Microsoft December Patch Tuesday to fix 20 flaws, including Duqu and BEAST
Microsoft revealed today that December’s Patch Tuesday will consist of 14 security bulletins that fix 20 vulnerabilities in the company’s Windows operating system, Internet Explorer browser, Office productivity suite, and Windows Media Player. Microsoft also plans on patching the Duqu and BEAST threats.
The two most important patches are the ones for Duqu, which has been plaguing victims as an intelligence-gathering Trojan, and a fix for BEAST, which stands for ‘Browser Exploit Against SSL/TLS’ hacking tool, as ComputerWorld reports.
As for Duqu, security experts believe it was developed by sophisticated hackers to help lay the groundwork for attacks on critical infrastructure like power plants, oil refineries, and pipelines. Microsoft disclosed its connection to the infection by disclosing how the virus is targeted to victims via emails containing tainted Microsoft Word documents. Once opened, the victim’s computer would be infected and the attacker would be able to take control of the machine and wreak havoc on the organization’s network.
Aside from these two security threats, Patch Tuesday will also offer three “critical” patches and eleven “important” patches. These patches involve counteracting against attackers who are able to remotely plant attack code on unpatched computers.
Patch Tuesday for December 2011 consists of 14 patches for 20 vulnerabilities and will be released around 1PM Eastern Time on December 13th.Further reading: Microsoft, Patch Tuesday, Security