On November 12, 2013, Microsoft released its scheduled patch update for November 2013. This month's update covers vulnerabilities in Microsoft Windows, Internet Explorer, and Office. Eight security bulletins have been released to address these issues.
Customers are advised to install all applicable updates as soon as possible.
Microsoft Security Bulletin Summary for November 2013
On November 5, 2013, Microsoft released a security advisory for a zero day vulnerability in Microsoft Office.
A zero-day vulnerability in Microsoft Office has been discovered in the wild. This vulnerability has been used in limited targeted attacks. CVE-2013-3906 has been assigned to the vulnerability. There is no patch available from Microsoft at this time.
We advise customers to exercise caution when using the affected software. As a workaround, Microsoft has provided the Fix it solution on the advisory.
Microsoft Security Advisory (2896666)
Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution
ThreatCon Level 1
Low : Basic network posture
This condition applies when there is no discernible network incident activity and no malicious code activity with a moderate or severe risk rating. Under these conditions, only a routine security posture, designed to defeat normal network threats, is warranted. Automated systems and alerting mechanisms should be used.