Microsoft's December Patch Tuesday should address Duqu worm
Microsoft has announced that it will release 14 bulletins, three of which are rated as critical by the company, as part of this month's upcoming Patch Tuesday on 13 December. These updates will address a total of 20 vulnerabilities across Windows, Office, Internet Explorer, Publisher and Windows Media Player.
The critical bulletins will close holes in Windows XP, Vista, Windows 7, Server 2003 and 2008 that could be exploited by an attacker to remotely inject code into a victim's system. These should include a fix for the Duqu bot which has spread by taking advantage of a vulnerability in the Windows kernel; Microsoft has been working on the Duqu security update since before November's Patch Tuesday, but it was not ready in time.
The remaining eleven bulletins are rated as important and fix remote code execution problems, as well as privilege escalation issues in Office 2003, 2007 and 2010; Office 2004, 2008 and 2011 for Mac; Publisher 2003 and 2007; and Internet Explorer. An updated version of the Microsoft Windows Malicious Software Removal Tool (MSRT) will be released at the same time.
See also:
- Microsoft Security Bulletin Advance Notification for December 2011,
- Microsoft releases Duqu bot workaround, a report from The H.
(crve)