Patch Tuesday Fixes 24 Holes

Tuesday, December 10, 2013 @ 07:12 PM gHale

Microsoft issued 11 Patch Tuesday advisories affecting 6 different product types. All supported versions of Windows, Office, SharePoint, Exchange, Lync and a mixed bag of developer tools are now on the mend.

Five of the advisories rate as critical, including one affecting Exchange and one affecting SharePoint and Lync, not to mention the critical patch for Internet Explorer. Microsoft has given a critical with priority 1 rating to the three of them, MS13-096 (GDI+), MS13-097 (IE, all versions) and MS13-099 (Scripting Runtime).

Getting Ready for XP’s End of Life
Under Attack: XP Zero Day
Patch Tuesday Fixes Zero Day
Zero Day: Microsoft Under Attack

Regarding MS13-099, this is an interesting vulnerability because it’s exploitable by VBA script and EMET counter measures do not mitigate it.

This round of patching addresses the GDI+ issue publicly disclosed in early November in Security Advisory 2896666 and then blogged about by the various researchers.

There is also a Kernel Driver patch (MS13-101), but this round of patching does not include a fix for the publicly disclosed Kernel Elevation of Privilege issue reported in Security Advisory 2914486.

Leave a Reply

You must be logged in to post a comment.