Duqu, the so-called “son of Stuxnet” trojan, contains a dropper program that exploits the vulnerability, located in the Windows kernel, Microsoft revealed in early November. The software giant subsequently issued a workaround, and the issue now is corrected with bulletin MS11-087, rated “critical.”
“The most important patch this month is the TrueType font parsing issue, which is the zero-day vulnerability exploited as part of the Duqu targeted attacks,” said Joshua Talbot, security intelligence manager of Symantec Security Response. “The Duqu malware didn’t actually incorporate an exploit for this issue in its code, but the vulnerability was used by malicious email attachments to load Duqu onto targeted systems.”
Tuesday’s other high-priority patch is MS11-092, also rated critical, which remedies a vulnerability in Windows Media that could permit remote code execution. The third and final critical fix, MS11-090, involves an ActiveX issue.
The security update also included a patch — MS11-099 — for three Internet Explorer (IE) vulnerabilities. A cumulative patch for the popular web browser typically ranks higher on Microsoft’s deployment priority chart, but not this month.
“[N]one of the IE vulnerabilities are particularly high impact issues,” Talbot said. “They’re still important, but we suggest prioritizing quite a few of the other bulletins ahead of them.
Microsoft was scheduled to release 14 total patches, but decided to pull one.
“After [Thursday’s] announcement, we discovered an apps-compatibility issue between one bulletin candidate and a major third-party vendor,” Angela Gunn, a senior response communications manager for Microsoft Trustworthy Computing, wrote in a Tuesday blog post. “We’re currently working with that vendor to address the issue on their platform, after which we’ll issue the bulletin as appropriate.”
Attackers are not actively exploiting the vulnerability, Gunn said.