Researchers also noted that while Microsoft did not patch the Duqu-exploited bug, it did fix a different flaw in the TrueType font parsing engine, the component targeted by the Trojan's attacks. MS11-084 fixes a single vulnerability in the Windows kernel-mode driver Win32k.sys that can be exploited through a malformed TrueType font file. "We're see a pattern of kernel-level bugs and parsing of font files," said Storms. "And they're going to have to come back and patch this again for Duqu."
Microsoft patched the TrueType engine within Win32k.sys just last month, fixing a flaw that let hackers conduct denial-of-service attacks to cripple Windows PCs. Today's bug was also categorized as a denial-of-service flaw. In lieu of a fix, Microsoft last week told customers that they could defend their systems by blocking access to t2embed.dll, the dynamic link library that handles embedded TrueType fonts.
An advisory offered command-prompt strings IT administrators can use to deny access to t2embed.dll, and links to one of Microsoft's "Fix-it" tools that automate the process of blocking or unblocking access to the library. Blocking t2embed.dll, however, has side effects: Applications, including Web browsers, applications in Microsoft's Office suite and Adobe's Reader, may not render text properly.
Microsoft also updated that advisory today with a link to a list of its antivirus partners that have issued signatures to detect the kernel-based Duqu attacks.
November's security patches can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His e-mail address is firstname.lastname@example.org. See more articles by Gregg Keizer.
Read more about security in Computerworld's Security Topic Center.