System administrators are in for a light Patch Tuesday this month as Microsoft released only four bulletins in its monthly security update.
The Microsoft Security Bulletin Summary for November 2011 tackles and addresses multiple vulnerabilities in Microsoft Windows. According to the notice, one of the bulletins is rated “critical”, while two are rated “important” and remaining one is rated “moderate.”
Majority of the bulletins apply to newer versions of Windows and require a reboot. The critical bulletin only affects Windows Vista, Windows 7, and Windows 2008 Server R2.
This Patch Tuesday gave a break to many IT administrators, however the real question on everyone’s mind is zero-day vulnerability related to DUQU. The vulnerability is exploited through a malicious Microsoft Word document. When opened, a zero-day kernel vulnerability is taken advantage of to execute malicious code. Microsoft did not release a patch in this cycle but has already issued a temporary fix for the exploit found here. The advisory provides a workaround by disabling the rendering of embedded TrueType fonts.
Additionally, Microsoft also raised their concern on the exploitability of MS11-083, giving it an Exploitability Index of “2”. They gave several scenarios wherein the vulnerability is exploited, and eventually used to achieve remote code execution.
Users are advised to immediately download and apply these patches as soon as possible. For more information regarding this month’s Patch Tuesday release, visit the Trend Micro security advisory page.