Microsoft Security Bulletin Advance Notification for December 2011

Microsoft to fix Duqu kernel vulnerability and SSL/TLS exploits next Tuesday.

http://www.winrumors.com/microsoft-...lnerability-and-ssltls-exploits-next-tuesday/

 

Users should remember to apply Fixit 50793 (to undo workaround) before Tuesday if necessary? : http://support.microsoft.com/kb/2639658

 

There are side effects to using the fix it, plus I don't think most users would fall under the category of government targets to get infected by this malware anyway.

I'd just wait for the patch, people have survived fine this long.

 

There is NO patch yet for the SSL 3.0/TLS 1.0 vulnerability:

 

Delayed due to "SAP".

http://www.computerworld.com/s/arti...but_fixes_Duqu_bug?taxonomyId=17&pageNumber=1

 

Good question.
Anybody?

 

I agree. Sigh. But I inadvertently installed all updates yesterday on one machine without first undoing the fixit.
So do you think it would now be advisable to uninstall the update, undo the fixit then reinstall the update?
And which update was it that fixed it?

 

@Page42,

you could try the following:

-http://blogs.computerworld.com/19256/a_simple_test_insures_the_duqu_workaround_is_working

...and part ways down there's a link to a "font embedding demo web page". If the Fixit you applied recently is removed, then you should see that page in True Type font.

 

Crap. I'm not seeing True Type font.
I'm seeing what is supposed to be the vulnerable font.

 

I enabled the workaround again, and passed the test.
Wonder why the MS Update didn't fix it?

 

The update did fix the vulnerability. The fact that you see the custom font doesn't mean that the vulnerability wasn't fixed by the update. If you reapply the workaround after the update, then you will also be protected against future exploits against similar vulnerabilities.

 

Forgive me for saying so, but that doesn't make any sense to me.
How do you know this to be the case, MrBrian?

 

You are only supposed to see the second, different font with the workaround applied. With the workaround removed and the recent patch from yesterday applied, you will see the embedded truetype font as seen in the first image, but you are now protected against any attacks recently produced that exploit it. Hope this makes sense.

 

Even without the workaround (but with the update from Tuesday) you should be protected from attacks against this specific vulnerability. If you apply the workaround, you are protected from attacks against this specific vulnerability, and also from attacks against other similar vulnerabilities that may be discovered in the future.

 

Agreed! My explanation wasn't that clear, but that's more or less what I was trying to say, mostly that the Tuesday patch fixes the recent vulnerability Do you feel it's okay to also apply the fix for the tmembed.dll? There was mention it could break some potentially needed functionality.

 

From the bulletin:

I'm not applying the workaround, but some might consider it if the tradeoffs are acceptable.

 

Okay I see. I don't plan on applying it either.

 

I understand the explanations now.
Thanks for your patience.
I'm not clear on what the loss in functionality may be... and protection from future vulnerabilities of this nature does sound favorable.
That said, I'll probably disable the MS Fixit workaround.

By the way, was this all about Internet Explorer browser, and none of the others?

 

An example of the functionality lost is demonstrated in post #16.