Microsoft set to deliver Patches for three Critical flaws, but no patch for Office Zero-day vulnerability

Microsoft has released advanced notification for the November 2013 security updates that are scheduled to be released on November 12, 2013.

The company plans to deliver eight security bulletins for Windows 8.1, three of them are rated critical and five are important. But there’s no relief in sight for a zero-day vulnerability (CVE-2013-3906) in how Office handles .TIFF graphics files.

The bulletins listed in Microsoft’s advanced notification as critical are for remote code execution vulnerabilities in Windows operating system and the remaining vulnerabilities listed as important are said to be remote code execution, elevation of privilege, information disclosure and denial of service flaws affecting Windows operating system, as well as Microsoft Office.

A malicious zero day attack capable of hijacking your PC via a vulnerability found in Windows, Office, and Lync is being exploited more widely than originally thought. Some new reports of the security researchers at Fire Eye and Symantec claim that malware groups are actively using the TIFF flaw to hack into computers.

The majority of the exploits detected by Microsoft, Fire Eye, and Symantec have occurred in the Middle East and Asia.

Microsoft also explains that the fix for Security Advisory 2896666 could come at any time, which means it could release even before next Tuesday. However, the current Fix It solution is still the proposed deterrent at this point.