Microsoft Fixit for Duqu 0 day exploit

[dvk01]

http://hijack-this.co.uk/2011/11/microsoft-fixit-for-dequ-0-day-exploit/

Temporary fixit & workaround for 0 day exploit relating to duqu malware

Fixit & unfixit here http://support.microsoft.com/kb/2639658

Advisory with manual “fixes” http://technet.microsoft.com/en-us/security/advisory/2639658

My considered advice is that you won’t need it and you should wait until Microsoft issue a full patch
So far all attacks have been directly targetted against specific companies or Government departments, That might change as the skiddies get hold of the exploit

Using the fixit might make some applications/ word docs or websites not display correctly ( or even at all ) if they use embedded True type fonts & they haven’t been set to gracefully fall back on standard system fonts

If we start to see general attacks, then I will update this & suggest using the fixit

An additional workaround to prevent Websites attacking you by using embedded fonts is to set Internet Explorer font downloads to prompt instead of allow . That way you at least get an alert if a font is being downloaded and you can make an educated opinion as to whether it is likely to be malicious
•Open Internet Explorer
•On the Tools menu, click Options and then click the Security tab.
•Select Custom and click Settings.
•Scroll to the Downloads section.
•Change the Font Download setting from Enable to Prompt