The Latest in IT Security

Microsoft announces workaround for the Duqu exploit

04
Nov
2011

Microsoft FixIt for Duqu vulnerabilityMicrosoft have posted security advisory 2639658 to address the recently disclosed Windows kernel vulnerability (CVE-2011-3402) exploited by the Duqu malware.

Microsoft has determined the flaw is in the processing of embedded True Type Fonts (TTFs). According to Microsoft:

“The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

That’s a pretty serious bug. In the terms security professionals usually use that means it has the ability for remote code execution (RCE) and elevation of privilege (EoP).

Microsoft is working diligently to provide a patch, but it is unlikely we will see it in this Tuesday’s update from the software giant. They are simply committing to providing a quality fix whether that is in an out-of-cycle update or in the December Patch Tuesday.

Microsoft has offered a FixIt download tool that will disable support for embedded TTFs to provide protection against the flaw.

The problem with that is it will prevent any applications that rely on embedded TTFs from rendering properly. This is a common practice in Microsoft Office documents, browsers and document viewers.

I expect Microsoft won’t waste too much time getting a fix out for this one, and the risk of being exploited through this bug is extremely low for most organizations.

As SophosLabs further analyzes this threat we will post updates here on Naked Security.

Leave a reply


Categories

TUESDAY, DECEMBER 10, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments