ID :IRCNE2011121345
Date: 2011-12-14
Microsoft has finally patched a flaw being exploited by the Duqu Trojan, but a fix to protect Internet Explorer users from having their encrypted communications snooped on didn't quite make the cut.
As part of Patch Tuesday today Microsoft released 13 security bulletins, fixing 10 important bugs and three critical ones, according to the advisory.
MS11-087 fixes a critical hole in the TrueType font handling in the Windows kernel that could allow an attacker to take control of a machine. It has been used in the wild to infect systems with the Duqu malware. "Now that the patch is out, we can expect an exploit to be coded and become available in short time," security firm Qualys predicted in a blog post.
The second critical patch, MS11-090, is a cumulative security update of ActiveX Kill Bits, while the final critical update, MS11-092, fixes a flaw in Windows Media Player.
Meanwhile, the company has released 99 security bulletins this year, 32 percent of which were rated critical. That percentage is the lowest since the company began issuing monthly bulletins in 2004 and in absolute numbers it is the fewest since 2005, Microsoft said in a blog post.
- 4