Retired Moderator Retired Malware Specialist
- Dec 14, 2002
Temporary fixit & workaround for 0 day exploit relating to duqu malware
Fixit & unfixit here http://support.microsoft.com/kb/2639658
Advisory with manual fixes http://technet.microsoft.com/en-us/security/advisory/2639658
My considered advice is that you wont need it and you should wait until Microsoft issue a full patch
So far all attacks have been directly targetted against specific companies or Government departments, That might change as the skiddies get hold of the exploit
Using the fixit might make some applications/ word docs or websites not display correctly ( or even at all ) if they use embedded True type fonts & they havent been set to gracefully fall back on standard system fonts
If we start to see general attacks, then I will update this & suggest using the fixit
An additional workaround to prevent Websites attacking you by using embedded fonts is to set Internet Explorer font downloads to prompt instead of allow . That way you at least get an alert if a font is being downloaded and you can make an educated opinion as to whether it is likely to be malicious
Open Internet Explorer
On the Tools menu, click Options and then click the Security tab.
Select Custom and click Settings.
Scroll to the Downloads section.
Change the Font Download setting from Enable to Prompt