December 10, 2016

Light Patch Tuesday Ahead With No Fix For Duqu TrueType Font Vulnerability

(LiveHacking.Com) – Microsoft has published its advance notification of the security bulletins that Microsoft is intending to release for November’s Patch Tuesday (November 8, 2011).

Microsoft will issue four bulletins: one for a ‘Critical’ remote code execution vulnerability, two ‘Important’ fixes for remote code execution and elevation of privilege flaws and a ‘Moderate’ denial-of-service vulnerability.

The ‘Critical’ bulletin affects Windows 7, Vista, Server 2008 and Server 2008 R2 but not XP and Server 2003. This probably means that the flaw is in newer functionality which isn’t included XP or Server 2003. In fact, only one of the four bulletins affects XP and Windows Server 2003. The other three are only found in Windows Vista or above.

Microsoft have already said that a fix for the Windows’ TrueType font parsing engine vulnerability, that is used by the Duqu malware, will not be ready for this month’s bulletin release:

Additionally, our engineering teams determined the root cause of this vulnerability, and we are working to produce a high-quality security update to address it. At this time, we plan to release the security update through our security bulletin process, although it will not be ready for this month’s bulletin release.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks