Security Advisor

IE Fixes Are Top Priority for November's Patch Tuesday

Microsoft's monthly Security Update arrived today with three "critical" bulletin items and five "important" fixes -- all addressing 19 flaws in a number of Microsoft products and services.

According to security experts, IT's first priority should be to apply bulletin MS13-090, a cumulative ActiveX Kill Bits fix that takes care of one privately reported issue. According to Microsoft, a remote code execution (RCE) attack could be instigated if a malicious Web site that employs ActiveX controls is viewed in Internet Explorer.

"We are aware of limited attacks that exploit this issue," said Microsoft's Dustin Childs. "The code execution occurs at the level of the logged on user, so non-admin users would face less of an impact. The remote code execution vulnerability with higher severity rating be fixed in today's release and we advise customers to prioritize the deployment of MS13-090 for their monthly release."

The attacks being seen in the wild have targeted specific Web sites concerning national and international security policies, according to security firm FireEye, which alerted Microsoft of the attacks last week. According to the firm, the technique used and the individuals responsible are the same that were connected to attacks against Japanese corporations in September.

"Furthermore, the attackers loaded the payload used in this attack directly into memory without first writing to disk -- a technique not typically used by advanced persistent threat (APT) actors," said FireEye. "This technique will further complicate network defenders' ability to triage compromised systems, using traditional forensics methods."

After this bulletin has been applied, the next priority should be bulletin MS13-088, a cumulative Internet Explorer fix that hits every supported version of Microsoft's Web browser. The most severe, according to Microsoft, could lead to a remote code execution (RCE) attack if a malicious link was opened with any version of Internet Explorer.

While cumulative IE updates have typically gotten top-bill on the priority list in previous months, due to there being no active attacks exploiting any of the 10 bugs this bulletin addresses, this should be prioritized second after the bulletin that addresses the active exploit.

The final critical item of the month (bulletin MS13-089) affects every supported version of Windows and patches a privately reported RCE flaw in WordPad. While there's been no active exploits seen in the wild, it wouldn't be too hard for attackers to take advantage of the flaw, according to Paul Henry, security and forensics analyst at security firm Lumension.

"We have seen this type of issue before," said Henry in an e-mailed statement. "In previous related Windows Graphics Device Interface (GDI) issues, the vulnerability was caused by improper parsing of TrueType fonts (TTF) in shared content. The vulnerability could be exploited if an attacker crafts a malicious file or website and convinces a user to download the file or open an attachment. The attacker would receive the same level of privilege as the running application that was using the GDI interface."

Important Items
Microsoft's November "important" bulletins include:

  • MS13-091: Addresses three flaws that could lead to an attack if a malicious WordPerfect file is opened with all supported versions of Office.
  • MS13-092: Affecting only Windows 8 and Windows Server 2012, this Hyper-V flaw fix blocks an attacker from gaining an elevation of privilege in virtual machines.
  • MS13-093: This information disclosure flaw fix affects all 64-bit versions of Windows that could only be attacked with valid login credentials.  
  • MS13-094: Fixes a publicly disclosed Outlook flaw that could lead to information disclosure if a harmful e-mail was opened by a user.
  • MS13-095: The final bulletin of the month fixes how Windows views digital signatures and affects all versions of the OS.

Many of these bulletins may require a system restart to be fully applied. More information on November's security update can be found on the Microsoft Security Bulletin Summary page.



About the Author

Chris Paoli is the site producer for and


  • How To Configure Windows 10 for Intel Optane Memory

    Intel's Optane memory technology can significantly improve the performance of your Windows 10 system -- provided you enable it correctly. A single mistake can render the system unbootable. Here's how to do it the right way.

  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

  • Blue Squares Graphic

    Microsoft Previews Azure IoT Edge for Linux on Windows

    Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

  • How To Automate Tasks in Azure SQL Database

    Knowing how to automate tasks in the cloud will make you a more productive DBA. Here are the key concepts to understand about cloud scripting and a rundown of the best tools for automating code in Azure.

comments powered by Disqus