http://www.computerworld.com/s/article/9222530/Update_Microsoft_plans_20_patches_next_week_will_fix_Duqu_and_BEAST_bugs By Gregg Keizer Computerworld December 8, 2011 Microsoft today announced it will issue 14 security bulletins next week to patch 20 vulnerabilities in Windows, Internet Explorer (IE), Office, and Windows Media Player. Among the patches will be ones that plug the hole used by the Duqu intelligence-gathering Trojan, and fix the SSL (secure socket layer) 3.0 and TLS (transport layer security) 1.0 bug popularized three months ago by the BEAST, for "Browser Exploit Against SSL/TLS," hacking tool. "They're all over the map," said Andrew Storms, director of security operations at nCircle Security, describing the wide range of Microsoft products slated for patching. "It looks like a big cleanup, where they're trying to get as much as they can off their plate before the end of the year." Three of the 14 updates were tagged with Microsoft's "critical" label, the highest threat ranking in its four-step system, while the remaining 11 were marked "important," the second-highest rating. [...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Fri Dec 09 2011 - 01:15:56 PST
This archive was generated by hypermail 2.2.0 : Fri Dec 09 2011 - 01:17:26 PST