Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Microsoft issues temporary 'fix-it' for Duqu zero-day

10 Nov 2011   #11
NoN

Windows 7 Professional SP1 - x64 [Non-UEFI Boot]
 
 

Quote   Quote: Originally Posted by Corrine View Post
After enabling Microsoft Fix it 50792, there have been reports of Microsoft updates KB 972270 (MS10-001: Vulnerability in the Embedded OpenType Font Engine could allow remote code execution) and KB 982132 (MS10-076: Vulnerability in the Embedded OpenType Font Engine could allow remote code execution) being repeatedly re-offered.

In the event you experience the same issue, after confirming in the update history that both updates are installed, I suggest that you enable the Fix it and then hide the updates when offered again.

To hide the updates, select the first update and then right-click the update and click "Hide Update." Repeat for the second update.
On Windows XP SP3 that's what is offered after applying the November 2011 Microsoft Fix it 50792 solution:

Microsoft Security Bulletin MS09-029 - Critical : Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371)

Microsoft Security Bulletin MS10-001 - Critical : Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)

Microsoft Security Bulletin MS10-076 - Critical : Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (982132)

The first one (961371) look never been installed on my computer.

My System SpecsSystem Spec
.

10 Nov 2011   #12

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

One of the side effects of applying this patch is that if you run System File Checker, it will stop at a certain point.

Quote:
Cannot repair member file [l:22{11}]"t2embed.dll" of Microsoft-Windows-Font-Embedding
If you undo the patch, it works again.
My System SpecsSystem Spec
11 Nov 2011   #13
NoN

Windows 7 Professional SP1 - x64 [Non-UEFI Boot]
 
 

Quote   Quote: Originally Posted by Borg 386 View Post
One of the side effects of applying this patch is that if you run System File Checker, it will stop at a certain point.

Quote:
Cannot repair member file [l:22{11}]"t2embed.dll" of Microsoft-Windows-Font-Embedding
If you undo the patch, it works again.
That's right on Windows 7...stuck at 16%.

I wonder if that patch is really needed after all, since it had been patched twice or three times already then will come soon a newer one.
My System SpecsSystem Spec
.


11 Nov 2011   #14

Windows 7 & Windows Vista Ultimate
 
 

Quote   Quote: Originally Posted by Borg 386 View Post
One of the side effects of applying this patch is that if you run System File Checker, it will stop at a certain point.

Quote:
Cannot repair member file [l:22{11}]"t2embed.dll" of Microsoft-Windows-Font-Embedding
If you undo the patch, it works again.
That makes sense since the Fix it is taking ownership of t2embed.dll and then denying access to the dll:

Takeown.exe /f "%windir%\system32\t2embed.dll"
Icacls.exe "%windir%\system32\t2embed.dll" /deny *S-1-1-0:(F)

Quote   Quote: Originally Posted by NoN View Post
I wonder if that patch is really needed after all, since it had been patched twice or three times already then will come soon a newer one.
As I replied to Hopalong X here, the choice is yours.
My System SpecsSystem Spec
12 Nov 2011   #15
NoN

Windows 7 Professional SP1 - x64 [Non-UEFI Boot]
 
 

Quote   Quote: Originally Posted by NoN View Post
I wonder if that patch is really needed after all, since it had been patched twice or three times already then will come soon a newer one.
Quote:
As I replied to Hopalong X here, the choice is yours.
I've decided to disable that Fix-it tip, therefore enable access to the T2embed.dll...

I see no point yet...i'll just have to be carefull when receiving attachment in mails and wait for the next MS Patch.
My System SpecsSystem Spec
12 Nov 2011   #16

Windows Server 2008 R2
 
 

There's supposed to be a permanent (non-breaking) fix in December, so I am with you on this one. I don't just open attachments from anyone without scanning them first anyway, and this virus/exploit/whatever is already detected by every major A/V engine. Is the exploit bad? Yes. Are we already safe from it with safe computing practices? Yes. Nothing to see here, move along...
My System SpecsSystem Spec
12 Nov 2011   #17

Windows 7 & Windows Vista Ultimate
 
 

The Security Advisory was finally updated yesterday:

The change: "V1.4 (November 11, 2011): Revised impact statement for the workaround, Deny access to T2EMBED.DLL, to address applications that rely on T2EMBED.DLL for functionality."
Quote:
Impact of Workaround.
  • Applications that rely on embedded font technology will fail to display properly.
  • After applying this workaround, users of Windows XP and Windows Server 2003 may be reoffered the KB982132 and KB972270 security updates. These reoffered updates will fail to install. The reoffering is a detection logic issue and users who have successfully applied both the KB982132 and KB972270 security updates previously can ignore the reoffer.
  • Applications with functionality that relies on T2EMBED.DLL, such as generating PDF files, may fail to work as expected. For example, Microsoft Office software will fail to generate PDF files.
My System SpecsSystem Spec
15 Nov 2011   #18

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

I've disabled mine, since it seemed to make the PC act a "bit off".
My System SpecsSystem Spec
13 Dec 2011   #19

Windows 7 & Windows Vista Ultimate
 
 

MS11-087 was issued to address Security Advisory 2639658. If you installed Microsoft Fix it 50792, disable the Fix it.

Direct download link: Microsoft Fix it 50793


My System SpecsSystem Spec
Reply

 Microsoft issues temporary 'fix-it' for Duqu zero-day




Thread Tools



Similar help and support threads for2: Microsoft issues temporary 'fix-it' for Duqu zero-day
Thread Forum
Microsoft issues fix for IE flaw that could allow PC hijack Security News
Microsoft office issues 32 bit Microsoft Office
Windows kernel 'zero-day' found in Duqu attack Security News
Patch Tuesday: Fix for 'Duqu' zero-day not likely this month Security News
Solved Microsoft Security Essentials Issues System Security
Microsoft Outlook 2010 issues Browsers & Mail
Is microsoft still receiving feedback on issues? Drivers

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:46 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33