The Channel logo

News

By | John Leyden 9th December 2011 11:31

Duqu vuln fix stars in bumper Patch Tuesday

Microsoft's Xmas gift to sysadmins: 14 security updates

Microsoft plans to deliver a festive hamper of 14 security updates next week, three of which are designed to tackle critical remote code execution flaws.

The critical updates plug serious holes in Windows XP, Vista, and (to a lesser extent) Windows 7. On the server side, both Windows 2003 and Windows 2008 are vulnerable, but only one vulnerability applicable is applicable to Windows 2008.

The final Patch Tuesday of 2011 is most notable for including a fix for the Windows vulnerability exploited by the Duqu (sibling of Stuxnet) worm. Five of the less severe yet "important" bulletins affect various versions of Office. The patch batch is also set to include security patches for Internet Explorer and Windows Media Player.

Although unveiling a fully laden hamper just before the holiday season is far from ideal, sysadmins can take heart from the fact that the percentage of Microsoft's patches addressing critical vulnerabilities has fallen from 70 per cent of security patches in 2006 to just 30 per cent this year, according to vulnerability management firm Lumension.

Microsoft's pre-alert notice is here. Additional commentary on the upcoming releases can be found from vulnerability scanning firm Qualys here. ®

alert Send corrections

Opinion

Memristor_wafer

Chris Mellor

Execution warrant close to being signed for Fink's folly
Woman cuddles 'sly-looking' Fennec fox. Photo by Shutterstock
Cartoon of employee asking wky boss makes hium wear suspenders (while pincer through open trapdoor remains poised above his head) illustration by Cartoon resource for Shutterstock

Frank Jennings

It's not like my boss painstakingly nurtured the contacts, right?

Features

Girl and computer, photo via Shutterstock
Middle-class terror of engineering also part of problem
Nerd fail photo via Shutterstock
Shouting match
Single market vs. rest of the world