Mark_Lenovo
Corrine,
Welcome to the forum! Thank you both for sharing info on Duqu - great to have more security experts here in the community!
Best regards,
Mark
ThinkPads: S30, T43, X60t, X1, W700ds, IdeaPad Y710, IdeaCentre: A300, IdeaPad K1
Mark Hopkins
Program Manager, Lenovo Social Media (Services)
www.twitter.com/lenovoforums
www.facebook.com/lenovo
Thanks, Bugbatter! I'm glad to see the Advisory was finally updated.
The change: "V1.4 (November 11, 2011): Revised impact statement for the workaround, Deny access to T2EMBED.DLL, to address applications that rely on T2EMBED.DLL for functionality."
Impact of Workaround.
- Applications that rely on embedded font technology will fail to display properly.
- After applying this workaround, users of Windows XP and Windows Server 2003 may be reoffered the KB982132 and KB972270 security updates. These reoffered updates will fail to install. The reoffering is a detection logic issue and users who have successfully applied both the KB982132 and KB972270 security updates previously can ignore the reoffer.
- Applications with functionality that relies on T2EMBED.DLL, such as generating PDF files, may fail to work as expected. For example, Microsoft Office software will fail to generate PDF files.
~~~~~~~~~~~~~
It was reported at one of the forums that running System File Checker with the Microsoft Fix it enabled results in it stopping at 16% and giving the message:
Cannot repair member file [l:22{11}]"t2embed.dll" of Microsoft-Windows-Font-Embedding
After disabling the Microsoft Fix it, System File Checker works again. That makes sense since the Fix it is taking ownership of t2embed.dll and then denying access to the dll: Takeown.exe /f "%windir%\system32\t2embed.dll" Icacls.exe "%windir%\system32\t2embed.dll" /deny *S-1-1-0
F)
