This is an unusual October Patch Tuesday release from Microsoft. Normally, we would see a number of urgent critical updates from Microsoft for severe, massively damaging exploits in either Adobe Flash Player or several less severe but still urgent issues in both of Microsoft’s browsers. This month is different. No Adobe Flash Player updates. I repeat, no Flash updates. And no urgent browser updates, either.
For this October Patch Tuesday, Microsoft Office has the highest, most serious rating with a publicly reported and already exploited vulnerability in the Word automation component. In addition, Microsoft has released a number of security advisories for Windows 10. The most serious (ADV170012) relates to "a security vulnerability [which] exists in certain Trusted Platform Module (TPM) chipsets.” With a relatively high CVSS score of 7.3, this firmware update requires some attention. You can also find a helpful infographic from Chris Goettl’s blog here.