Microsoft has finally moved to deal with a zero-day exploit used on the internet to attack Internet Explorer. The company responded with an out-of-band patch reflecting the urgent nature of the threat.
According to the Microsoft Security Bulletin Advance Notification for October 2012, Microsoft has a total of seven new security bulletins slated for release.
Patch Seven is rated critical and addresses a flaw affecting ALL supported versions of Microsoft Word and Microsoft SQL Server (Escalation of Privilege vulnerability).
The first six bulletins are all rated important.
Three of them affect components of the Office family.
Bulletin two affects a Remote Code Execution vulnerability in Microsoft Works 9.
Bulletin three addresses InfoPath and SharePoint.
Bulletin four is an update patch affecting SharePoint Fast Search.
Bulletin five and six correct the local Elevation of Privilege vulnerabilities that might allow outsiders to gain administrative privileges whilst already present on the computer.
This patch Tuesday highlights a particularly alarming fact, that some of these vulnerabilities have been lurking in Windows and Office code since the year 2000, indicating these flaw in Microsoft code has been around for decades. This means that, according to Alex Horan, senior product manager, CORE Security, "When you look at the number of versions that are affected you quickly come to the determination that these vulnerabilities have existed for quite a long period of time and have potentially been abused without user knowledge throughout several generations of the software".
Bottom line - leave your Microsoft computers and servers turned on Tuesday night to receive the patch. The restart your computer.