[IS&T Security-FYI] SFYI Newsletter, November 7, 2011

Mon Nov 7 14:13:13 EST 2011

In this issue:

1. EVENT: Laptop Tagging at IS&T on 11/9

2. Microsoft Security Updates for November 2011

3. Microsoft Issues Workaround for Duqu Malware

-------------------------------------------------------

1. EVENT: Laptop Tagging at IS&T on 11/9

-------------------------------------------------------

This Wednesday from 11:30 am to 1:00 pm, the IS&T Help Desk at E17 (40 Ames St)<http://whereis.mit.edu/?go=e17> is hosting laptop tagging and registration provided by the MIT Police Crime Prevention Unit.

STOP tags<http://www.stoptheft.com/site/index.php> are a theft deterrent device<http://ist.mit.edu/security/loss/deterrents> and can help to return stolen laptops or other mobile devices to their owner. A tag is affixed to the cover of your laptop (iPads, smart phones and hard drives can also be tagged) and your contact information as well as identifying information about the laptop is entered into a database.

The service requires a $10 fee, paid in cash, or using an MIT cost object code. Bring your laptop or item to be tagged.

Next upcoming opportunities<http://kb.mit.edu/confluence/x/e4CSAw> are posted in the Hermes knowledge base.

--------------------------------------------------------------

2. Microsoft Security Updates for November 2011

--------------------------------------------------------------

This Tuesday, November 8, Microsoft will release its monthly security patches to address four vulnerabilities in Windows. Just one of the flaws is rated critical. Microsoft does not appear to be issuing a fix for the kernel vulnerability that is being used to spread Duqu (see related story below).

Microsoft Advance Notification: < http://technet.microsoft.com/en-us/security/bulletin/ms11-nov >

----------------------------------------------------------------

3. Microsoft Issues Workaround for Duqu Malware

----------------------------------------------------------------

According to an article in ComputerWorld<http://www.computerworld.com/s/article/9221491/Microsoft_issues_workaround_for_Duqu_attack_while_it_prepares_a_patch> (www.computerworld.com), Microsoft has released a workaround as well as a quick fix to temporarily blunt attacks against a software vulnerability exploited by Duqu, an advanced piece of malicious software (malware).

Duqu is being watched by security researchers closely, as it could exploit a machine in kernel mode through an infected Word document. The document could be sent to a target via an email attachment; opening the document would launch the attack. Duqu is believed to have been created for targeted attacks against organizations.

Microsoft's workaround for this zero-day flaw involves a few lines of code that run at an administrative command prompt. Installing the workarounds may mean some applications that rely on embedded font technology may not display properly. The workaround is considered by some to be a bit sloppy<http://blogs.computerworld.com/19211/microsoft_sloppy_on_duqu_workaround>.

As an alternative, computer users can avoid the malware by not clicking on email attachments or opening them. It is best practice to treat all email attachments as dangerous, especially if the sender is unknown or if you were not expecting an attachment.

Also note that this quick fix is not a security update. Whether or not a patch for this vulnerability will be included in Tuesday's Security Updates for November is not yet known.

See the advisory and workaround here: < http://technet.microsoft.com/en-us/security/advisory/2639658 >

The quick fix can be found here: < http://support.microsoft.com/kb/2639658 >

===================================================================================

Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.

===================================================================================

Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20111107/8bc00d12/attachment.htm