Microsoft's November Patch Tuesday is out and addresses 19 vulnerabilities in Internet Explorer (IE) and other Windows software.
The IE zero-day exploit has been patched but a TIFF image-handling vulnerability has been left out again.
The patch named MS13-088 fixes 10 vulnerabilities found in the IE ranging from versions 6 to 11. The second critical update named MS13-089 addresses a flaw in the Microsoft Windows Graphics Device Interface.
The third critical patch is related to the IE ActiveX Control. The flaw was first disclosed by a security firm FireEye last week. The rest five bulletins address lesser important flaw in the Microsoft's software.
"Overall, while it is only a medium-sized Patch Tuesday, pay special attention to the two 0-days and the Internet Explorer update. Browsers continue to be the favorite target for attackers, and Internet Explorer, with its leading market share, is one of the most visible and likely targets," said Wolfgang Kandek, CTO at cloud security firm Qualys.
If you want to have a better understanding of what Microsoft has released, instead going through their documentation, you can head to graphical institute of SANS Institute's Internet Storm Centre.
It is critically important for Microsoft to update its patch for the vulnerability that affects Windows' rendering TIFF images too. The attack involves a malformed graphics image embedded in any Microsoft Word Document.
"We are actively looking into this issue and will take appropriate action to help protect customers," a Microsoft spokesperson said.