Microsoft patches 'Sons of Duqu' flaws

Microsoft patches 'Sons of Duqu' flaws

Summary: Microsoft has patched a number of software flaws that could have led to information-stealing attacks by Duqu malware, according to security company Qualys.One of the critical 'Patch Tuesday' bulletins, MS12-034, addressed multiple Microsoft products that were vulnerable to the Duqu data-stealing malware, Qualys chief technology officer Wolfgang Kandek said in a statement on Tuesday.

SHARE:
TOPICS: Security
0

Microsoft has patched a number of software flaws that could have led to information-stealing attacks by Duqu malware, according to security company Qualys.

One of the critical 'Patch Tuesday' bulletins, MS12-034, addressed multiple Microsoft products that were vulnerable to the Duqu data-stealing malware, Qualys chief technology officer Wolfgang Kandek said in a statement on Tuesday. The flaws had not been patched in Microsoft's December 2011 round of updates, which previously tackled Duqu, said Kandek.

"In December of 2011 Microsoft issued bulletin MS11-087, which patched a vulnerability in the TrueType Font handling in win32k.sys DLL that had actively been exploited by the Duqu malware," said Kandek. "After the fix was delivered, Microsoft's internal security team started an effort to identify further occurrences of the vulnerable code in Microsoft's other software packages and found multiple products that contained the flawed code."

Kandek said that MS12-034 gave the patches necessary to address theses "Sons of Duqu vulnerabilities", along with nine other security fixes. Qualys pointed out that Duqu variants did not appear to be exploiting the MS12-034 flaws, which affected Microsoft operating systems including XP, Vista, and Windows 7.

Microsoft's May Patch Tuesday contained seven bulletins — three critical, and four important. The flaws in one of the critical bulletins, MS12-035, lie in the .NET framework, in relation to browsers running XAML Browser Applications (XBAPs). The vulnerabilities were reported by James Forshaw, principal security consultant at security company Context, last March.

"There is no evidence to suggest these vulnerabilities have been exploited, but they would allow an attacker to target an application, either via a remote interface or through code executing within a sandbox, in order to disclose information such as authentication details or to circumvent security measures to execute code under malicious control," Forshaw said in a statement.

Forshaw will give a presentation on exploiting the flaws at the Black Hat USA conference in July.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion