Microsoft plans on shipping four bulletins, of which only one is rated critical, in the November edition of Patch Tuesday. But it looks doubtful that the company will issue a fix for the vulnerability discovered this week being used by the Duqu installer.
The patch is set for release on Tuesday, November 8. In addition to the one critical vulnerability mentioned above, there will be two fixes receiving important severity ratings and one with a moderate rating.
Unpatched machines will be susceptible to remote code execution, elevation of privileges, and denial of service conditions.
The affected software for all of the bugs is Microsoft Windows.
It has been reported, and verified by Microsoft for that matter, that the widely publicized Duqu malware contains a Windows zero-day. It remains unknown whether or not Microsoft will address that problem with this month’s patch. Ryan Naraine of ZDNet claims Microsoft is not expected to do so.
As always, Microsoft will host a webcast to address customer questions and concerns just after the bulletins are released.