Microsoft patches 28 vulnerabilities, including zero-day

Microsoft patches 28 vulnerabilities, including zero-day

Summary: October's patches are described in eight bulletins and address problems in Windows, Office, SharePoint Server, Silverlight, and Internet Explorer. One of the IE bugs has been exploited in the wild for some time now.

TOPICS: Security, Windows

Microsoft on Tuesdau released patches for 28 vulnerabilities in numerous products. The most important ones for most users fix serious vulnerabilities in Internet Explorer, Windows and the .NET Framework.

Here is a breakdown of the bulletins and what they address.


MS13-80 (Critical): Cumulative Security Update for Internet Explorer (2879017)  This is a cumulative update for Internet Explorer which addresses 10 vulnerabilities, one of which is a zero-day vulnerability in the wild for over a week. (Microsoft had provided a Fix-It as an interim measure.)

MS13-81 (Critical): Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008) - This update fixes 7 vulnerabilities reported by outside researchers. One could allow complete system compromise when the user views maliciously-constructed OpenType fonts, and another for TrueType fonts. The other 5 are privilege escalation bugs. All versions of Windows other than 8.1, 8.1 RT and Server 2012 R2 are affected.

MS13-82 (Critical): Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2878890) — This describes 3 vulnerabilities in most versions of the .NET Framework. The one critical vulnerability is the same OpenType parsing bug in MS13-081.

MS13-83 (Critical): Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2864058) — A vulnerability in Windows can be exploited through an ASP.NET web application running on it.

MS13-84 (Important): Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2885089)

MS13-85 (Important): Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080)

MS13-86 (Important): Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2885084)

MS13-87 (Important): Vulnerability in Silverlight Could Allow Information Disclosure (2890788)

This month marks 10 years of Patch Tuesdays.

Topics: Security, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Microsoft patches 28 vulnerabilities, including zero-day

    I have my Microsoft Windows set to automatically download and install these updates so it will be an non intrusive process. No searching for individual patches and compiling them on this machine.
    • Moron

      Last patch Tuesday, Microsoft gave to us, one patch that cobbled the Folder pane on Outlook 2013.

      Other's have delivered worse. Non intrusive my ass.

      I plan to delay a week on mine now and wait for the Loverock's in the world to find out what MS broke this time, first.
      Lost In Clouds of Data
    • you hallucinate...

      today many distributions are more simple than windows.

      of course, not in the world of paid microsoft propagandist.

      by the way, did you see that microsoft shares are slowly but surely sliding down?
      why don't you commit suicide?
    • Re: I have my Microsoft Windows set to automatically

      Kudos. Good slave! Keep it up.
    • Unfortunatel that's not the case for some users

      There are several people I know, myself included, who have to download the security updates manually because Microsoft Support Staff (after repeated incidents and many hours attempted fixes) could not resolve the ongoing malfunctioning of Auto-Update on our PC's. Hence they recommended turning Auto- Updates off and regularly checking manually.
      So yes it's great if it works for you, but unfortunately, I and they are not you!
  • Tuesdau - which day of the week is that?

    Does it come after Wednesday?
    • Tuesdau

      A simple look at your keyboard and you will realize it is in another reality; a different timeline; somewhere else entirely, but definitely not here.
      • Re: but definitely not here

        You mean, on some other parallel universe where users trust Microsoft and run Windows? :)
  • In all my years

    Its been 10 years since patch Tuesday and even when code red and nimbda were wreaking havoc back in the early 2000's none of my Windows systems were compromised. I do a few things like:

    - Turn on automatic updates
    - My antivirus is automatically updated (using Windows Defender on Windows 8)
    - Don't need or install Java or Flash
    - Install only the applications I need and use to reduce the attack surface.
    - Update to modern versions of Windows (Windows 8.1 as we speak), Windows 7 Professional 64 bit at home.

    Use some common sense, don't download torrents.
    • Since first getting on line in 1999

      None of my systems have ever been infected and

      .I let Windows download updates automatically but install them when I'm ready

      . Of course have the antivirus (not a now admitted baseline MS one) update automatically

      .Use both Flash and Java

      .download torrents when I feel like it

      . use messengers, Facebook, and Twitter

      . play online games

      . In short, enjoy everything the net has to offer and don't let the bad guys take that away

      As Buffalo Springfield sang, "Paranoia runs deep"
  • According to RT 8.1

    The only update I had to do today is to Adobe Flash.
    Michael Alan Goff
  • The barn door isn't open, it's off the hinges and blowing down the road.

    This is some pretty serious medicine. Too bad there's no pulse.

    It must be fun chasing goblins this early before Halloween. I'll Pass.
  • Windows 8 Horrible OS

    Windows 8 is the buggiest yet. Makes you sincerely doubt Windows phone (has anyone bought one?) and wonder if we're all stuck with uber expensive Apple or if a third main stream (Google) option for OS will materialize?

    At least in mobile we have reliable BlackBerry
    Not so lucky for desktop
    • State facts

      Ok, so Windows 8 is buggy is it? I haven't had a single Windows 8 crash or error. Start naming the areas you feel it is buggy then.

      Vague statements are generally made by vague people.
  • 28 patched!!!

    now 28 billion more and windows will be secure!!!

    oh, wait, it won't
  • Non-intrusive my ass!! Got 27 updates...

    ..on my wife's Win7 PC this morning.

    Got to number 19 and it did a BSOD. Quality.

    After a reboot it still had the renmaining 9 to do.

    This has been going on for over one and half hours now... Sheesh.

    While I can't fault M$ for providing the fixes/updates the process is far from "non-intrusive" or "seamless".

    I think I'll stick with Linux.
    Lord Minty
    • Frustrating, isn't it.

      Mint is able to eliminate Windows. The only reason it's not more popular at work is management relies on IT guys recommending Microsoft for their own self-preservation.

      But on the bright side, executives are getting more computer literate and things may change. Getting Mint in to the office environment is really simple and streamlined.

      Administrative assistants have no issues with the included LibreOffice. It's free and automatically supported with the system updates.
      • Mint doesn't eliminate Windows for everyone ...

        The reality is for us is that as long as the majority of the financially oriented vertical market software that we must use is Windows based - or as bad, EXCEL based, it doesn't take a crystal ball to see a Windows-based future for our company.

        And no amount of decision making, or yearning for the greener grass on the other side, will change that. At least not for the foreseeable future.

        Nor was Linux exactly "worry -free" when we experimented with it as an option for non-mainstream workstations and economical SANs. We found unexpectedly that the BIOS implementation in the systems we had standardized - Panasonic laptops - suddenly wasn't supported correctly after an update, and were literally left high and dry with respect to a workaround other than simply accepting that much of the functionality of the laptop was going to be lost. (Which highlights the worst case scenario with Linux, which is an effective lack of support when things don't work as expected.)

        Which is not to say that an all Windows installation is always a walk in the park either. They both have their place.

        But for us, Linux just isn't an option, because as long as even one of the interfaces for the apps we use is Excel based, the rest is set in stone as well.
        • Why businesses invest in new technology

          a) In order to become more competitive; or
          b) In order to reduce known costs.

          Don't be surprised, if some of your competitors decide to benefit from a) and/or b).

          It is funny (*) but the primary reason many enterprises continue to use Windows is because all their peers do so. Until this changes, it is safe that nobody else benefits from a) and b)..... but you never know who will start first.

          (*) There was a joke around the lines of "Nobody got fired for buying IBM" that dealt precisely with an situation "if I feel bad, why not convince everyone to join me" -- but I am not very confident in my abilities to translate it properly in English.
        • I write in Excel VBA

 I can see where you're coming from.


          There are far better, infinitely more robust - think: cross-platform - solutions that don't depend on vendor-lockdown and one application for everything.

          I'm currently migrating my applications to a SQLite3 / Python / LibreOffice Calc / multi-platform solution that will work on all three main OSes as well as tablets and smartphones.
          I hit the wall with Excel a long time ago... hate the inconsistent behaviour, lack of data management transportability and the crashes... ugh. Over it, thanks.