Microsoft Critical Patches Address Windows, IE Zero-Day Flaw


Microsoft will address critical errors in Internet Explorer including a zero-day flaw in the browser that has been tied to a group that has carried out at least one serious data breach.

Microsoft said the update this week would address a critical remote code execution vulnerability in Internet Explorer. The zero-day flaw has been tied to a group responsible for carrying out the Bit9 data breach. Additional attacks were detected targeting firms in Japan, according to security firm FireEye, which warned that attacks could become more widespread. Microsoft issued a temporary IE patch Sept. 17 shielding the flaw from further zero-day attacks.

Microsoft, Redmond, Wash., said it would issue eight bulletins, including four rated critical, addressing coding errors in Windows, .Net, Office and Silverlight software. Three of the four critical bulletins in its October Patch Tuesday fix critical flaws that impact all currently supported versions of Internet Explorer.

[Related: Top 5 Zero-Day Threats Of 2013]

The software vendor is addressing a variety of errors rated important in its endpoint and server software. A software update affects the Silverlight 5.0 Web application framework for media. Microsoft also is addressing flaws in Microsoft Office, including Word 2003 and 2007 and Excel 2010 and 2013. The update also applies to users of Office for Mac 2011.

A SharePoint update addresses users of the collaboration, file sharing and Web publishing server. It affects SharePoint 2007, 2010 and 2013 and impacts SharePoint Services 3.0 for file and document sharing and SharePoint Foundation 2010, the underlying technology that supports SharePoint sites. The update appears to fix flaws in the services that support the sharing of Excel and Word documents.

Microsoft also addressed Internet Explorer and SharePoint flaws in its September 2013 Patch Tuesday. The software maker is continuing to apply fixes in the way its Office services and Web apps handle requests using SharePoint. Meanwhile, the browser patches addressed 10 flaws in the browser to prevent drive-by attacks and malicious code execution using the browser.

PUBLISHED OCT. 7, 2013