November 12, 2013 (today) is Microsoft Patch Tuesday. Microsoft announced that it will contain eight security bulletins covering both the Windows operating system and Microsoft Office software.
In addition, it is reported to include a high priority item with the current 0-day vulnerability in a graphics library that is used by Microsoft Office and older versions of Windows.
The 0-day vulnerability is detailed in security advisory KB2896666 as a weakness in the TIFF graphics format parser and with reports of attacks from the Middle East and South Asia. The observed attacks are through Microsoft Word documents and the vulnerability is present in Microsoft Office.
Microsoft has provided a Fix-It that turns off TIFF rendering in the affected graphics library, which should have no impact if you are not working with TIFF format files on a regular basis. TIFF is a format used frequently when scanning documents and in the publishing industry.
Microsoft's security toolkit EMET (Enhanced Mitigation Experience Toolkit) prevents the attack from executing, as it has in all of the recent 0-days in Internet Explorer as well.
The November Patch includes ‘critical’ bulletins affecting the Internet Explorer Web Browser (IE), and Windows
Five 'important' bulletins impact Office and Windows.
The focus is on patching the critical update for Internet Explorer, because the recent Microsoft SIR report points out on page 116 that, in 2013, the majority of attacks not delivered through email, have been delivered through the Internet Explorer.
All of the critical bulletins and one of the important bulletins result in a remote code execution and should be prioritized higher. The rest of the important bulletins result in the elevation of privileges or a denial of service condition.
If you are using Apple iOS or Linux, no update is necessary.
Bottom line, leave your computers and servers turned on tonight, and reboot your equipment tomorrow morning.