13 Security Bulletins coming

Hooooooo-boy….

Microsoft just announced that it has 13 – count ‘em, a baker’s dozen – 13 Security Bulletins coming up on Tuesday.

They affect both Windows and Office.

Get yourself patched up right now, folks. Then make sure Automatic Updates is turned off, please. The PC you save may be your own…

Another Internet Explorer 0day

Microsoft has released Security Advisory 980088, which describes in sketchy terms another 0day vulnerability in Internet Explorer.

if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location. These versions include .. Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on supported editions of Windows XP … Protected Mode prevents exploitation of this vulnerability and is running by default for versions of Internet Explorer on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008.

The vulnerability exists due to content being forced to render incorrectly from local files in such a way that information can be exposed to malicious websites.

Microsoft is playing it close to the chest (as it should). No known attacks as yet. Makes me wonder how Microsoft found out about it.

Microsoft’s workaround? Basically, disable ActiveX. Of course, you’re using a browser that doesn’t work with ActiveX, right? Such as Firefox or Chrome. Gad. There I go with that broken record again…