There are two microsoft.com pages that relate to this situation. The problem is that the exploit happens against the kernel (in GDI, etc.) so there is not much to do about it in any applications.
The knowledge-base KB article is the most helpful in terms of mitigation. Any application that handles its own TrueType font handling by other than the Windows call that accomplish font handling and rendering need to look to see if they have any vulnerability in their parser. This also applies to any non-Windows support for TrueType fonts that run on the same architectures as Windows. There's not enough public information to know what to look for. I expect that there is cross-platform cooperation at the security-team levels on this one. Meanwhile, the only remedy at the moment is to apply the workarounds that apply to Windows. Here is what I can discern from the sketchy information: 1. The exploit requires a specially-crafted TrueType Font package. 2. The vulnerability is exploited when such a font is parsed as part of rendering of any presentation using the Windows internal support TrueType fonts. 3. There is a fix available at the knowledge base article. It *appears* in my non-expert reading to prevent use of the intrinsic support for embedded fonts, since this a potentially-appealing avenue of attack via specially-crafted documents. Fixes to close that door, and to reopen it later, are available at the KB article. I suspect that the workaround has no impact on LO and OO.o operability, although I guess the thing to do is turn on the workaround and see for sure. I'm going to do that as soon as I do some system backups first. - Dennis E. Hamilton tools for document interoperability, <http://nfoWorks.org/> dennis.hamil...@acm.org gsm: +1-206-779-9430 @orcmid -----Original Message----- From: Bob Williams [mailto:li...@barrowhillfarm.org.uk] Sent: Saturday, November 05, 2011 10:25 To: users@global.libreoffice.org Subject: Re: [libreoffice-users] MS font exploit On 04/11/11 22:54, Tom Davies wrote: > Hi :( > > Bad news from MS again. > http://technet.microsoft.com/en-us/security/advisory/2639658 > http://support.microsoft.com/kb/2639658 > > > > http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit > I'm not sure what they mean by "Unfortunately, no robust workarounds exist > at this time other than following best practices, such as avoiding documents > from unknown parties and utilizing alternative software.". Alternative to > what? Is it just MS Office or would this affect LO too (since it goes > through fonts?)? > > The common sense methods for avoiding it have limited use as we have to > sometimes read documents from sources we are not completely confident about. > It's ok for a few days. > Regards from > Tom :) > APPLIES TO Windows 7 Service Pack 1, when used with: Windows 7 Enterprise Windows 7 Professional Windows 7 Ultimate Windows 7 Home Premium Windows 7 Home Basic Windows 7 Enterprise Windows 7 Professional Windows 7 Ultimate Windows 7 Home Premium Windows 7 Home Basic Windows Server 2008 R2 Service Pack 1, when used with: Windows Server 2008 R2 Standard Windows Server 2008 R2 Enterprise Windows Server 2008 R2 Datacenter Windows Server 2008 R2 Standard Windows Server 2008 R2 Enterprise Windows Server 2008 R2 Datacenter Windows Server 2008 Service Pack 2, when used with: Windows Server 2008 for Itanium-Based Systems Windows Server 2008 Datacenter Windows Server 2008 Enterprise Windows Server 2008 Standard Windows Web Server 2008 Windows Vista Service Pack 2, when used with: Windows Vista Business Windows Vista Enterprise Windows Vista Home Basic Windows Vista Home Premium Windows Vista Starter Windows Vista Ultimate Windows Vista Enterprise 64-bit Edition Windows Vista Home Basic 64-bit Edition Windows Vista Home Premium 64-bit Edition Windows Vista Ultimate 64-bit Edition Windows Vista Business 64-bit Edition Microsoft Windows Server 2003 Service Pack 2, when used with: Microsoft Windows Server 2003, Standard Edition (32-bit x86) Microsoft Windows Server 2003, Enterprise Edition (32-bit x86) Microsoft Windows Server 2003, Datacenter Edition (32-bit x86) Microsoft Windows Server 2003, Web Edition Microsoft Windows Server 2003, Datacenter x64 Edition Microsoft Windows Server 2003, Enterprise x64 Edition Microsoft Windows Server 2003, Standard x64 Edition Microsoft Windows XP Professional x64 Edition Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems Microsoft Windows XP Service Pack 3, when used with: Microsoft Windows XP Home Edition Microsoft Windows XP Professional Whew! Yet another reason to run linux. :) -- Bob Williams System: Linux 2.6.37.6-0.7-desktop Distro: openSUSE 11.4 (x86_64) with KDE Development Platform: 4.7.2 (4.7.2) "release 9" Uptime: 06:00am up 6 days 10:59, 3 users, load average: 0.04, 0.04, 0.29 -- For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted -- For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
