It’s everybody’s favorite Tuesday again. No it’s not Taco Tuesday, it’s Patch Tuesday! The days may be getting shorter and it’s dark a whole lot earlier, but that doesn’t mean you should be lazy and put off patching up some security holes. Get patching!
True it’s a slow month for patches. Only four this time around and only one of those is critical. As usual with the critical patch though, it fixes a remote code weakness that would allow attacks to happen without you doing anything (or without you knowing). Just being connected to the internet leaves you open to attacks.
The weakness involves the TCP/IP stack in Windows. The good news is the attack would take a super long time to actually infect your computer with a super worm. By ‘super long’ I mean like five hours. The bad news is if the attacker wins your whole system is a goner.
Another patch fixes a Windows kernel level TrueType weakness. No, this is not the same weakness used by the Duqu Trojan. That hole allows a zero-day bug to install the Duqu malware. Microsoft hasn’t been able to shed any light on a patch for that one.
A temporary fix has been issued in a separate report for those of you anxiously awaiting a patch. It’s possible that if and when a permanent fix appears, Microsoft will release it before the next Patch Tuesday. That is of course if one appears before then. For now there’s still no patch in sight for Duqu and no timelines have been given.
For more info on the patches releases today check out Microsoft’s announcement here: Security Bulletin: Microsoft November Patch Tuesday.