1
Cheetah-Fast Update: Duqu kernel flaw workaround released by Microsoft on Fri Nov 04, 2011 3:38 pm
DragonMaster Jay
Site Owner
Duqu was a zero-day exploit and awaited a bugfix by Microsoft. This malware installed itself by using a Word document with the malcode embedded, that once executed, distributes the Duqu code on to the machine.
Some researchers speculate relation to Stuxnet, but all the details cannot be verified. Its main relation is using stolen certificates to sign drivers, inserted with arbitrary code.
Symantec states this installer is downloaded from status updates. The main research lab investigating, whom first discovered, would be CrySyS Lab.
Microsoft has released an official workaround.
The automatic fix (but occasionally buggy depending on system configuration) is using a FixIt Tool with title: "Microsoft Security Advisory: Vulnerability in TrueType font parsing could allow elevation of privileges". This can also be obtained in the recent critical update released in Microsoft Update.
To apply the workaround manually, users of 32-bit systems can enter the following at an elevated command prompt:
Echo y| cacls "%windir%\system32\t2embed.dll" /E /P everyone:N
For 64-bit systems, users should enter both of these at an elevated command prompt:
Echo y| cacls "%windir%\system32\t2embed.dll" /E /P everyone:N
Echo y| cacls "%windir%\syswow64\t2embed.dll" /E /P everyone:N
Some researchers speculate relation to Stuxnet, but all the details cannot be verified. Its main relation is using stolen certificates to sign drivers, inserted with arbitrary code.
Symantec states this installer is downloaded from status updates. The main research lab investigating, whom first discovered, would be CrySyS Lab.
Microsoft has released an official workaround.
The automatic fix (but occasionally buggy depending on system configuration) is using a FixIt Tool with title: "Microsoft Security Advisory: Vulnerability in TrueType font parsing could allow elevation of privileges". This can also be obtained in the recent critical update released in Microsoft Update.
To apply the workaround manually, users of 32-bit systems can enter the following at an elevated command prompt:
Echo y| cacls "%windir%\system32\t2embed.dll" /E /P everyone:N
For 64-bit systems, users should enter both of these at an elevated command prompt:
Echo y| cacls "%windir%\system32\t2embed.dll" /E /P everyone:N
Echo y| cacls "%windir%\syswow64\t2embed.dll" /E /P everyone:N
..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner
Kaspersky Anti-Virus 2012: Click HereContribute/donate to our site
Mon May 21, 2012 7:06 pm by 
