Microsoft announced that it would be releasing four security updates next week for November’s Patch Tuesday. These four updates will address various vulnerabilities in Windows, however, the updates will not address the recent Duqu threat.
Of the four security updates, the first one is rated the most serious and addresses vulnerabilities that could allow an attacker to execute malicious code and commandeer the victim’s computer. The other two updates, rated as the second most severe, address the same vulnerabilities. The operating systems affected by this update are Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2.
Unfortunately, it looks like Microsoft will not be releasing a fix for the recently discovered Windows kernel bug that could allow the Duqu trojan to weak havoc on an infected computer. Security experts believe Duqu was developed by sophisticated hackers to help lay the groundwork for attacks on critical infrastructure like power plants, oil refineries, and pipelines.
Microsoft disclosed its connection to the infection by disclosing how the virus is targeted to victims via emails containing tainted Microsoft Word documents. Once opened, the victim’s computer would be infected and the attacker would be able to take control of the machine and wreak havoc on the organization’s network.
One could attribute this months lack of patches as Microsoft’s refocusing effort on working to fix this Duqu exploit. At least, lets hope so.
These four updates will be released around 1PM Eastern Time on November 8th.
UPDATE: Microsoft has issued a temporary fix for the Duqu trojan.Further reading: Microsoft, Patch Tuesday, Security