November brings zero-day fixes for most Windows machines plus the latest rendition of Internet Explorer for Windows 7.
Those who have dipped into the Windows 8.1 waters will also see a flood of nonsecurity updates.
The monthly Internet Explorer and Flash updates
This month’s cumulative IE update fixes 10 newly reported vulnerabilities. KB 2888505 is rated critical for Versions 6–11. The only version to get a pass is the new Internet Explorer 11 for Windows 7. This update also includes 17 nonsecurity fixes, as detailed in MS Support article 2888505.
I’ve said this many times before, but it needs repeating: you must keep IE updated, even if you typically use another browser. IE is more than a browser: it’s a key component of the Windows operating system.
Keeping Adobe Flash updated is almost as critical as keeping IE current. November’s release is Flash 11.9.900.152, as noted in Security bulletin APSB13-26.
What to do: Install KB 2888505 (MS13-088) immediately. Then head over to Adobe’s download site and pick up the latest Flash. (Before clicking “Install now,” uncheck those potentially unwanted free software offers.)
Zero-day attacks use TIFF vulnerability
A vulnerability in the Office TIFF codec is already being used by hackers. According to an MS Security Response Center post, most of the attacks have targeted PCs in the Middle East and South Asia. But a FireEye blog reports attacks in Pakistan and India, too.