| ||Thread Tools|
|14th December 2011, 08:13||#1|
Join Date: May 2010
Microsoft squashes Duqu threat with Windows patch
A month after releasing a temporary workaround to block malware exploiting a Windows kernel vulnerability, Microsoft today issued a patch for all supported releases of Windows aimed at putting an end to attacks based on the Duqu worm.
Duqu, reminiscent of last year's Stuxnet threat, has reportedly been used in Europe, Iran, Sudan, and the United States. The attacks exploited a vulnerability in Windows' TrueType font engine, letting hackers gain access to the Windows kernel and run shell code, providing the ability to install programs, manipulate data, or create new accounts with full user rights. Last month, Microsoft issued a temporary workaround shutting off access to the dynamic link library that allows applications to display TrueType fonts, at the expense of displaying the fonts correctly.
Today's patch eliminates the need for a workaround, fixing the code in all supported versions of Windows XP, Windows Vista, Windows 7, and Windows Server 2003 and 2008. While not mentioning Duqu by name, Microsoft described it as a fix for a "Vulnerability in Windows Kernel-Mode Drivers" and said, "The vulnerability could allow remote code execution if a user opens a specially crafted document or visits a malicious Web page that embeds TrueType font files... The majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically."
The patch came on Microsoft's regularly scheduled Patch Tuesday, which included 13 security bulletins addressing 19 vulnerabilities in Windows, Office, and Internet Explorer. Four patches, including the Windows kernel one, require a restart, while all others come with the possibility of a restart. Three, also including the kernel patch, are rated critical. One other critical patch addresses a flaw that could allow remote code execution if a user views a specially crafted webpage in Internet Explorer, with the patch including kill bits for four third-party ActiveX controls. The other critical patch targets a vulnerability in Windows media Player and Media Center that could allow remote code execution if a user opens a specially crafted video file.
Microsoft originally planned to issue 14 bulletins, rather than 13, but one was delayed because it would have broken an application shipped by an unnamed "major third-party vendor." "We’re currently working with that vendor to address the issue on their platform, after which we’ll issue the bulletin as appropriate," Microsoft said. With today's bulletins marking the last Patch Tuesday of the year, Microsoft said it has issued 99 bulletins in 2011, with critical bulletins account for 32 percent, a lower number in percentage and absolute terms than in most previous years.
UPDATE: It turns out the patch left out of this month's batch is for BEAST, or "Browser Exploit Against SSL/TLS," and it was scratched because of incompatibility with an SAP application, Computerworld reports. We posted a story on BEAST a few months back.
|Thread||Thread Starter||Forum||Replies||Last Post|
|Microsoft Issues Temporary Fix for Duqu Zero-Day||Stefan Mileschin||WebNews||0||7th November 2011 07:51|
|Microsoft to patch up 23 bugs with Tuesday updates||Stefan Mileschin||WebNews||0||7th October 2011 08:03|
|Microsoft Patch Tuesday: 5 Criticals, 2 Important, 1 Moderate Patch||jmke||WebNews||0||14th April 2009 19:47|
|Microsoft’s New Patch to Improve 3D Games Performance on Windows Vista Systems||jmke||WebNews||0||1st September 2007 16:49|
|A 'Critical' Patch Day For Microsoft||Sidney||WebNews||4||9th May 2007 15:59|
|Shuttle squashes Mini-PC||jmke||WebNews||0||9th June 2006 11:33|
|Microsoft sets company record with WMF patch||jmke||WebNews||0||8th January 2006 23:09|
|Microsoft to update final Windows 2000 patch||Sidney||WebNews||0||9th August 2005 01:22|
|Microsoft: Windows patch is flawed||Sidney||WebNews||0||31st March 2005 19:01|
|Patch for major graphics vulnerability issued by Microsoft||jmke||WebNews||1||15th September 2004 10:55|