Last updated on: October 27, 2022
The coming November Patch Tuesday will be a light release, as expected. There will be four bulletins, with one of them critical, although only affecting Vista, Windows 7 and 2008 Server R2. Interestingly the majority of bulletins only apply to these newer versions of Windows, and XP and 2003 users are only affected by bulletin three, which is rated important.
We do not expect a patch for the recent 0-day used by the DuQu dropper that initially at least used Word as an exploit carrier. However Microsoft has released an advisory that goes into further detail and states that vulnerability is connected to embedded TrueType fonts and can be triggered both through documents and web browsing. The advisory also provides a workaround: it disables the rendering of embedded of TrueType fonts and so neutralizes the exploit. We recommend applying the workaround, but organizations should explore the impact that the diminished rendering capacity will have on normal document processing and web browsing.
Overall, this is a Patch Tuesday that will give a break to many IT administrators, but will put them on standby for the 0-day fix.