Microsoft Security Bulletin Advance Notification for December 2011

Discussion in 'other security issues & news' started by ronjor, Dec 8, 2011.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,755
    Location:
    Texas
    https://technet.microsoft.com/en-us/security/bulletin/ms11-dec

    Note: See Executive Summaries.
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
    Microsoft to fix Duqu kernel vulnerability and SSL/TLS exploits next Tuesday.

    http://www.winrumors.com/microsoft-...lnerability-and-ssltls-exploits-next-tuesday/
     
  3. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
    There are side effects to using the fix it, plus I don't think most users would fall under the category of government targets to get infected by this malware anyway.

    I'd just wait for the patch, people have survived fine this long.
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,755
    Location:
    Texas
    https://technet.microsoft.com/en-us/security/bulletin/ms11-dec
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,755
    Location:
    Texas
    https://blogs.technet.com/b/msrc/ar...r-bulletins-are-released.aspx?Redirected=true
     
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,755
    Location:
    Texas
    https://blogs.technet.com/b/srd/archive/2011/12/13/more-information-on-ms11-087.aspx?Redirected=true
     
  8. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,767
    Location:
    Outer space
    There is NO patch yet for the SSL 3.0/TLS 1.0 vulnerability:
     
  9. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
  10. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    Good question.
    Anybody?
     
  11. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,755
    Location:
    Texas
    I would undo the fixit and follow with the complete security update.

    http://support.microsoft.com/kb/2639417
     
  12. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    I agree. Sigh. But I inadvertently installed all updates yesterday on one machine without first undoing the fixit.
    So do you think it would now be advisable to uninstall the update, undo the fixit then reinstall the update?
    And which update was it that fixed it? :)
     
  13. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,755
    Location:
    Texas
    kb/2639417 as listed in your installed updates.
    If you successfully updated, I wouldn't uninstall/reinstall.
     
    Last edited: Dec 14, 2011
  14. wat0114

    wat0114 Guest

    @Page42,

    you could try the following:

    -http://blogs.computerworld.com/19256/a_simple_test_insures_the_duqu_workaround_is_working

    ...and part ways down there's a link to a "font embedding demo web page". If the Fixit you applied recently is removed, then you should see that page in True Type font.
     
  15. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    Crap. I'm not seeing True Type font.
    I'm seeing what is supposed to be the vulnerable font.

    duqu workaround.jpg
     
  16. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    I enabled the workaround again, and passed the test.
    Wonder why the MS Update didn't fix it?
    duqu workaround II.jpg
     
  17. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    The update did fix the vulnerability. The fact that you see the custom font doesn't mean that the vulnerability wasn't fixed by the update. If you reapply the workaround after the update, then you will also be protected against future exploits against similar vulnerabilities.
     
  18. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    Forgive me for saying so, but that doesn't make any sense to me.
    How do you know this to be the case, MrBrian?
     
  19. wat0114

    wat0114 Guest

    You are only supposed to see the second, different font with the workaround applied. With the workaround removed and the recent patch from yesterday applied, you will see the embedded truetype font as seen in the first image, but you are now protected against any attacks recently produced that exploit it. Hope this makes sense.
     
  20. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Even without the workaround (but with the update from Tuesday) you should be protected from attacks against this specific vulnerability. If you apply the workaround, you are protected from attacks against this specific vulnerability, and also from attacks against other similar vulnerabilities that may be discovered in the future.
     
  21. wat0114

    wat0114 Guest

    Agreed! My explanation wasn't that clear, but that's more or less what I was trying to say, mostly that the Tuesday patch fixes the recent vulnerability :) Do you feel it's okay to also apply the fix for the tmembed.dll? There was mention it could break some potentially needed functionality.
     
  22. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From the bulletin:
    I'm not applying the workaround, but some might consider it if the tradeoffs are acceptable.
     
  23. wat0114

    wat0114 Guest

    Okay I see. I don't plan on applying it either.
     
  24. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    I understand the explanations now.
    Thanks for your patience.
    I'm not clear on what the loss in functionality may be... and protection from future vulnerabilities of this nature does sound favorable.
    That said, I'll probably disable the MS Fixit workaround. :blink:

    By the way, was this all about Internet Explorer browser, and none of the others?
     
  25. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    An example of the functionality lost is demonstrated in post #16.
     
Loading...
Thread Status:
Not open for further replies.