It's Get Ready For Microsoft Patch Tuesday time again already, and this month's update will be the tenth anniversary of Microsoft's regular security bulletins.
As you will have read at the start of the month, October 2013 is also the tenth anniversary of Cybersecurity Awareness Month.
I suspect that's a coincidence, but it's worth a smile anyway.
So, please don't be discouraged this month, because the marquee update, Bulletin One, is almost certainly a formal fix for the Internet Explorer (IE) zero-day vulnerability that made the news half way through September.
That vulnerability, CVE-2013-3893, is being actively exploited in the wild by cybercrooks and Metasploit alike, so it's pretty much open for anyone to acquire, study, tweak and use.
Existing CVE-2013-3893 exploits don't work against all versions of IE, but they do work even when DEP (data execution prevention) and ASLR (address space layout randomisation) are in play, so you should assume that a really determined attacker could figure out an unlawful way into all versions of Windows running any version of IE, from IE 6 on XP to IE 11 on 8.1.
Read More
