Microsoft will tomorrow patch the zero-day kernel Word vulnerability exploited by the mysterious Duqu malware, more than a month after its existence was first made public.
In a pre-release draft covering the 13 December Patch Tuesday release that excluded helpful security bulletin numbers, Microsoft appears to have slipped in a fix for the elevation of privilege flaw (CVE-2011-3402) in Win32k TrueType font parsing engine hijacked by Duqu.
Microsoft responded within a week of the flaw becoming public in early November with a potentially inconvenient workaround that disabled some elements of TrueType, although Duqu itself was quickly detectible by security software from a range of vendors.
All versions of Windows from XP onwards will need to be patched for the flaw. In total, Microsoft will use the Christmas 2011 Patch Tuesday to fix 20 vulnerabilities across 14 updates, three of which have been marked ‘critical’.
Zero-day vulnerabilities with a hook into the Windows kernel are a rarity these days and Duqu’s use of it has attracted considerable comment, including speculation linking it to the Stuxnet malware that believed to have been created to disrupt Iran’s nuclear programme.
Separately, Adobe will next week patch a zero-day flaw of its own, the recently discovered issue in Reader X 10.1.1 (CVE-2011-2462) and earlier versions of Reader 9.4.6, an exploit for which is now circulating in the wild as part of targeted attacks, the company indicated.
Users of Reader X will have been protected against the full blast form this exploit by the software’s sandboxing feature.