Microsoft prepares for 14 bulletins, no indication of Duqu repair

News

Microsoft prepares for 14 bulletins, no indication of Duqu repair

Hillary O'Rourke, Contributor

Microsoft said it would update 14 security bulletins, addressing 20 vulnerabilities, three of which are rated “critical,” for its December 2011 Patch Tuesday. The company did not announce whether it would repair a zero-day vulnerability being exploited by the Duqu Trojan.

The software giant issued its advance notification today, preparing to tackle flaws affecting Microsoft Windows, Office, Internet Explorer, Microsoft Publisher and Windows Media Player. The security bulletins are slated to be released December 13.

Of the three critical bulletins, only one requires a restart while the remaining two may require a restart. All three affect Microsoft Windows and could allow remote code execution if left unpatched. Researchers have been awaiting a Windows kernel repair which would block Duqu from using the vulnerability to execute on sensitive systems. Engineers were still working on a patch in November.  

The remaining 11 security bulletins are rated “important.” Five of them require a restart while six may require a restart, Microsoft said.

The notification shows the majority of the important bulletins could allow remote code execution, one could enable disclosure of information

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

and three, if left unpatched, could allow an elevation of privilege.

Along with the monthly advance notification, Microsoft also pointed out an update to its Microsoft Active Protections Program (MAPP). In a blog post, the company explained the update should provide customers with greater transparency, showing how MAPP partners use the information when Microsoft releases security advisories.

According to the post, Microsoft has developed a new process in which it lists its MAPP partners who have confirmed that they released protection within 96 hours after the advisory release on a special web page.

For its November Patch Tuesday, the software giant tackled four security bulletins in Microsoft Windows, only one rating “critical.” The company didn’t release any Duqu zero-day patches as expected but did issue a workaround the week before.


Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top