Microsoft (NASDAQ: MSFT) will be releasing four bulletins for November's Patch Tuesday next week. Only one of the bulletins has been rated as critical this time, and Microsoft has suggested that it is not likely that this particular patch will be used. The other three patches include two tagged as important and one tagged as moderate; all four of them will require a reboot after installation.

Microsoft has always prided itself for the improved security found in newer versions of the Windows operating system, such as Windows 7. Ironically, newer versions of Windows have attracted more patches than older versions this time around, which led Andrew Storms, director of security operations at nCircle Security, to comment to Computerworld that "this month looks upside down."

In addition, it is understood that a fix for a zero-day vulnerability exploited by the Duqu malware will not be released next week. However, the advisory comes with a "Fix it" update that serves as a temporary band-aid against Duqu by completely denying access to the affected dynamic link library (DLL) used by the vulnerable Win32k TrueType font parsing engine. Applications that rely on embedded font technology will fail to display properly after installing the update, cautioned Microsoft. The update will install on any Windows platform.

Much remains unknown about Duqu, though security researchers have previously noted an uncanny resemblance to Stuxnet, the malware widely believed to be created specifically to disrupt Iran's efforts to create a nuclear arsenal. For now, Microsoft says that it has also released detailed information to antivirus companies on how to incorporate detection of Duqu. This should result in the creation of new signatures to detect and block it "within hours."

For more on this story:
- check out this article at SC Magazine
- check out this article at Computerworld
- check out this article at CNET News

Related Articles:
New Duqu malware bears 'uncanny' resemblance to Stuxnet
Stuxnet malware leaves its mark in Iran