// Home / News / Security

Bumper Microsoft patch revisits old flaw

By Stewart Mitchell

Posted on 9 May 2012 at 08:50

Microsoft has released a bumper seven-patch security bulletin to address 23 flaws in its software.

The patches include three “critical” and four “important” fixes, and one (MS12-034) that the company said would readdress the Duqu vulnerability that was found to be in more of its products than previously thought.

According to the company, its previous fix for the Duqu exploit, in which the malware executed arbitrary code when a user opened a malicious Office document, addressed "an insufficient bounds check within the font parsing subsystem of win32k.sys".

Although it patched the initial Office problem five months ago, Microsoft said it had since discovered further related weaknesses in other products, which it claimed explained the size of the security update.

Unfortunately, each copy of the code also contained the vulnerability

“In the time since we shipped MS11-087, we discovered that several Microsoft products contained a copy of win32k.sys’s font parsing code,” said Microsoft engineer Jonathan Ness in a company blog.

“Unfortunately, each copy of the code also contained the vulnerability addressed by MS11-087. The most troublesome copy was in gdiplus.dll.

"We know that several third-party applications – third-party browsers in particular – might use gdiplus.dll to parse and render custom fonts. Microsoft Office’s version of gdiplus, called ogl.dll, also contained a copy of the vulnerable code. Silverlight included a copy of the vulnerable code. And the Windows Journal viewer included a copy of the vulnerable code.”

The company said it had been working on a “Cloned Code Detection” system to identify instances of the vulnerable code in any shipping product, which was how it discovered the vulnerability ran across so many products.

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here

User comments

Restarts

Was it my imagination or wasn't one of the things MS touted as an improvement in W7 a reduced need to reboot when patches were applied.

I can't remember whether there was an improvement when it was released but it seems that we now need to restart after EVERY patching session.

By qpw3141 on 9 May 2012

Restarts

By qpw3141 on 9 May 2012

Restarts

By qpw3141 on 9 May 2012

Restarts

Depends what is being patched. These are core system files which run pretty much everthing you see on screen so a restart is a requirement as they are in use and therefore locked when you apply the patch. Other unlocked files can of course be patched without restarting and it is a lot better in this regard than Vista and XP were.

By mr_chips on 9 May 2012

@mr_chips

.
Yes, I know WHY they need restarts.

I was just commenting on the fact that a while back they claimed that they were going to dramatically reduce the number of occasions on which this would be necessary, and yet it seems to every time, now.

By qpw3141 on 9 May 2012

@qpw3141

If you know why they have to restart after patches then there is no issue then. It is probably because nearly all patches lately have been to system files that as mr Chips said will require restarts.

By curiousclive on 9 May 2012

Aren't you curious, Clive?

As to why MS said that they would reduce the number of occasions when a restart was needed and yet they seem to have completely failed to do so.

By qpw3141 on 9 May 2012

Just 7?

When I booted up Windows 7 yesterday evening, there were no fewer than 20 new updates waiting - for Windows and Office 2007. (And yes, the PC was fully up to date the day before.)

By halsteadk on 9 May 2012

bakerdave

I had terrible problems getting my Vista system to restart after the updates had been applied - finally started in Safe mode and restored to before update; it then restarted. Anyone else??

By BAKERDAVE on 10 May 2012

Leave a comment

You need to Login or Register to comment.