December Patch Tuesday Fixes Duqu Worm

Dennis Faas's picture

Microsoft has fixed a major vulnerability exploited by the nasty Duqu Worm with its most recent Patch Tuesday series of security updates, which started rolling out yesterday. The total number of patches fix 17 vulnerabilities in Windows. (Source:

Unfortunately, the company still hasn't issued a fix for a serious browser flaw ominously known as BEAST (Browser Exploit Against SSL/TLS). The BEAST exploit was  first discovered in September of this year and was responsible for cracking Paypal encrypted browser cookies. (Source:

Of the 17 vulnerabilities noted, Microsoft's December 2011 Patch Tuesday addresses ten bugs labeled "important" and three designated "critical" -- Microsoft's highest security threat level.

Duqu Worm Finally Gets Fix

The first critical patch, MS11-087, provides a fix for a vulnerability found in the TrueType font within the Windows kernel. It had been previously revealed that a hacker could potentially use this hole to take over control of a PC remotely.

It's also known that the hole had been used to infect some systems with the Duqu malware, which lets hackers gain access to a system so that they might install or remove programs, manipulate information, or create new accounts for themselves (while blocking access to legitimate users).

In November Microsoft provided users with a temporary workaround that prevented the flaw from being exploited, but this workaround also served to display some fonts within TrueType incorrectly. (Source:

Security company Qualys believes this new patch should help to address what it considers a very troubling flaw.

"Now that the patch is out, we can expect an exploit to be coded and become available in short time," Qualys said on its blog.

A second critical patch known as MS11-090 targets ActiveX Kill Bits, while the third, MS11-092 fills a hole known to exist in the Windows Media Player.

BEAST Exploit Remains Untamed

Not being fixed, unfortunately, is a browser exploit known as BEAST discovered in September that could be used to decrypt encrypted data and compromise sensitive information.

Microsoft said it originally planned to issue a fix for this issue but held back because of worries that the patch might negatively effect an important third-party application. (Source:

"We're currently working with that vendor to address the issue on their platform, after which we'll issue the bulletin as appropriate," Microsoft noted.

Rate this article: 
No votes yet