Microsoft Patches IE 0-Day, TIFF Exploit Remains Open

The monthly edition of Patch Tuesday has finally hit, and has brought a whole stack of security-related goodies in tow.

The update, unceremoniously named MS13-088, fixes 10 vulnerabilities in all supported versions of Internet Explorer (IE 6, 7, 8, 9, 10 and 11). The second of the critical patches (MS13-089) tackles a flaw in the Microsoft Windows Graphics Device Interface (GDI) that create a means to inject malware onto vulnerable systems after tricking a user into opening a document loaded with malicious code. As of now we know that every supported version of Windows is affected, and like always you should never open a file from a recipient you don’t completely trust.

assqq

Wolfgang Kandek, CTO at cloud security firm Qualys, commented on this latest release.

“Overall, while it is only a medium-sized Patch Tuesday, pay special attention to the two 0-days and the Internet Explorer update. Browsers continue to be the favourite target for attackers, and Internet Explorer, with its leading market share, is one of the most visible and likely targets.”

For the uninformed, the TIFF exploit relies on a security hole that exists within graphics files which can be automatically opened and processed from attachments in your email. Primarily these attacks have taken place through .zip, .rar, and .exe executables for years, and it’s because this format is so new that we expect Microsoft to take a couple extra months to figure out a way to make it safe.

You can find a summary of the affected folders and files on Microsoft’s website.

Booby trapped Word files and .TIFF extensions will be the least of your worries if you’re properly firewalled and protected from out of the ordinary traffic through one of the dozens of available VPNs found here on our peruseable providers list.