The Channel logo

News

By | John Leyden 9th December 2011 11:31

Duqu vuln fix stars in bumper Patch Tuesday

Microsoft's Xmas gift to sysadmins: 14 security updates

Microsoft plans to deliver a festive hamper of 14 security updates next week, three of which are designed to tackle critical remote code execution flaws.

The critical updates plug serious holes in Windows XP, Vista, and (to a lesser extent) Windows 7. On the server side, both Windows 2003 and Windows 2008 are vulnerable, but only one vulnerability applicable is applicable to Windows 2008.

The final Patch Tuesday of 2011 is most notable for including a fix for the Windows vulnerability exploited by the Duqu (sibling of Stuxnet) worm. Five of the less severe yet "important" bulletins affect various versions of Office. The patch batch is also set to include security patches for Internet Explorer and Windows Media Player.

Although unveiling a fully laden hamper just before the holiday season is far from ideal, sysadmins can take heart from the fact that the percentage of Microsoft's patches addressing critical vulnerabilities has fallen from 70 per cent of security patches in 2006 to just 30 per cent this year, according to vulnerability management firm Lumension.

Microsoft's pre-alert notice is here. Additional commentary on the upcoming releases can be found from vulnerability scanning firm Qualys here. ®

alert Send corrections

Opinion

Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella
Stranded_ships

Chris Mellor

Thousands of layoffs announced as spinning rust enters its death spiral

Features

STRASBOURG, JUNE 29, 2016: The seat of the European Parliament. by Marco Aprile for shutterstock. EDITORIAL USE ONLY
Plan b, image via Shutterstock
EU workers, new markets: post-Brexit pressure on May & Co
Tough question, pic via Shutterstock
Honest mistake with your licensing? Audit police look at it on a 'case by case basis'