Microsoft's final "Patch Tuesday" for 2011 addresses 20 bugs in several of its most popular programs and also fixes a flaw currently being exploited in the wild by the dangerous Duqu Trojan.
Of the 14 bulletins to be released Tuesday, seven tackle Windows flaws, five address problems in Microsoft Office and one relates to Windows Media Player. Microsoft labeled three of the Windows bulletins as "critical," meaning they could allow an attacker to gain unauthorized access and execute malicious code on an infected system.
(Msnbc.com is a joint venture of Microsoft and NBCUniversal.)
Software affected in the patch includes Windows XP, Windows Vista, Windows 7, Windows Servers 2008 and 2003, Microsoft PowerPoint and Microsoft Office 2010 and earlier versions for Windows and Mac.
Along with the regularly updated programs like Windows, Internet Explorer and Office, Microsoft is also rolling out a fix for the flaw currently being exploited by the Duqu Trojan.
Discovered in early September but not publicized until mid-October, Duqu drew concerns among the security community, which found it was built to harvest data from industrial control systems. Researchers believe the same authors that built the infamous Stuxnet worm also designed Duqu.
Also being patched is the hole exploited by the BEAST proof-of-concept hack, which cracked some of the encrypted communication protocols used in secure Web browsing.