November 2012 Microsoft Super Tuesday

Posted by Zubair Ashraf on November 13, 2012 at 2:53 PM EST.

Hello, its patch time again and I'd like to share with you highlights of patch Tuesday. This month, Microsoft has released 6 bulletins with 19 CVE's. Coverage for the bulletins affects Microsoft Windows, Internet Explorer, Office and the .NET Framework. Four of the bulletins are rated by Microsoft as critical, one as important and one as moderate. We encourage customers to refer to the notification for additional information.

We would like to highlight that the patch fixes critical vulnerabilities in Internet Explorer and Excel and these have been among the favorite attack vectors for attackers. Additionally, as one of the critical patches revolves around TrueType Font (TTF) processing, I’d like to remind readers about the Duqu malware discovered about a year ago which took advantage of a 0-day vulnerability to spread. So, the patches should be applied right away.

There is also a critical bulletin for Microsoft Briefcase which is used to sync files between two computers. Two common attack scenarios would involve an attacker to convince a user to open a malicious MS Briefcase file sent via email or shared on a network share. We are pointing this out as MS Briefcase files are not usual candidates for exploits so this is again a reminder for user education around best practices and safety precautions when it comes to accessing files from email or other places on the network.

Finally, I'd like to take this opportunity to share with our readers that a Remote Code Execution vulnerablity in QuickTime found by X-Force Researcher, Mark Yason, has been patched. Click for the IBM X-Force advisory.