Second on your list of priorities is MS13-089, which addresses a vulnerability in Windows Graphics Device Interface (GDI) that could allow a remote code execution in all versions of Windows. We have seen this type of issue before. In previous related GDI issues, the vulnerability was caused by improper parsing of TrueType fonts (TTF) in shared content. The vulnerability could be exploited if an attacker crafts a malicious file or website and convinces a user to download the file or open an attachment. The attacker would receive the same level of privilege as the running application that was using the GDI interface.
This November Patch Tuesday will be a busy one for IT, especially for the many organizations that use IE. Eight bulletins, three rated critical, were released by Microsoft. This slideshow features a rundown of the November updates, provided by Paul Henry, security and forensic expert at Lumension.