Microsoft on Tuesday released four security bulletins as part of its November update, closing the same number of holes and expectedly leaving out a permanent fix for the flaw linked to the Duqu trojan.
One of the patches is rated “critical,” Microsoft's highest bug-severity rating, while two others are deemed “important” and one is listed as “moderate.” All of the patches impact Windows and will require a reboot.
Still outstanding is a zero-day Windows kernel flaw, which Microsoft confirmed last week to be connected to Duqu, the so-called "son of Stuxnet" trojan. The software giant did, however, last week issue a temporary fix to block attacks attempting to exploit the vulnerability.
The one critical bug patched this month impacts the TCP/IP stack of Windows and could allow for the execution of remote code “if an attacker sends a continuous flow of specially crafted UDP (user datagram protocol) packets to a closed port on a target system,” Microsoft said in its bulletin summary. Though rated critical, Microsoft gave it the second-highest exploitability rating of 2, meaning that the exploit code is inconsistent.
Still, out of the four, this flaw should be patched with the highest urgency, Wolfgang Kandek, CTO at Qualys, said in a blog post Tuesday.
“Since this vulnerability does not require any user interaction or authentication, all Windows machines, workstations and servers that are on the internet can be freely attacked,” he wrote. “The mitigating element here is that the attack is complicated to execute…but otherwise this has all the required markings for a big worm.”
Meanwhile, other flaws affect Windows Mail and Windows Meeting Space, The former could allow for remote code execution, while the latter impacts Active Directory and could lead to elevation of privileges.
Further, the moderate-severity vulnerability impacts Windows kernel-mode drivers and could allow for a denial-of-service attack.