Microsoft released eight new security bulletins, with four rated critical and four important and two Zero Days in Internet Explorer.
The security update for Internet Explorer, MS13-080, addresses 10 separate vulnerabilities that affect all supported versions of the Web browser. Users should be aware because this update stems from two of the vulnerabilities that are Zero Day bugs already undergoing exploitation.
Security researchers have been watching the IE exploit since it first became public in mid-September.
The catch is now there is a patch released, attackers can reverse engineer and then they have an attack all lined up and ready to go because while Microsoft puts the patch out there, it does not mean everyone applies it. That makes those folks more susceptible to an attack.
There are two other security bulletins that follow the Internet Explorer security update.
MS13-081 addresses seven vulnerabilities in kernel-mode drivers affecting all versions of Windows except for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2. Two of the flaws are for font-parsing and could enable an attacker to remotely execute malicious code if successfully exploited.
Microsoft has released 87 security bulletins so far this year. That puts them 17 ahead of last year’s pace.
However, the number of bulletins should also come from the perspective that Microsoft has stepped up the pace for addressing identified vulnerabilities, and it is patching a growing number of supported platforms and applications.