Microsoft addresses the following vulnerabilities in its October batch of patches:
This security update resolves ten reported vulnerabilities in Internet Explorer. A successful exploit may permit an attacker to execute a malware once user views a malicious webpage via Internet Explorer. Read more here.
This security update addresses a vulnerability in Microsoft Windows, which can lead to remote execution of malware once users open a specially crafted Windows Write file in WordPad. Read more here.
This security update resolves a reported vulnerability which may lead to remote malware execution if user visits a maliciously-crafted website. Read more here.
This security update resolves three reported vulnerabilities in Microsoft Office, which may allow remote execution of malware if a user opens a maliciously-crafted WordPerfect file in an affected version of Microsoft Office. Read more here.
This security update resolves a vulnerability in Microsoft Windows. It may lead to denial of service if the attacker passes a speciall-crafted function parameter in a hypercall from an existing running virtual machine to the hypervisor. Read more here.
This security update resolves a vulnerability in Microsoft Windows, which may allow information theft if an an attacker logs on to an affected system as a local user and runs a malware crafted to steal information. The attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. Read more here.
This security update resolves a vulnerability in Microsoft Outlook. It may result in information theft if a user opens or previews a malicious email using an affected version of Outlook. Read more here.
This security update resolves a vulnerability in Microsoft Windows that could result in denial of service when an affected web service processes a malicious certificate. Read more here.
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.
MS Bulletin ID | Vulnerability ID | DPI Rule Number | DPI Rule Name | Release Date | IDF Compatibility |
MS13-088 | CVE-2013-3871 | 1005705 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3871) | 12-Nov-13 | YES |
MS13-088 | CVE-2013-3908 | 1005784 | Internet Explorer Information Disclosure Vulnerability (CVE-2013-3908) | 12-Nov-13 | YES |
MS13-088 | CVE-2013-3910 | 1005778 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3910) | 12-Nov-13 | YES |
MS13-088 | CVE-2013-3911 | 1005781 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3911) | 12-Nov-13 | YES |
MS13-088 | CVE-2013-3912 | 1005782 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3912) | 12-Nov-13 | YES |
MS13-088 | CVE-2013-3914 | 1005774 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3914) | 12-Nov-13 | YES |
MS13-088 | CVE-2013-3915 | 1005775 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3915) | 12-Nov-13 | YES |
MS13-088 | CVE-2013-3916 | 1005777 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3916) | 12-Nov-13 | YES |
MS13-088 | CVE-2013-3917 | 1005773 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2013-3917) | 12-Nov-13 | YES |
MS13-089 | CVE-2013-3940 | 1005783 | Microsoft Windows Graphics Device Interface Integer Overflow Vulnerability (CVE-2013-3940) | 12-Nov-13 | YES |
MS13-090 | CVE-2013-3918 | 1005779 | Microsoft Internet Explorer ActiveX Control Code Execution Vulnerability (CVE-2013-3918) | 12-Nov-13 | YES |
MS13-090 | CVE-2013-3918 | 1005785 | Restrict Information Card Signin Helper ActiveX Control | 12-Nov-13 | YES |
MS13-091 | CVE-2013-1324 | 1005780 | Microsoft Word WordPerfect Document Stack Buffer Overwrite Vulnerability | 12-Nov-13 | YES |
MS13-091 | CVE-2013-1325 | 1005780 | Microsoft Word WordPerfect Document Stack Buffer Overwrite Vulnerability | 12-Nov-13 | YES |