Microsoft patches 'Sons of Duqu' flaws

Microsoft has patched a number of software flaws that could have led to information-stealing attacks by Duqu malware, according to security company Qualys.One of the critical 'Patch Tuesday' bulletins, MS12-034, addressed multiple Microsoft products that were vulnerable to the Duqu data-stealing malware, Qualys chief technology officer Wolfgang Kandek said in a statement on Tuesday.

Microsoft has patched a number of software flaws that could have led to information-stealing attacks by Duqu malware, according to security company Qualys.

One of the critical 'Patch Tuesday' bulletins, MS12-034, addressed multiple Microsoft products that were vulnerable to the Duqu data-stealing malware, Qualys chief technology officer Wolfgang Kandek said in a statement on Tuesday. The flaws had not been patched in Microsoft's December 2011 round of updates, which previously tackled Duqu, said Kandek.

"In December of 2011 Microsoft issued bulletin MS11-087, which patched a vulnerability in the TrueType Font handling in win32k.sys DLL that had actively been exploited by the Duqu malware," said Kandek. "After the fix was delivered, Microsoft's internal security team started an effort to identify further occurrences of the vulnerable code in Microsoft's other software packages and found multiple products that contained the flawed code."

Kandek said that MS12-034 gave the patches necessary to address theses "Sons of Duqu vulnerabilities", along with nine other security fixes. Qualys pointed out that Duqu variants did not appear to be exploiting the MS12-034 flaws, which affected Microsoft operating systems including XP, Vista, and Windows 7.

Microsoft's May Patch Tuesday contained seven bulletins — three critical, and four important. The flaws in one of the critical bulletins, MS12-035, lie in the .NET framework, in relation to browsers running XAML Browser Applications (XBAPs). The vulnerabilities were reported by James Forshaw, principal security consultant at security company Context, last March.

"There is no evidence to suggest these vulnerabilities have been exploited, but they would allow an attacker to target an application, either via a remote interface or through code executing within a sandbox, in order to disclose information such as authentication details or to circumvent security measures to execute code under malicious control," Forshaw said in a statement.

Forshaw will give a presentation on exploiting the flaws at the Black Hat USA conference in July.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All