Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Late last Friday, November 8, 2013, a vulnerability, CVE-2013-3918, affecting an Internet Explorer ActiveX Control was publically disclosed. We have confirmed that this vulnerability is an issue already scheduled to be addressed in “Bulletin 3”, which will be released as MS13-090, as listed in the November Advanced Notification Service (ANS). The security update will be distributed to customers tomorrow via Windows Update at approximately 10:00 AM PDT. Customers who have Automatic Updates enabled will not need to take any action to receive the update.
While we are in the process of finalizing the security update to address this issue, we encourage Internet Explorer customers concerned with this vulnerability to follow the following mitigations:
As a best practice, we always encourage customers to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. We also encourage customers to exercise caution when visiting websites and avoid clicking suspicious links or opening email messages from unfamiliar senders. Additional information can be found at www.microsoft.com/protect.
We will continue to monitor the threat landscape very closely and take appropriate action to help protect our customers.
Thank you,Dustin ChildsGroup Manager, Response CommunicationsTrustworthy Computing