Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: 0-day vulnerability patches KB 972270 and KB982132 install over a...

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as resolved.
mtodorov 0-day vulnerability patches KB 972270 and KB982132 install over and over again ...
Member 6th Nov, 2011 00:39
Ranking: 12
Posts: 166
User Since: 20th Mar, 2009
System Score: N/A
Location: HR
Last edited on 6th Nov, 2011 00:40

0-day vulnerability patches KB 972270 and KB982132 install over and over again ...

The symptom is the same whether clicking on yellow shield in bottom right system tray, installing with "Turn off" or from IE with Microsoft Update. PSI reports patched vulnerability, but only after all three installation methods, I don't know which one worked.

I've also read from Google quick search that some people had blue screen on patches install attempt.

Microsoft FixIt for the vulnerability MicrosoftFixit50793.msi just did not work in Croatian language: it said the Fixit had already been applied.

You know, these patches address Nov/03 0-day kernel win32k.sys vulnerability CVE-2011-3402.

Any idea, please.

Thanx
mt


--
"If a task is worth doing, it is worth doing right. If it is not worth doing well, it is not worth doing." -- Dr. Jack Hyles
<><

Post "RE: 0-day vulnerability patches KB 972270 and KB982132 install over and over again ..." has been selected as an answer.
ddmarshall RE: 0-day vulnerability patches KB 972270 and KB982132 install over and over again ...
Dedicated Contributor 6th Nov, 2011 02:42
Score: 1208
Posts: 959
User Since: 8th Nov 2008
System Score: 98%
Location: UK
I don't know why you are having to apply those two updates now; they are over a year old and refer to different vulnerabilties than the recent DuQu vulnerabilty.

The workaround Fixit is 50792. 50793 is to disable the workaround.
You can also apply the workaround manually by following the instructions in the Suggested Actions > Workarounds section of the security advisory http://technet.microsoft.com/en-us/security/adviso...

Note the impact of the workaround: "Impact of Workaround. Applications that rely on embedded font technology will fail to display properly."

Personally, I'm not applying the workaround. Antivirus is aware of the exploit and should block it.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+1
-0
mtodorov RE: 0-day vulnerability patches KB 972270 and KB982132 install over and over again ...
Member 6th Nov, 2011 16:28
Score: 12
Posts: 166
User Since: 20th Mar 2009
System Score: N/A
Location: HR
I see. Yes, impact of the workaround is severe. However, relying on antivirus to stop a worm instead of patching the hole doesn't satisfy my idea of security appropriate for 0-day exploit.

Can this be exploited from font downloading that occurs on some web pages without user intervention? Then it would be sufficient to visit malicious website to infect oneself.

Thanx.
mt


--
"If a task is worth doing, it is worth doing right. If it is not worth doing well, it is not worth doing." -- Dr. Jack Hyles
<><
Was this reply relevant?
+0
-0
ddmarshall RE: 0-day vulnerability patches KB 972270 and KB982132 install over and over again ...
Dedicated Contributor 6th Nov, 2011 18:36
Score: 1208
Posts: 959
User Since: 8th Nov 2008
System Score: 98%
Location: UK
It's not clear if the vulnerability can be exploited through Internet Explorer. Possibly protected mode would make it more difficult.
The current exploit is a Word Document. Symantec have published an analysis of how it works.
http://www.symantec.com/connect/w32-duqu_status-up...

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+1
-0
ddmarshall RE: 0-day vulnerability patches KB 972270 and KB982132 install over and over again ...
Dedicated Contributor 6th Nov, 2011 23:35
Score: 1208
Posts: 959
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Last edited on 7th Nov, 2011 14:43
Just noticed the seventh comment on this article: http://krebsonsecurity.com/2011/11/microsoft-issue...

The commenter had problems with Windows Update after running the Fix it. Unfortunately he doesn't mention which updates. It could be the same thing that happened to you. It looks as if the Fix it is making sure all the embedded font fixes are installed.

Update.
Another poster has confirmed that those two updates are offered for install repeatedly on XP SP3 after running the Fix it.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
mtodorov RE: 0-day vulnerability patches KB 972270 and KB982132 install over and over again ...
Member 7th Nov, 2011 19:51
Score: 12
Posts: 166
User Since: 20th Mar 2009
System Score: N/A
Location: HR
on 6th Nov, 2011 23:35, ddmarshall wrote:
Just noticed the seventh comment on this article: http://krebsonsecurity.com/2011/11/microsoft-issue...

The commenter had problems with Windows Update after running the Fix it. Unfortunately he doesn't mention which updates. It could be the same thing that happened to you. It looks as if the Fix it is making sure all the embedded font fixes are installed.

Update.
Another poster has confirmed that those two updates are offered for install repeatedly on XP SP3 after running the Fix it.


Thanks.


--
"If a task is worth doing, it is worth doing right. If it is not worth doing well, it is not worth doing." -- Dr. Jack Hyles
<><
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability