IE 11 is not supported. For an optimal experience visit our site on another browser.

Microsoft Fixes 20 Bugs in Final 'Patch Tuesday' of 2011

UPDATED Wednesday Dec. 14 at 10:45 a.m. ET. See below for updated information.
/ Source: SecurityNewsDaily

Wednesday Dec. 14 at 10:45 a.m. ET. See below for updated information.

Microsoft's final "Patch Tuesday" for 2011 addresses 20 bugs in several of its most popular programs and also fixes a flaw currently being exploited in the wild by the dangerous Duqu Trojan.

Of the 14 bulletins to be released tomorrow (Dec. 13), seven tackle Windows flaws, five address problems in Microsoft Office and one relates to Windows Media Player. Microsoft labeled three of the Windows bulletins as "critical," meaning they could allow an attacker to gain unauthorized access and execute malicious code on an infected system.

Software affected in the patch includes Windows XP, Windows Vista, Windows 7, Windows Servers 2008 and 2003, Microsoft PowerPoint and Microsoft Office 2010 and earlier versions for Windows and Mac.

Along with the regularly updated programs like Windows, Internet Explorer and Office, Microsoft is also rolling out a fix for the flaw currently being exploited by the Duqu Trojan.

Discovered in early September but not publicized until mid-October, Duqu drew concerns among the security community, which found it was built to harvest data from industrial control systems. Researchers believe the same authors that built the infamous Stuxnet worm also designed Duqu.

Also being patched is the hole exploited by the BEAST proof-of-concept hack, which cracked some of the encrypted communication protocols used in secure Web browsing.

UPDATE: Microsoft pulled the BEAST patch from the updates at the last minute, according to ComputerWorld, because of compatibility issues related to software made by the German enterprise application developer SAP.

"The bulletin scheduled to address Security Advisory 2588513 was postponed due to a third-party application compatibility issue that will be addressed by the vendor, with whom we're working directly," ComputerWorld quoted Jerry Bryant of Microsoft's Trustworthy Computing team as having said in a statement.