Patch Tuesday is coming -- here's what Microsoft is NOT fixing
This week, November 12th to be precise, is that holiday we have come to call Patch Tuesday. It's the day when Microsoft rolls out fixes for bugs, both small and large, in its software, from Windows to Office and more. This month's releases are of particular interest,
November's update includes eight patches, three of which have been tagged as 'critical'. Microsoft even promises it "will host a webcast to address customer questions on the security bulletins on November 13, 2013, at 11:00 AM Pacific Time".
However, security researchers at Sophos point out a glaring hole in this month's security push. "The recent zero-day, which allows crooks to attack your computer using booby-trapped TIFF images, has created lot of confusion amongst users and administrators trying to work out which of their computers are at direct risk", states Paul Ducklin. The firm has inquired about a fix for this -- "the answer, I am sorry to have to tell you, is, no", Sophos claims.
Why has this flaw caused confusion? Well, because Microsoft has claimed the problem does not affect Windows XP, Windows 7 and Windows 8, but is a danger to Office versions ranging from 2003 to 2010. What happens when one of those suites is running on an "unaffected" operating system?
Microsoft has attempted to clear this up stating that Windows Server 2008 and Windows Vista are vulnerable regardless of software. Office 2003 and 2007 are a danger regardless of the OS they are running on. Finally, Office 2010 on XP is a problem as well.
As a stop-gap, the company has issued a Fix-it to help out users in the short-term.