| By Susan Bradley |
Congratulations! We’ve made it to the last scheduled Patch Tuesday of 2011. And we had only 99 Microsoft security bulletins to deal with.
We’re ending the year updating Internet Explorer, patching for malicious fonts, and fixing Adobe Reader and Acrobat.
Because of our holiday publishing schedule, we won’t have a second Patch Watch this month. If any important updates appear, I’ll post information about them in the Windows Secrets Lounge. I also plan to post an update on Office 2010 SP1 — its needed hotfix was just posted.
MS11-087 (2639417)An important patch for malicious fonts
The most critical update to patch for this month is fixing the Duqu zero-day threat discussed by Robert Vamosi Dec. 1 in his In the Wild column. At the time, Robert felt it was best to wait for an update — and here it is! This kernel-mode vulnerability impacts all current versions of Windows.
(At this point, you should treat all unexpected Office attachments as suspect — attacks via Office are easier than those through browsers.)
► What to do: Install KB 2639417 (MS11-087) soon — there are reports of Duqu attacks in the wild.
MS11-092 (2648048)Microsoft’s Windows Media Player needs updating
After years of patching, some things are obvious: open a malicious video, and your system will be owned by someone you don’t want to know. Given that your friends and family just love to send you links to the latest funny video, you’d be wise to make this update a priority.
In this vulnerability, a malicious Microsoft Digital Video Recording (.dvr-ms) file might be used in an attack. The threat impacts all consumer versions of Windows.