Microsoft patches 28 vulnerabilities, including zero-day

Summary:October's patches are described in eight bulletins and address problems in Windows, Office, SharePoint Server, Silverlight, and Internet Explorer. One of the IE bugs has been exploited in the wild for some time now.

Microsoft on Tuesdau released patches for 28 vulnerabilities in numerous products. The most important ones for most users fix serious vulnerabilities in Internet Explorer, Windows and the .NET Framework.

Here is a breakdown of the bulletins and what they address.

windows-update

MS13-80 (Critical): Cumulative Security Update for Internet Explorer (2879017)  This is a cumulative update for Internet Explorer which addresses 10 vulnerabilities, one of which is a zero-day vulnerability in the wild for over a week. (Microsoft had provided a Fix-It as an interim measure.)

MS13-81 (Critical): Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008) - This update fixes 7 vulnerabilities reported by outside researchers. One could allow complete system compromise when the user views maliciously-constructed OpenType fonts, and another for TrueType fonts. The other 5 are privilege escalation bugs. All versions of Windows other than 8.1, 8.1 RT and Server 2012 R2 are affected.

MS13-82 (Critical): Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2878890) — This describes 3 vulnerabilities in most versions of the .NET Framework. The one critical vulnerability is the same OpenType parsing bug in MS13-081.

MS13-83 (Critical): Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2864058) — A vulnerability in Windows can be exploited through an ASP.NET web application running on it.

MS13-84 (Important): Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2885089)

MS13-85 (Important): Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080)

MS13-86 (Important): Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2885084)

MS13-87 (Important): Vulnerability in Silverlight Could Allow Information Disclosure (2890788)

This month marks 10 years of Patch Tuesdays.

Topics: Security, Windows

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.