The company says that one of the IE patches wasn’t fixed this week
Microsoft has revised the page of one of its Patch Tuesday updates to state that an Internet Explorer vulnerability supposed to be repaired in this month’s patch cycle wasn’t really fixed.The Internet Explorer Memory Corruption Vulnerability, listed as CVE-2013-3871, is said to be a security hole affecting basically all versions of Internet Explorer, with the exception of 11, the one that’s currently available as the default browser on Windows 8.1 and as an optional download on Windows 7.
An attacker who successfully exploits this glitch can execute arbitrary code on a vulnerable system, with the flaw being rated by Microsoft as “critical.”
Redmond claims that the vulnerability will be in fact fixed in a future update and users do not need to take any action to further protect their computers.
More details on the bug will be released in the coming weeks, as Microsoft is still working on a fully-working patch to block any potential exploits.
Update: Microsoft told us that the glitch was actually fixed as part of the November 2013 Patch Tuesday and the CVE was "originally included in the October cycle as a result of a documentation error."