Last week Microsoft revealed there is a serious security vulnerability with the true type fond rendering code built into the Windows kernel. By simply visiting an infected website the Duqu worm can get administrative level privileges to your system, thereby installing viruses / worms on your system. Malformed MS Word documents can also be an entry vector for Duqu.
While a more permanent patch is expected to be available within the next month, Microsoft has implemented a “Fix it” workaround you can access via this url:
http://support.microsoft.com/kb/2639658
To enable the fix, scroll down and click the fix it button under “Enable”.
Please note: There is one drawback to this fix, once you enable it you will no longer be able to do a “Save As…” to PDF format from any Office app. You can restore this capability by disabling the Fix It by clicking the appropriate button under the “Disable” option in the above url.
I have successfully tested the fix enable / disable and was able to restore the ability to save as to PDF. For the time being I will be running with the fix enabled. If I need to export to PDF I can visit the site, disable the fix, and save to pdf, then re-enable. While disabled I would not be going to any websites.
This is a fairly serious issue that is already being exploited to infect machines. To protect yourself, along with your business and / or clients, you should consider using this fix until a permanent solution is provided by Microsoft.
Also note that this week’s “patch Tuesday” updates included some critical security fixes. If you do not have your box setup to automatically apply updates, you should go to Windows Update and get the latest patches.
A big thanks to Steve Gibson (@sggrc) and his Security Now podcast on the TWIT.TV network, where I heard about this. If you aren’t listening to the Security Now podcast, you should. I’ve long held it should be required listening for any IT Professional.
Arcane Code 