AppFabric Blog

Late last Friday, November 8, 2013, a vulnerability, CVE-2013-3918, affecting an Internet Explorer ActiveX Control was publically disclosed. We have confirmed that this vulnerability is an issue already scheduled to be addressed in “Bulletin 3”, which will be released as MS13-090, as listed in the November Advanced Notification Service (ANS). The security update will be distributed to customers tomorrow via Windows Update at approximately 10:00 AM PDT. Customers who have Automatic Updates enabled will not need to take any action to receive the update. 

Today, we’re providing advance notification for the release of eight bulletins, three Critical and five Important, for November 2013. The Critical updates address vulnerabilities in Internet Explorer and Microsoft Windows, and the Important updates address issues in Windows and Office.

Today we released Security Advisory 2896666 regarding an issue that affects customers using Microsoft Windows Vista and Windows Server 2008, Microsoft Office 2003 through 2010, and all supported versions of Microsoft Lync. We are aware of targeted attacks, largely in the Middle East and South Asia. The current versions of Microsoft Windows and Office are not affected by this issue. The exploit requires user interaction as the attack is disguised as an email requesting potential targets to open a specially crafted Word attachment.  If the attachment is opened or previewed, it attempts to exploit the vulnerability using a malformed graphics image embedded in the document.  An attacker who successfully exploited the vulnerability could gain the same user rights as the logged on user.

While we are actively working to develop a security update to address this issue, we encourage our customers concerned with the risk associated with this vulnerability, to deploy the following Fix it from the advisory:

RAMMap v1.32: This fixes a bug in v1.30 that caused RAMMap to fail on Windows 8.

The MMPC is constantly monitoring emerging threats that are impacting our customers the most.

​In the previous Microsoft Security Intelligence Report, SIRv14, we introduced a new metric to measure the infection rate for computers protected with real-time antimalware software (protected computers) in comparison to computers that were not protected with up-to-date security software (unprotected computers).  Using this new data, we wrote a feature story about the risks of running unprotected. Our customers told us that providing this data really helped measure the value of running real-time antimalware software. It clearly showed that security software can provide a significant contribution to a computer’s protection level. 

In the newly released Volume 15 of the Microsoft Security Intelligence Report (SIRv15), one of the key findings to surface relates to new insight on the Windows XP operating system as it inches toward end of support on April 8, 2014.

Today, Microsoft released volume 15 of the Microsoft Security Intelligence Report (SIRv15). The report analyzes malware, exploits and more based on data from more than a billion systems worldwide and some of the Internet’s busiest online services.