Today is Patch Tuesday. It also happens to be the 10-year anniversary of the montly security patch update. For October, Microsoft released eight new security bulletins—four rated as Critical and four Important. There is one in particular, though, that deserves the most urgent attention.
MS13-080—the cumulative security update for Internet Explorer—addresses a total of 10 separate vulnerabilities affecting all supported versions of the Web browser. But, the urgency for applying this update stems from the fact that two of the vulnerabilities addressed are zero-day flaws that are already being actively exploited in the wild.
“Many people have been on their toes watching the IE exploit since it first became public in mid-September,” says Andrew Storms, senior director of DevOps for CloudPassage. “Despite the exploit being used in a watering hole attack and Metasploit releasing a module for the exploit, Microsoft did not find it necessary to release the fix out of band.”
“So far these bugs are only being exploited in limited attacks, but users are still strongly encouraged to patch IE as soon as possible,” says Lamar Bailey, director of security research and development for Tripwire. “Now that a patch is available we expect to see a rise in the number of attacks using these vulnerabilities.”
To read this article in full or to leave a comment, please click here