Microsoft patches 'Sons of Duqu' flaws

Summary:Microsoft has patched a number of software flaws that could have led to information-stealing attacks by Duqu malware, according to security company Qualys.One of the critical 'Patch Tuesday' bulletins, MS12-034, addressed multiple Microsoft products that were vulnerable to the Duqu data-stealing malware, Qualys chief technology officer Wolfgang Kandek said in a statement on Tuesday.

Microsoft has patched a number of software flaws that could have led to information-stealing attacks by Duqu malware, according to security company Qualys.

One of the critical 'Patch Tuesday' bulletins, MS12-034, addressed multiple Microsoft products that were vulnerable to the Duqu data-stealing malware, Qualys chief technology officer Wolfgang Kandek said in a statement on Tuesday. The flaws had not been patched in Microsoft's December 2011 round of updates, which previously tackled Duqu, said Kandek.

"In December of 2011 Microsoft issued bulletin MS11-087, which patched a vulnerability in the TrueType Font handling in win32k.sys DLL that had actively been exploited by the Duqu malware," said Kandek. "After the fix was delivered, Microsoft's internal security team started an effort to identify further occurrences of the vulnerable code in Microsoft's other software packages and found multiple products that contained the flawed code."

Kandek said that MS12-034 gave the patches necessary to address theses "Sons of Duqu vulnerabilities", along with nine other security fixes. Qualys pointed out that Duqu variants did not appear to be exploiting the MS12-034 flaws, which affected Microsoft operating systems including XP, Vista, and Windows 7.

Microsoft's May Patch Tuesday contained seven bulletins — three critical, and four important. The flaws in one of the critical bulletins, MS12-035, lie in the .NET framework, in relation to browsers running XAML Browser Applications (XBAPs). The vulnerabilities were reported by James Forshaw, principal security consultant at security company Context, last March.

"There is no evidence to suggest these vulnerabilities have been exploited, but they would allow an attacker to target an application, either via a remote interface or through code executing within a sandbox, in order to disclose information such as authentication details or to circumvent security measures to execute code under malicious control," Forshaw said in a statement.

Forshaw will give a presentation on exploiting the flaws at the Black Hat USA conference in July.

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.