NEWS FROM THE LAB - Tuesday, December 13, 2011

Patch For the Zero-Day Vulnerability Used by Duqu Posted by Mikko @ 19:06 GMT

It's patch Tuesday and Microsoft has just issued a patch for the zero-day vulnerability that was used by the Duqu malware discovered in October.


To quote the bulletin:

What does the update do?
The update addresses the vulnerability by modifying the way that a Windows kernel mode driver handles TrueType font files.

When this security bulletin was issued, had this vulnerability been publicly disclosed?
Yes. This vulnerability has been publicly disclosed. It is assigned Common Vulnerability and Exposure number CVE-2011-3402.

When this security bulletin was issued, had Microsoft received any reports the vulnerability was being exploited?
Yes. Microsoft was aware of limited, targeted attacks attempting to exploit the vulnerability. However, when the security bulletin was released, Microsoft had not seen any examples of proof of concept code published.