Microsoft released a security update to fix one critical and three less serious Windows holes but is still working on a patch for a flaw being exploited by the Duqu Trojan.
The most serious of the updates is MS11-083, which could allow an attacker to take over a computer by sending a large number of malicious UDP packets to a closed port on a target system, the Patch Tuesday security bulletin said. It plugs a vulnerability in the TCP/IP stack in Windows 7, Vista, and Server 2008.
“Since this vulnerability does not require any user interaction or authentication, all Windows machines, workstations and servers that are on the Internet can be freely attacked,” Amol Sarwate of Qualys said. “The mitigating element here is that the attack is complicated to execute, and Microsoft has given it an Exploitability index of ‘2,’ meaning that the exploit code is inconsistent, but otherwise this has all the required markings for a big worm.”
Microsoft also fixed a vulnerability in Windows Mail and Meeting Space that could be exploited to trick the system into remotely running random code if a user opens a file located in the same network directory as a malicious dynamic link library (.DLL) file. Also patched were a vulnerability in Active Directory and one in Windows Kernel-Mode Drivers that could allow a denial of service if a user opens a malicious TrueType font file as an e-mail attachment or navigates to such a file on a network share.
Microsoft issued a temporary fix last week for the hole, also in the Win32k TrueType font-parsing engine, that Duqu exploits.