All Windows versions are vulnerable, and this new attack is no joke. Here's what you do:
Microsoft has issued a temporary fix for a critical Windows vulnerability that has already been exploited to install highly sophisticated malware that targeted manufacturers of industrial systems.
In an advisory issued late Thursday, Microsoft said the previously unknown flaw in the Win32k TrueType font-parsing engine affected every supported version of Windows, including Windows 7 and Windows Server 2008, which are the most secure to date. The critical vulnerability was recently exploited to spread Duqu, malware that some researchers say was derived from last year's Stuxnet worm that sabotaged Iran's uranium enrichment program.
You should be able to copy and paste the command into a command shell window.
On Windows XP and Windows Server 2003:
On Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2:
- For 32-bit systems, enter the following command at an administrative command prompt:
Echo y| cacls "%windir%\system32\t2embed.dll" /E /P everyone:N
- For 64-bit systems, enter the following command from an administrative command prompt:
Echo y| cacls "%windir%\system32\t2embed.dll" /E /P everyone:N
Echo y| cacls "%windir%\syswow64\t2embed.dll" /E /P everyone:N
- For 32-bit systems, enter the following command at an administrative command prompt:
Takeown.exe /f "%windir%\system32\t2embed.dll"
Icacls.exe "%windir%\system32\t2embed.dll" /deny everyone:(F)
- For 64-bit systems, enter the following command at an administrative command prompt:
Takeown.exe /f "%windir%\system32\t2embed.dll"
Icacls.exe "%windir%\system32\t2embed.dll" /deny everyone:(F)
Takeown.exe /f "%windir%\syswow64\t2embed.dll"
Icacls.exe "%windir%\syswow64\t2embed.dll" /deny everyone:(F)
A patch is coming, but this will keep you protected until then.
I do that and (what I absolutely hate about Windows) get an error message: The current logged-on user does not have ownership privileges om the file or folder "C:Windows\syswow64\t2embed.dll".
ReplyDeleteBut I am and I do.
Weird. I'd think booting into Safe Mode (ugh) would let you do this.
ReplyDeleteOr "sudo takeown ...."
;-)
Thanks for posting this! I just emailed our IT guy just in case he hadn't seen it yet, and I guess I'll run those commands on my new Win7 computer tonight.
ReplyDeleteI've actually had a couple of emails at work that - on first glance - looked to be legitimately from a client. I know enough to take a close look at any attachment if I'm not specifically expecting something, but I can't guarantee that anyone else in the office does (and there are a couple I'm pretty sure don't.
I can't even get my box (win7pro 64bit sp1) to boot to safe mode!
ReplyDeleteTried "Power Shell" and it failed too...
Thanks for the heads up BP!
ReplyDeleteThe devil is in the details. I went to looky at the linky thing "Here's how you do it."
-found an important detail: "Impact of Workaround. Applications that rely on embedded font technology will fail to display properly.
How to undo the workaround."
so you might want to crib "how to undo the workaround" under "suggested actions / work arounds" and save it to a text file for easy reference after the path comes out.
Just in case something goes wonky with your fonts.
Dirtcrashr, run your command prompt as administrator and you'll be able to do the takeown.
ReplyDeleteIf you type cmd.exe at the Win7 "search programs and files" prompt, then instead of hitting enter, hit ctrl+shift+enter it will pop up the "are you sure you want to mess with this" admin prompt.
ReplyDeleteWay better explanation - Hokey Win7 sudo for dummies
ReplyDeleteI AM the Administrator of my domain... :-)
ReplyDeleteThank-you Anonymous for: If you type cmd.exe at the Win7 "search programs and files" prompt, then instead of hitting enter, hit ctrl+shift+enter it will pop up the "are you sure you want to mess with this" admin prompt.
ReplyDeleteThat worked!
I'm gonna have to remember the ctrl+shift+enter bit...