<<<
Tuesday, December 13, 2011
>>>
 
Patch For the Zero-Day Vulnerability Used by Duqu Posted by Mikko @ 19:06 GMT

It's patch Tuesday and Microsoft has just issued a patch for the zero-day vulnerability that was used by the Duqu malware discovered in October.

ms11-087

To quote the bulletin:

What does the update do?
The update addresses the vulnerability by modifying the way that a Windows kernel mode driver handles TrueType font files.

When this security bulletin was issued, had this vulnerability been publicly disclosed?
Yes. This vulnerability has been publicly disclosed. It is assigned Common Vulnerability and Exposure number CVE-2011-3402.

When this security bulletin was issued, had Microsoft received any reports the vulnerability was being exploited?
Yes. Microsoft was aware of limited, targeted attacks attempting to exploit the vulnerability. However, when the security bulletin was released, Microsoft had not seen any examples of proof of concept code published.






<<< Premium Rate SMS Trojans in Google's Android Market
|
Rumors of Facebook Timeline Troubles >>>