News

Duqu Flaw Looks To Go Unpatched in November's Light Patch Tuesday Release

Microsoft's Patch Tuesday is looking somewhat light for next week.

In an advance notice, Microsoft is projecting four Windows fixes to come. One is rated "critical" due to remote code execution implications. Two are deemed "important" because of remote code execution and elevation of privilege vulnerabilities. The last security bulletin in the bunch is expected to be a "moderate" fix to ward off denial of service attacks. This month's patch is expected to arrive on Nov. 8 at around 10:00 a.m. Pacific Time.

The critical item and one of the two important bulletins deal with fixing a remote code execution flaw in Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2.

The second important bulletin concerns an undisclosed elevation of privilege flaw found in every supported version of Windows client OS and Windows Server.

Finally, Microsoft plans to release a "moderate" item this month, a denial of service fix,  for Windows 7 and Windows Server 2008 R2.

Restarts will be required for all but important bulletin No. 2, Microsoft expects.

Many would like to see a fix for a zero-day exploit in the Windows kernel that attackers can use to infect targeted systems with the Duqu Trojan worm. While Microsoft has acknowledged that it is working on a fix, the company provided no information in its advance notice that this fix will make it into November's patch.

More information can be found in Microsoft's Security Bulletin Advance Notification.

 

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Clarifies Project Cortex's Scope, IT Controls and Product Delivery in Q&A

    Microsoft recently offered a Q&A session on Project Cortex, its emerging "knowledge network" solution for Microsoft 365 users.

  • How To Use .CSV Files with PowerShell, Part 2

    In the second part of this series, Brien shows how to import a .CSV file into a PowerShell array, including two methods for zooming in on just the specific data you need and filtering out the rest.

  • Windows 10 Preview Adds Ability To Display Linux Distro Files

    Microsoft on Wednesday announced Windows 10 preview build 19603, which adds easier access to installed Linux distro files using Windows File Explorer.

  • Microsoft 365 Business To Get Azure Active Directory Premium P1 Perks

    Subscribers to Microsoft 365 Business (which is being renamed this month to "Microsoft 365 Business Premium") will be getting Azure Active Directory Premium P1 licensing at no additional cost.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.