Still Unpatched IE Security Hole Raises Concern
October 08, 2013, 4:18 PM — As anticipated, the latest round of Microsoft’s Patch Tuesday monthly release of security fixes addresses a widely known Internet Explorer (IE) vulnerability already being exploited by malicious hackers.
Overall, for October’s bundle of software patches, Microsoft issued eight bulletins covering 26 vulnerabilities. Microsoft rated four of the bulletins as critical and the other four as important.–By Joab Jackson, IDG News Service
Microsoft Security Bulletin Summary for October 2013
An unpatched vulnerability in Microsoft’s Internet Explorer is raising great concern for users of all versions of the popular browser.
The exploit – called CVE-2013-3893 was announced by Microsoft on Sept 17th.
(Microsoft) released a temporary “Fix It” tool that customers can download and install to address the flaw, but no permanent patch has been released through Windows Update.
The vulnerability affects all versions of Internet Explorer and can be exploited to execute arbitrary code on computers when IE users visit a specially crafted Web page hosted on a malicious or compromised website.
Microsoft’s next batch of security updates is scheduled for Oct. 8, but it’s not clear if the company will issue a permanent patch for this particular vulnerability at that time.
Internet Explorer exploit release could trigger a surge in attacks
While Microsoft has yet to issue a permanent patch for a known exploit, the code could become widely available to cybercriminals after being integrated into an open-source testing tool.
CVE-2013-3893: Fix it workaround available