Microsoft issues temporary 'fix-it' for Duqu zero-day

Page 2 of 2 FirstFirst 12

  1. NoN
    Posts : 4,166
    Windows 7 Professional SP1 - x64 [Non-UEFI Boot]
       #10

    Corrine said:
    After enabling Microsoft Fix it 50792, there have been reports of Microsoft updates KB 972270 (MS10-001: Vulnerability in the Embedded OpenType Font Engine could allow remote code execution) and KB 982132 (MS10-076: Vulnerability in the Embedded OpenType Font Engine could allow remote code execution) being repeatedly re-offered.

    In the event you experience the same issue, after confirming in the update history that both updates are installed, I suggest that you enable the Fix it and then hide the updates when offered again.

    To hide the updates, select the first update and then right-click the update and click "Hide Update." Repeat for the second update.
    On Windows XP SP3 that's what is offered after applying the November 2011 Microsoft Fix it 50792 solution:

    Microsoft Security Bulletin MS09-029 - Critical : Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371)

    Microsoft Security Bulletin MS10-001 - Critical : Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)

    Microsoft Security Bulletin MS10-076 - Critical : Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (982132)

    The first one (961371) look never been installed on my computer.
      My Computer


  2. Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
    Thread Starter
       #11

    One of the side effects of applying this patch is that if you run System File Checker, it will stop at a certain point.

    Cannot repair member file [l:22{11}]"t2embed.dll" of Microsoft-Windows-Font-Embedding
    If you undo the patch, it works again.
      My Computer


  3. NoN
    Posts : 4,166
    Windows 7 Professional SP1 - x64 [Non-UEFI Boot]
       #12

    Borg 386 said:
    One of the side effects of applying this patch is that if you run System File Checker, it will stop at a certain point.

    Cannot repair member file [l:22{11}]"t2embed.dll" of Microsoft-Windows-Font-Embedding
    If you undo the patch, it works again.
    That's right on Windows 7...stuck at 16%.

    I wonder if that patch is really needed after all, since it had been patched twice or three times already then will come soon a newer one.
      My Computer


  4. Posts : 2,303
    Windows 7 & Windows Vista Ultimate
       #13

    Borg 386 said:
    One of the side effects of applying this patch is that if you run System File Checker, it will stop at a certain point.

    Cannot repair member file [l:22{11}]"t2embed.dll" of Microsoft-Windows-Font-Embedding
    If you undo the patch, it works again.
    That makes sense since the Fix it is taking ownership of t2embed.dll and then denying access to the dll:

    Takeown.exe /f "%windir%\system32\t2embed.dll"
    Icacls.exe "%windir%\system32\t2embed.dll" /deny *S-1-1-0:(F)

    NoN said:
    I wonder if that patch is really needed after all, since it had been patched twice or three times already then will come soon a newer one.
    As I replied to Hopalong X here, the choice is yours.
      My Computer


  5. NoN
    Posts : 4,166
    Windows 7 Professional SP1 - x64 [Non-UEFI Boot]
       #14

    NoN said:
    I wonder if that patch is really needed after all, since it had been patched twice or three times already then will come soon a newer one.
    As I replied to Hopalong X here, the choice is yours.
    I've decided to disable that Fix-it tip, therefore enable access to the T2embed.dll...:)

    I see no point yet...i'll just have to be carefull when receiving attachment in mails and wait for the next MS Patch.
      My Computer


  6. Posts : 2,528
    Windows 10 Pro x64
       #15

    There's supposed to be a permanent (non-breaking) fix in December, so I am with you on this one. I don't just open attachments from anyone without scanning them first anyway, and this virus/exploit/whatever is already detected by every major A/V engine. Is the exploit bad? Yes. Are we already safe from it with safe computing practices? Yes. Nothing to see here, move along...
      My Computer


  7. Posts : 2,303
    Windows 7 & Windows Vista Ultimate
       #16

    The Security Advisory was finally updated yesterday:

    The change: "V1.4 (November 11, 2011): Revised impact statement for the workaround, Deny access to T2EMBED.DLL, to address applications that rely on T2EMBED.DLL for functionality."
    Impact of Workaround.

    • Applications that rely on embedded font technology will fail to display properly.
    • After applying this workaround, users of Windows XP and Windows Server 2003 may be reoffered the KB982132 and KB972270 security updates. These reoffered updates will fail to install. The reoffering is a detection logic issue and users who have successfully applied both the KB982132 and KB972270 security updates previously can ignore the reoffer.
    • Applications with functionality that relies on T2EMBED.DLL, such as generating PDF files, may fail to work as expected. For example, Microsoft Office software will fail to generate PDF files.
      My Computer


  8. Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
    Thread Starter
       #17

    I've disabled mine, since it seemed to make the PC act a "bit off".
      My Computer


  9. Posts : 2,303
    Windows 7 & Windows Vista Ultimate
       #18

    MS11-087 was issued to address Security Advisory 2639658. If you installed Microsoft Fix it 50792, disable the Fix it.

    Direct download link: Microsoft Fix it 50793


      My Computer


 
Page 2 of 2 FirstFirst 12

Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 19:00.
Find Us