Microsoft’s Patch Tuesdays have been full to the brim of remote code execution issues lately and here’s another one, which is already being exploited “in the wild,” but there won’t be a patch for it in the November slate of security updates. However, the company has already released a security advisory that includes workarounds, and noted that an attacker will have to persuade users to open an attachment or click a link in order for them to fall prey to the exploit. You can read more about it here:
http://www.gfi.com/blog/no-patch-forthcoming-for-tiff-handling-zero-day-vulnerability/