Microsoft Adjusts as Duqu Lingers

Friday, May 11, 2012 @ 11:05 AM gHale


Duqu is still causing issues with Microsoft as the software giant released seven bulletins to close 23 vulnerabilities on its May Patch Tuesday.

This latest update closes various holes in quite a few products because of a critical hole in the code for processing TrueType fonts exploited by the Duqu spyware last year. The company closed the hole in the Windows kernel in December, but then programmers used a code scanner to find the vulnerable code in numerous other components; among them is the gdiplus.dll library, which various browsers use to render web fonts.

RELATED STORIES
Microsoft Finds Apple Malware
Conficker Covers Other Infections
Conficker Still Going Strong
New Botnet Goes to Market

Some of the vulnerable files contained further holes that Microsoft also patched within the same bulletin – meaning this update fixes a number of other flaws in addition to the original vulnerability. It closes holes in all currently supported versions of Windows (from XP SP3 onwards, including Server), Office, the .NET framework and Silverlight. These “bonus” holes include three privilege escalation problems in the Windows kernel, including flaws in the code for processing keyboard layouts.

Another bulletin closes a critical hole in the code for processing RTL documents. It affects Office 2003, 2007 as well as Office Compatibility Packs SP2 and 3. The vulnerability has also been closed in Office for Mac 2008 and 2011. Bulletin MS12-035 addresses two critical holes in the .NET framework.

The remaining four bulletins fix holes that have the second highest threat rating, “important.” These vulnerabilities affect Office, Visio Viewer 2010, the Windows partition manager and the Windows firewall and TCP stack.



Leave a Reply

You must be logged in to post a comment.