Some additional information about this month’s batch of Microsoft security patches has become available. First, one of the patches rated Critical, MS11-087, addresses the flaw in the TrueType kernel mode drivers that has been exploited by the DuQu malware. This bulletin also supersedes MS11-077, issued in October.
In my post on Tuesday, I noted that Microsoft was releasing 13 bulletins this month, rather than the 14 that were originally scheduled in the Security Bulletin Advanced Notification, issued last Thursday, and discussed in my preview post. According to an article at Ars Technica (which also contains more information on the patch for the DuQu vulnerability), the missing patch, for a browser exploit against SSL/TLS, was pulled by Microsoft because of compatibility problems with an SAP application.
It turns out the patch left out of this month’s batch is for BEAST, or “Browser Exploit Against SSL/TLS,” and it was scratched because of incompatibility with an SAP application
Microsoft says it is working with SAP and will issue a (possibly) modified patch once the issue is resolved.