Microsoft provided four security updates to cure four Windows vulnerabilities that mostly effect Windows Vista and Windows 7, the newest versions of the operating system, but somehow missed out on the zero-day vulnerability that is exploited by Duqu.
Out of the four only one update has been rated as "critical" and this is most-serious ranking of threat by Microsoft.
Two updates have been marked as "important" and the last one is identified as "moderate". As per expectations Microsoft did not provide any patch for Windows kernel vulnerability which was exploited by the Duqu Trojan campaign.
The most important update MS 10-083, patches the bug present in Windows Vista, Windows 7 and also TCP/IP stack of Server 2008 that regulates internet connectivity. The attacker can use this vulnerability to infect and hijack any unpatched PC, Microsoft stated.
Director of security operations at nCircle Security, Andrew Storms, said, "This critical bug allows an attack via the network, and looks troublesome at first glance.....But it doesn't look very easy to pull off, so in this case, it's not as big a concern as one would think." reported by Computer World.
On the unpatched Duqu exploited bug, researchers noted that even though Microsoft did not patch it, they did fix another flaw which is a component targeted by Trojan.