'Fix it' for Windows Kernel's Duqu 0-Day Vulnerability - Untrusted Certificate Store 'DigiCert Sdn. Bhd. ' to be Updated - Nov' 2011 Security Advisory 2639658 Released

Microsoft Security Response Center (MSRC) published details about the November security updates --on Tuesday, November 8, 2011, at approximately 10 AM Pacific Time, Microsoft will release 4 bulletins."Security Advisory 2639568 will provide customer guidance for the Windows kernel issue related to the Duqu malware, revealed Jerry Bryant, Group Manager, Response Communications, Trustworthy Computing Group.Bryant notes […]

Microsoft Security Response Center (MSRC) published details about the November security updates --on Tuesday, November 8, 2011, at approximately 10 AM Pacific Time, Microsoft will release 4 bulletins.

"Security Advisory 2639568 will provide customer guidance for the Windows kernel issue related to the Duqu malware, revealed Jerry Bryant, Group Manager, Response Communications, Trustworthy Computing Group.

Bryant notes "Security advisory provides a workaround that can be applied to any Windows system. To make it easy for customers to install, we have released a Fix it that will allow one-click installation of the workaround and an easy way for enterprises to deploy."

"When you run the Enable fix it solution, the workaround denies the system access to the T2embed.dll file," the company informs. Microsoft is also supplying Microsoft Fix it 50793 to disable the changes introduced by Microsoft Fix it 50792.

In a seperate post Bryant notes, "Microsoft will revoke trust in an Intermediate Certificate Authority, DigiCert Sdn. Bhd. (Digicert Malaysia) in an update to be released through Windows Update."

"DigiCert Sdn. Bhd is a Malaysian subordinate CA under Entrust and Verizon (GTE CyberTrust). There is no relationship between DigiCert Malaysia and DigiCert Inc., which is a member of the Windows Root Certificate Program," said Bryant.

He says "Microsoft was notified by Entrust, Inc, a certificate authority in the Microsoft Root program, that a Malaysian subordinate CA, DigiCert Sdn. Bhd issued 22 certificates with weak 512 bit keys." "Additionally, this subordinate CA has issued certificates without the appropriate usage extensions or revocation information. This is a violation of the Microsoft Root Program requirements (http://technet.microsoft.com/en-us/library/cc751157.aspx)."

"The subordinate CA has clearly demonstrated poor CA security practices and Microsoft intends to revoke trust in the intermediate certificates," added Bryant.

In other, Microsoft security news, the company has decided to recall following four hotfixes that were part of the latest Cumulative Update for Excel 2007, released at the end of October 2011.

"KB 2596535 - You have a Word document that contains a text box and a picture. The text box overlays the picture. When you use a computer that has the 2007 Microsoft Office suite Service Pack 2 (SP2) installed to print the Word document in Office Word 2007, the document is printed incorrectly.

KB 2596538 - The Camera tool performs slowly in Microsoft Office Excel 2007 when you use a zoom setting other than 100 percent in a workbook. Additionally, Office Excel 2007 runs slowly when you open the workbook or move a shape in the workbook.

KB 2596539 - a fix for the issue generating the following error message 'The file 'FileName.xls' may have been changed by another user since you last saved it. In that case, what do you want to do?'"

KB 2596545 is also on the list, providing fixes for a range of issues, including problems that cause Excel 2007 to crash."