Only one critical patch expected from Microsoft next week, as it releases a #Duqu workaround

News by Dan Raywood

Microsoft will release four bulletins in next week's Patch Tuesday.

Microsoft will release four bulletins in next week's Patch Tuesday.

Only one of the four patches will be rated as critical; it patches a remote code execution flaw in Windows. Only one patch is rated as ‘moderate', and covers a denial-of-service flaw in Windows, while the others cover remote code execution and elevation of privilege flaws in Windows.

Wolfgang Kandek, CTO at Qualys, said: “The coming November Patch Tuesday will be a light release as expected. There will be four bulletins, with one of them critical, although only affecting Vista, Windows 7 and 2008 Server R2. Interestingly, the majority of bulletins only apply to these newer versions of Windows, and XP and 2003 users are only affected by bulletin three, which is rated important.

“We do not expect a patch for the recent zero day used by the DuQu dropper that uses Microsoft Word as an exploit carrier. Overall, this is a Patch Tuesday that will give a break to many IT administrators.”

Paul Henry, forensics and security analyst at Lumension, said: “There may be a Black Friday this month, but there's also a happy Tuesday from Microsoft. Only one of the bulletins is critical; however, its exploitability rating is only a three and Microsoft suggests it is not likely this patch will be used.

“Of course, the real question on everyone's mind is DuQu. While many dispute the threat imposed by this bug, no one disputes the risk of the day zero vulnerability in Microsoft software that it takes advantage of. The vulnerability is exploited through a malicious Word document, so when the user opens the document, a zero-day kernel vulnerability is taken advantage of to execute malicious code.

“Microsoft did not issue a patch this cycle but an advisory will likely be released today or tomorrow with a link to a hot fix. This means that user intervention will be required, as a hot fix cannot be pushed out to the entire network.”

Microsoft has also released an advisory to provide customer guidance for the Windows kernel issue related to the Duqu malware.

Jerry Bryant, group manager of response communications at the Trustworthy Computing Group said that the advisory provides a workaround that can be applied to any Windows system. A Fix it has also been released that will allow one-click installation of the workaround.

He said: “To further protect customers, we provided our partners in the Microsoft Active Protections Program (MAPP) detailed information on how to build detection for their security products. This means that within hours, anti-malware firms will roll out new signatures that detect and block attempts to exploit this vulnerability. Therefore we encourage customers to ensure their anti-virus software is up-to-date.

“Additionally, our engineering teams determined the root cause of this vulnerability and we are working to produce a high-quality security update to address it. At this time, we plan to release the security update through our security bulletin process, although it will not be ready for this month's bulletin release.”

He concluded by claiming that the risk for customers remains low but as the situation is subject to change, he encouraged users to either apply the workaround or ensure their anti-malware vendor has added new signatures based on the information it has provided.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews