Microsoft (NASDAQ: MSFT) has scheduled a total of 14 security bulletins for the final Patch Tuesday of 2011 next week, to resolve a total of 20 vulnerabilities. According to the advance notification released by the company, three bulletins are flagged as "critical" while the remaining 11 are classified "important."

In all, the security updates will address seven vulnerabilities in the Windows operating system, one in Internet Explorer, five in Microsoft Office and one in Windows Media Player. Many of the flaws impact legacy software such as IE6 and Windows XP; Windows 7 is affected by only one critical vulnerability. Regardless, it is highly recommended that the security updates be applied as soon as possible.

Of note would be how the update fixes a weakness in SSL and TLS 1.1 that was brought into the limelight by the release of a hacking tool called BEAST. According to Paul Henry, security and forensic analyst at Lumension, the update also addresses the vulnerability exploited by the Duqu Trojan. 

In an email, Henry observed that Microsoft has dramatically improved its software processes over recent years, resulting in a decline in the number of critical vulnerabilities from an average of 70 percent in 2006 to just 30 percent this year. The patch is scheduled to go live at around 10am PST on Tuesday.

For more:
- check out this article at Computerworld
- check out this article at PCWorld

Related Articles:
November Patch Tuesday sees just 4 bulletins, temporary Duqu fix
Patch Tuesday October to resolve flaws in multiple versions of IE, Windows
Free Duqu detector toolkit released by CrySyS