Microsoft has released advanced notification for the November 2013 security updates that are scheduled to be released on November 12, 2013. Unfortunately, the recently reported zero-day flaw affecting multiple products will not see a fix included in next Tuesday's bundle.
Dustin Childs has taken to the Microsoft blog to describe why and give clarification on the issue. In the post HERE he explains that the fix for Security Advisory 2896666 could come at any time, which means it could release even before next Tuesday. Dustin suggests it will release when it's ready. However, the current Fix It solution is still the proposed deterrent at this point.
He goes on to clarify the specific products affected by the actively targeted vulnerability.
- Office 2003 and Office 2007 are vulnerable no matter what. Office 2010 is only vulnerable if installed on Windows XP or Windows Server 2003. Office 2013 is not affected at all.
- Windows Vista and Windows Server 2008 contain the component with the flaw, so the potential is there for those operating systems to be attacked.
- All supported versions of Lync are vulnerable.
He also states that the only active attack identified was against Office 2007 running on Windows XP.