It appears you have not yet registered with our community. To register please click here...

Go Back [M] > Madshrimps > WebNews
Microsoft squashes Duqu threat with Windows patch Microsoft squashes Duqu threat with Windows patch
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Microsoft squashes Duqu threat with Windows patch
Thread Tools
Old 14th December 2011, 08:13   #1
[M] Reviewer
Stefan Mileschin's Avatar
Join Date: May 2010
Location: Romania
Posts: 94,356
Stefan Mileschin Freshly Registered
Default Microsoft squashes Duqu threat with Windows patch

A month after releasing a temporary workaround to block malware exploiting a Windows kernel vulnerability, Microsoft today issued a patch for all supported releases of Windows aimed at putting an end to attacks based on the Duqu worm.

Duqu, reminiscent of last year's Stuxnet threat, has reportedly been used in Europe, Iran, Sudan, and the United States. The attacks exploited a vulnerability in Windows' TrueType font engine, letting hackers gain access to the Windows kernel and run shell code, providing the ability to install programs, manipulate data, or create new accounts with full user rights. Last month, Microsoft issued a temporary workaround shutting off access to the dynamic link library that allows applications to display TrueType fonts, at the expense of displaying the fonts correctly.

Today's patch eliminates the need for a workaround, fixing the code in all supported versions of Windows XP, Windows Vista, Windows 7, and Windows Server 2003 and 2008. While not mentioning Duqu by name, Microsoft described it as a fix for a "Vulnerability in Windows Kernel-Mode Drivers" and said, "The vulnerability could allow remote code execution if a user opens a specially crafted document or visits a malicious Web page that embeds TrueType font files... The majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically."

The patch came on Microsoft's regularly scheduled Patch Tuesday, which included 13 security bulletins addressing 19 vulnerabilities in Windows, Office, and Internet Explorer. Four patches, including the Windows kernel one, require a restart, while all others come with the possibility of a restart. Three, also including the kernel patch, are rated critical. One other critical patch addresses a flaw that could allow remote code execution if a user views a specially crafted webpage in Internet Explorer, with the patch including kill bits for four third-party ActiveX controls. The other critical patch targets a vulnerability in Windows media Player and Media Center that could allow remote code execution if a user opens a specially crafted video file.

Microsoft originally planned to issue 14 bulletins, rather than 13, but one was delayed because it would have broken an application shipped by an unnamed "major third-party vendor." "We’re currently working with that vendor to address the issue on their platform, after which we’ll issue the bulletin as appropriate," Microsoft said. With today's bulletins marking the last Patch Tuesday of the year, Microsoft said it has issued 99 bulletins in 2011, with critical bulletins account for 32 percent, a lower number in percentage and absolute terms than in most previous years.

UPDATE: It turns out the patch left out of this month's batch is for BEAST, or "Browser Exploit Against SSL/TLS," and it was scratched because of incompatibility with an SAP application, Computerworld reports. We posted a story on BEAST a few months back.
Stefan Mileschin is offline   Reply With Quote

Similar Threads
Thread Thread Starter Forum Replies Last Post
Microsoft Issues Temporary Fix for Duqu Zero-Day Stefan Mileschin WebNews 0 7th November 2011 07:51
Microsoft to patch up 23 bugs with Tuesday updates Stefan Mileschin WebNews 0 7th October 2011 08:03
Microsoft Patch Tuesday: 5 Criticals, 2 Important, 1 Moderate Patch jmke WebNews 0 14th April 2009 19:47
Microsoft’s New Patch to Improve 3D Games Performance on Windows Vista Systems jmke WebNews 0 1st September 2007 16:49
A 'Critical' Patch Day For Microsoft Sidney WebNews 4 9th May 2007 15:59
Shuttle squashes Mini-PC jmke WebNews 0 9th June 2006 11:33
Microsoft sets company record with WMF patch jmke WebNews 0 8th January 2006 23:09
Microsoft to update final Windows 2000 patch Sidney WebNews 0 9th August 2005 01:22
Microsoft: Windows patch is flawed Sidney WebNews 0 31st March 2005 19:01
Patch for major graphics vulnerability issued by Microsoft jmke WebNews 1 15th September 2004 10:55

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

All times are GMT +1. The time now is 04:43.

Powered by vBulletin® - Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO