Microsoft has issued a security update to patch a kernel vulnerability exploited by the infamous Duqu malware.
The Microsoft Security Bulletin for december 2011 includes 13 bulletins addressing flaws in Windows, Office and Internet Explorer. Three are rated as 'critical' and 10 as 'important'.
On of the 'critical' fixes addresses a flaw in the Windows TrueType component which could allow an attacker to trigger a crash and remotely execute code using a specially crafted web page.
This technique is believed to have been used to spread the Duqu malware, which infected systems in North Africa and the Middle East and is believed to have been aimed at sabotaging industrial systems in Iran.
Microsoft issued a temporary fix for the flaw in early November, but the December fix provides a permanent solution, the firm said.
Other critical fixes in the update include kill bits to prevent attacks on ActiveX components which could allow remote code execution, and a fix for a remote code execution flaw in Windows Media Player.
The 10 'important' fixes address remote code execution and elevation of privilege flaws in Windows, Office and Internet Explorer.
Jim Waller, manager at McAfee Threat Intelligence Services, warned that administrators will be busy as they will also have to deal with security updates from Adobe.
"Microsoft has a larger Patch Tuesday this month, and Adobe will release patches for Reader and Acrobat 9 and 10x. There is zero-day coverage in the Microsoft and Adobe patches," he said.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago