In addition, three vulnerabilities in Microsoft Office were repaired, and vulnerability management experts said patching administrators should deploy the updates as soon as possible. Every supported version of Microsoft Office is impacted, and attackers will likely attempt to create an exploit targeting the flaws, said Marc Maiffret, chief technology officer of BeyondTrust, in his analysis of the latest round of updates.
In addition Microsoft released an important-rated security update to Hyper-V that an attacker could use to cause a virtual machine to crash. The update impacts users of Hyper-V on Windows 8 and Windows Server 2012.
Microsoft also issued a security advisory, warning businesses about a vulnerability in how DirectAccess authenticates DirectAccess server connections to DirectAccess clients. The technology was designed to provide a secure connection to the corporate intranet. The flaw could be used during a man-in–the-middle attack to establish connections with a computer and sniff encrypted network traffic. The update impacts all supported versions of Windows. Microsoft said it was not aware of any active attacks targeting them.
PUBLISHED NOV. 12, 2013