12 Dec 2011

About 20 Windows patches will be released to fix bugs

The Duqu Trojan virus and the BEAST hacking tool may have to retool, as Microsoft announced they will release 20 patches for Windows, Internet Explorer, Office and Windows Media Player this week. This is good news for users looking for protection outside of their antivirus software.

Patches are expected to plug the hole used by Duqu and fix the SSL 3.0 and TLS used by BEAST, also known as Browser Exploit Against SSL/TLS. There of the 14 updates were tagged with "critical," which is the highest step in Microsoft's system. The remaining 11 were ranked as "important," the second-highest ranking. Marcus Carey, a security researcher, said the patch labeled as Bulletin 1, should be taken care of immediately.

"The main reason why I think this is the Duqu zero-day patch is that [Bulletin 1] requires a restart, which indicates it's a kernel-level bug that is being patched, and it affects all the same operating systems as in the [November] advisory," said Carey in an email to ComputerWorld.

SC Magazine said it is unclear if the patch will fix the Kernel vulnerability, which the news source said aids the spread of Duqu. With or without the patches, users should keep their antivirus software updated to help fight other rogue viruses.