Patch Tuesday: Fix for 'Duqu' zero-day not likely this month

Summary:Three of the bulletins carry "remote code execution" risk while the fourth exposes Windows users to denial-of-service attacks.

Microsoft has announced plans to ship fixes for at least four security holes in the Windows operating system as part of this month's Patch Tuesday batch.

Three of the bulletins carry "remote code execution" risk while the fourth exposes Windows users to denial-of-service attacks.

follow Ryan Naraine on twitter

The updates, which drop around 1:00PM Eastern on November 8, will affect all supported versions of Windows, including the newest Windows 7 and Windows Server 2008 R2.

Windows kernel 'zero-day' found in Duqu attack ]

Although Microsoft has confirmed a zero-day Windows kernel flaw was used in the mysterious Duqu malware attack, the company is not expected to ship a fix for this issue.

According to Symantec, the Duqu zero-day vulnerability was exploited via a rigged Word .doc and gave the hackers remote code execution once the file was opened.

Microsoft has not yet issued a security advisory to offer pre-patch mitigation guidance.  Microsoft has now issued a security advisory with a temporary fix-it migitation.

Topics: Software, Operating Systems, Windows

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.