Control Library (MS13-083) and “Important” remote code execution holes SharePoint Server (MS13-084), Excel (MS13-085 and Word (MS13-086) are also reported. There’s also an information disclosure hole in SilverLight (MS13-087). Fixes available from your friendly Microsoft Update service.
  • Adobe patches help up: Adobe’s fixes for this month have also been released. As well as the usual Reader and Acrobat fixes, developers who use Adobe’s RoboHelp will want to check out APSB13-24 as its a critical hole which could enable code execution. Adobe are priority rating 3, as it’s “not historically been a target for attackers”, but there’s always a first time.