Update: Microsoft plans 20 patches next week, will fix Duqu and BEAST bugs

[InfoSec News <alerts () infosecnews org>]

http://www.computerworld.com/s/article/9222530/Update_Microsoft_plans_20_patches_next_week_will_fix_Duqu_and_BEAST_bugs

By Gregg Keizer
Computerworld
December 8, 2011

Microsoft today announced it will issue 14 security bulletins next week 
to patch 20 vulnerabilities in Windows, Internet Explorer (IE), Office, 
and Windows Media Player.

Among the patches will be ones that plug the hole used by the Duqu 
intelligence-gathering Trojan, and fix the SSL (secure socket layer) 3.0 
and TLS (transport layer security) 1.0 bug popularized three months ago 
by the BEAST, for "Browser Exploit Against SSL/TLS," hacking tool.

"They're all over the map," said Andrew Storms, director of security 
operations at nCircle Security, describing the wide range of Microsoft 
products slated for patching. "It looks like a big cleanup, where 
they're trying to get as much as they can off their plate before the end 
of the year."

Three of the 14 updates were tagged with Microsoft's "critical" label, 
the highest threat ranking in its four-step system, while the remaining 
11 were marked "important," the second-highest rating.

[...]


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn