Microsoft has released advanced notification for its November bulletin which will be released on 8th of this month.
This month will see the release of four security updates, of which one is rated critical, two are important and one is moderate. As noted in the table below , Bulletin 1 and 2 patches vulnerabilities that enable Remote Code Execution, while Bulletin 3 is for an Elevation of Privileges bug and Bulletin 4 is for a Denial of Service bug.
Of the four security updates, only Bulletin 3 applies to Windows XP and Server 2003. Bulletins 1, 2 and 3 apply to Windows Vista and Windows Server 2008. Interestingly, newer Operating Systems, Windows 7 and Windows Server 2008 R2 requires all four updates.
While Microsoft acknowledged zero-day vulnerability in a Windows component the Win32k TrueType font parsing engine – they did not include an update for this in this month’s Security Bulletin. Instead, they have released a Fix It solution which can be used until an update is released.
The vulnerability, which was utilized by the Duqu worm, will allow a hacker to run arbitrary code in kernel mode, thus giving him the ability to install or run software or to view/edit data. The temporary workaround for this vulnerability is to disable access to T2EMBED.DLL. The Fix it solution released by Microsoft just automates this process.
In order to protect yourself from the zero-day attacks, make sure that you install the above mentioned updates as soon as they are released.
Stay up to date, stay safe.