Duqu vuln fix stars in bumper Patch Tuesday
Microsoft's Xmas gift to sysadmins: 14 security updates
Microsoft plans to deliver a festive hamper of 14 security updates next week, three of which are designed to tackle critical remote code execution flaws.
The critical updates plug serious holes in Windows XP, Vista, and (to a lesser extent) Windows 7. On the server side, both Windows 2003 and Windows 2008 are vulnerable, but only one vulnerability applicable is applicable to Windows 2008.
The final Patch Tuesday of 2011 is most notable for including a fix for the Windows vulnerability exploited by the Duqu (sibling of Stuxnet) worm. Five of the less severe yet "important" bulletins affect various versions of Office. The patch batch is also set to include security patches for Internet Explorer and Windows Media Player.
Although unveiling a fully laden hamper just before the holiday season is far from ideal, sysadmins can take heart from the fact that the percentage of Microsoft's patches addressing critical vulnerabilities has fallen from 70 per cent of security patches in 2006 to just 30 per cent this year, according to vulnerability management firm Lumension.
Microsoft's pre-alert notice is here. Additional commentary on the upcoming releases can be found from vulnerability scanning firm Qualys here. ®
Similar topics
Broader topics
Narrower topics
- Azure
- Bing
- BSoD
- Excel
- Internet Explorer
- Microsoft 365
- Microsoft Build
- Microsoft Edge
- Microsoft Office
- Microsoft Surface
- Microsoft Teams
- .NET
- Office 365
- Outlook
- Pluton
- SharePoint
- Skype
- SQL Server
- Visual Studio
- Visual Studio Code
- Windows
- Windows 10
- Windows 11
- Windows 7
- Windows 8
- Windows Server
- Windows Server 2003
- Windows Server 2008
- Windows Server 2012
- Windows Server 2013
- Windows Server 2016
- Windows XP
- Xbox
- Xbox 360