Microsoft: October Patch Tuesday vulnerability patched in November

Summary:[Correction: ] One of the October Internet Explorer vulnerabilities wasn't patched until November

[CORRECTION: My first take on this was just plain wrong. The update I read in the security bulletin was in the October Patch Tuesday bulletin, not the November bulletin. I was partly confused because it's unusual for Microsoft to have Cumulative Updates for Internet Explorer two months in a row, as they did in October and November. My apologies to you and to Microsoft, but what happened is still interesting, so here goes:]

Two days after the October Patch Tuesday updates , Microsoft corrected one of the security bulletins for that month to indicate that they had not in fact patched one of the vulnerabilities listed in it. That vulnerability — CVE-2013-3871 — was, in fact, patched in the November updates , specifically as part of MS13-088: Cumulative Security Update for Internet Explorer.

The initial bulletin was MS13-080: Cumulative Security Update for Internet Explorer — note that both are Cumulative Updates. It originally listed 10 vulnerabilities, one of them CVE-2013-3871. The vulnerability was credited to Simon Zuckerbraun working with HP's Zero Day Initiative.

Microsoft gave essentially no description of the vulnerability, either in October or November, beyond the title: Internet Explorer Memory Corruption Vulnerability.

Symantec has a little more explanation in their description of the bug, although this text is also boilerplate for such a vulnerability:

Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Microsoft Internet Explorer 6, 7, 8, 9, and 10 are affected.

Topics: Security, Windows

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.