Important! Please Do This Today. Microsoft Issues Fix for Duqu Zero Day True Type Vulnerability

from JoeUser Forums

 

A real quicky for you folks.

Microsoft has issued a fix to prevent exploitation of the True Type vulnerability which allows exploitation of the Win x32 true type font parsing engine (the Duqu Trojan/virus rootkit).

An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The fix is for x486 and x64 systems. It’s a “work around”, but it works and is strongly recommended until MS issues a “patch”

Just so you know, the vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must open an attachment that is sent in an e-mail message.

Patch Tuesday is coming up, by the way. Four updates are expected this time.

 

The fix can be obtained here:  http://support.microsoft.com/kb/2639658

Important Update:

This temporary fix prevents  sfc /scannow. It will abort at 28% (mine did). The "Disable" (see above) re-enables sfc /scannow.

23,804 views 14 replies
Reply #1 from WinCustomize Forums Top

Okay I did it, and it was easy enough to do.

Question, what would have been the risk of waiting for Patch Tuesday?  

I don't ever open an attachment that comes in an email unless I'm expecting it.

Reply #2 from WinCustomize Forums Top

Done and done. Cheers, Doc!

Elemental: Reforged
Reply #3 from WinCustomize Forums Top

Quoting Philly0381, reply 1
Question, what would have been the risk of waiting for Patch Tuesday?
End of Philly0381's quote

How can I answer that?

Important enough for MS to have released it early.

Because they did, I notified.

Reply #4 from Demigod Forums Top

Thx, doc.  I installed it.  Doesn't look like a problem that would impact any of us techies, though, but thanks all the same.

 

Reply #5 from Elemental Forums Top

Question, what would have been the risk of waiting for Patch Tuesday?
End of quote

Just so you know, the vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must open an attachment that is sent in an e-mail message.
End of quote

Zero, if you don't open unsolicited attachments. It was released early simply because most users don't think before clicking.

Reply #6 from Stardock Forums Top

People open email attachments?  Weird.

Reply #7 from WinCustomize Forums Top

Quoting kryo, reply 5
Question, what would have been the risk of waiting for Patch Tuesday?

Just so you know, the vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must open an attachment that is sent in an e-mail message.

Zero, if you don't open unsolicited attachments. It was released early simply because most users don't think before clicking.
End of kryo's quote

Might come in an attachment from someone you know/trust.... spear phishing. Unfortunately, no one is invulnerable.

Of course one shouldn't open an attachment from an unknown source and delete the email immediately

Reply #8 from Stardock Forums Top

Quoting DrJBHL, reply 7

Might come in an attachment from someone you know/trust.... spear phishing. Unfortunately, no one is invulnerable.

Of course one shouldn't open an attachment from an unknown source and delete the email immediately
End of DrJBHL's quote

I rather disagree.  Intelligence is the best armor there is.

Reply #9 from WinCustomize Forums Top

If someone you know, or a superior at work sends you an email with an attachment, why would you suspect anything? It would not ne logical not to open the email and document. This fix prevents a Doqu infected document from infecting your computer.

Reply #10 from Demigod Forums Top

Quoting DrJBHL, reply 9
If someone you know, or a superior at work sends you an email with an attachment, why would you suspect anything?
End of DrJBHL's quote

Because frankly, everyone I know and some of the folks I work with are not quite as tech savy as me.  I would suspect something.  Just sayin'.  But still, good work for the heads up.  I certainly always prefer to be informed.  Thanks!

Reply #11 from WinCustomize Forums Top

I won't even open an attachment from my own mother. People who know me, know well enough to never send me any emails with attachments unless they tell me beforehand. Trust no one....... ever, that's the catch call i have lived by for many years and it has never failed me. :)

Reply #12 from JoeUser Forums Top

Thanks for the heads up!

Reply #13 from Stardock Forums Top

Quoting DrJBHL, reply 9
If someone you know, or a superior at work sends you an email with an attachment, why would you suspect anything? It would not ne logical not to open the email and document. This fix prevents a Doqu infected document from infecting your computer.
End of DrJBHL's quote

Why would I suspect anything, you ask?

 

Because they sent me an attachment.

Reply #14 from Elemental Forums Top

Thanks Doc, you are the best.....