Microsoft is planning to patch 20 vulnerabilities in next week's Patch Tuesday security update release. Programs include Microsoft Windows, Office, Internet Explorer, Microsoft Publisher and Windows Media Player via 14 bulletins.
Out of the 14 bulletins, 3 are rated ‘critical,' because they address vulnerabilities capable of allowing remote code execution by hackers. The critical rated bulletins are for Windows. The remaining 11 bulletins are considered ‘important.'
Security experts revealed the update will come with a patch for the Duqu trojan virus, SSL (secure socket layer) 3.0 and TLS (transport layer security) 1.0 flaws.
"The Microsoft holiday Patch Tuesday release will be substantial. We will get 14 bulletins for a total of 20 CVEs. Only one of the critical vulnerabilities applies to Windows 7. On the server side, both Windows 2003 and 2008 are vulnerable, but again the newer 2008 is better than 2003, with only one vulnerability applicable," said Wolfgang Kandek, CTO of Qualys, as reported by SC Magazine.
"Five of the ‘important' bulletins affect Office 2003, 2007 and 2010, including all office versions for Macintosh as well. One of the remaining bulletins addresses Internet Explorer 6 through 9; the remaining bulletins apply to all versions of Windows," he added.