Microsoft will release eight bulletins for Patch Tuesday inNovember. Four of them will result in Remote Code Execution and three of thoseare rated as critical. In addition, there is one elevation of privilege, twoinformation disclosures and a denial of service all rated as Important. All the bulletins impact Microsoft Windowsitself or a component of Microsoft Office and one also impactingInternet Explorer.
In addition to the eight bulletins, Microsoft has warned of azero-day attack being actively exploited in the wild and directed against users ofMicrosoft Office. Microsoft has alreadyreleased a 'Fix-It' tool to help remediate this vulnerability but we willprobably have to wait until next month for a full patch. The issues centersaround how some components of Microsoft Office render TIFF files and can resultin remote code execution.
