On Tuesday, Microsoft released the long awaited kernel mode driver patch that will close the Duqu vulnerability. The Duqu worm has been making the rounds for several months and takes advantage of a weakness in the True Type Font engine. Last month, as a temporary fix, Microsoft distributed a workaround that basically disabled the vulnerable code.

Duqu Shares Some Traits of Stuxnet

In the months that it was in the wild, Duqu was widely distributed throughout Europe and the United States. The vulnerability was particularly troublesome because it will allow a malefactor to gain administrative access to an infected computer, and will allow the installation and execution of software, administrative tasks like account creation and the compromise of user data.

The Patch Tuesday delivery contained 13 updates for various flaws. Originally, Microsoft planned to roll out 14 patches, but one was pulled back to address some compatibility issues. With Tuesday’s rollout, Microsoft has delivered 99 updates so far in 2011. The company hasn’t necessarily closed the books on updates, though. Microsoft often issues a minor “Patch Tuesday” on the fourth Tuesday of the month, which this year falls on December 27.

In addition to putting the brakes on Duqu, Microsoft addressed 18 other known vulnerabilities in 12 patches. Those vulnerabilities included critical or important holes in Active X, Windows Media Player/Windows Media Center, Microsoft Office, Microsoft Publisher, Microsoft PowerPoint, Microsoft Excel, Microsoft Active Directory and Internet Explorer that could potentially allow the execution of code by a remote user. Microsoft also fixed “important” vulnerabilities in Office, the client/server runtime system and the Windows kernel that could allow a malicious user to gain additional privileges.

Microsoft also took the opportunity to release a new version of the Microsoft Windows Malicious Software Removal Tool, presumably equipped to do battle with Duqu. The worm was officially discovered on September 1 by researchers at the Budapest University of Technology and Economics. Despite the Star Wars-esque sounding name, the Budapest researchers named the worm based on files the malware creates, which are prefixed with the characters “-DQ.”

Despite extensive research, Duqu’s purpose isn’t known. The worm bears a strong resemblance to Stuxnet, and was originally mistaken for Stuxnet by some Internet security firms. Like Stuxnet, Duqu makes use of stolen signed security certificates and also appears to uninstall itself after 36 days of active infection. Attacking servers have been found in Germany, Belgium and China, but security experts are still unsure of Duqu’s intended targets.

Photo Credit: Monrovia Public Library, Monrovia, CA, via Flickr

Most home users don’t know (or care) about Trim, but Trim support is something like the Holy Grail for commercial computing. Trim is a command that allows an operating system to mark blocks on solid-state drives (SSD) for cleaning and re-use. Doesn’t sound exciting yet? Without Trim, using solid-state drives in Redundant Array of Independent Disks (RAID) arrays becomes very hard because blocks that could be used can’t be easily identified, and in the end, the performance of the entire setup suffers. Intel has just indicated that it plans to offer Trim support in an upcoming Intel driver release.

Not The First Time Trim Support Has Been Announced

Keep in mind that this isn’t an official announcement for Trim support, and also keep in mind that we were led to believe that Trim support would be introduced in 2009. With that having been said, getting real Trim support could make life a lot less complicated for users who rely on RAID 0 storage schemes for data.

Home users aren’t likely to be impacted at all by the addition of Trim support, but enterprise users will welcome the ability to include SSD in RAID storage arrays. SSDs offer some big advantages over their traditional counterparts in terms of space, cost and reliability, but not being able to make efficient use of space has been a serious downer.

The changes, according to Intel, will be released in the 11.5 version of Intel’s Alpha Rapid Storage Technology (RST) driver. The next release is version 11.0, so Trim support is still on the horizon. The ability to support RAID 0 is the first step toward extending support to RAID 1 and RAID 5 setups.
Windows 7 already supports Trim for SSDs, but that support doesn’t extend to RAID arrays. In other words, Trim works on single SSDs in Windows 7, but not in storage arrays. Intel hasn’t provided a timetable for the release of its version 11.5 RST drivers, but the support will be welcome whenever it comes.

Currently, without Trim support, the performance of SSD arrays over time seriously degrades as storage disks become filled with data. Without the ability to identify disk blocks that can be wiped and re-used, the user effectively has no way to defragment an SSD RAID array. Any user who has worked on a badly fragmented drive will immediately understand the implications of that!

Photo Credit: Intel Free Press, via Flickr

If you’re anxious to see a lot of new Kinect applications for Windows PCs, hang on because the Kinect software developer kit (SDK) should be available in the first quarter of 2012. That means plenty of new Kinect applications will be in the pipeline next year. Drivers for Kinect were released last year, but that doesn’t mean the controller system could be used with PCs. This next installment of the Kinect SDK will provide software developers with the PC drivers needed to make Kinect available to non-game platform applications.

Kinect May Not Be Just For Fun

Microsoft isn’t positioning Kinect strictly as a game controller. With the new PC SDK, Kinect could be integrated into other commercial or business applications. When Microsoft released the SDK for Kinect last year, about 200 companies agreed to participate in a pilot that enables them to test out Kinect for Windows. The companies participating in the pilot run the gamut from game manufacturers to educational publishers to automobile manufacturers.

It’s clear that Microsoft plans to leverage its connection to the gaming world in Windows 8, and Kinect will play a big part in that. Kinect has been on the market for exactly one year, and in its first year on store shelves, it set a record for being the fastest-selling electronic device ever. Other electronics have sold more units, but if Microsoft wants to challenge gaming kingpins like Nintendo and Sony, it will need to broaden the base of support for the Kinect and Kinect-compatible devices.

Microsoft has already announced that its Xbox Live system will be integrated into Windows 8. That move will allow users to access gaming, movies, music and other content via Xbox Live. The company has been drumming up interest in Xbox Live and its Windows 8 integration via venues like the company’s Build 2011 conference.

The availability of PC drivers for the Kinect will open up a number of possibilities for new applications. Educational publishers have been moving their materials on-line for quite some time. Many new textbook series have online editions, but whether and how the publishers can integrate Kinect into their lessons remains to be seen. It also makes one wonder what the controller could possibly be doing in an automobile! Hands-free controls for some devices – like radios and cell-phones come immediately to mind.

Regardless, 2012 should be a year of new creative Kinect-enhanced applications!

Photo Credit: Creative Tools, via Flickr

In the last couple of weeks, I’ve been writing about the difference between kernel-mode drivers and user mode drivers, as well as the security concerns surrounding kernel mode drivers. In brief, kernel mode drivers operate at a privileged level in order to provide very important, basic or time-sensitive services. Because they operate at a privileged level, and can access other sensitive parts of the operating system, they’re a favorite target of hackers.

Kernel Mode Hacks Can Be Dangerous

Because kernel mode drivers work so closely with protected parts of the operating system, they’re definitely high on the list of targets for hackers. Kernel mode hacks can support rootkits that can give unrestricted access to third parties. Once the system has been compromised in this way, the computer can be used for just about any purpose including serving as part of a botnet. A compromised computer also vulnerable to information theft such as email, login and password information, and financial data.

Beyond rootkits, other hacks like keystroke loggers rely on kernel mode access to intercept sensitive information. Keystroke loggers are a favorite tool of hackers who want to steal information without necessarily disturbing other operations on the computer. Undetected access is probably the most fearsome outcome of a kernel mode hack because computer security can be compromised for a long period of time. Sensitive data, including access privileges, proprietary information and financial information can be accessed, stolen or changed. With unauthorized access, other tools, including rootkits and “back door” tools can be loaded on a compromised computer, where further damage can be done.

Registry hacks pose another serious problem. Anytime information can be entered into the registry, the security and performance of the computer can be compromised. In addition, critical functions that operate at the kernel level – in that privileged environment – can be taken over by third parties, or malicious software either in a way that is obvious or unobvious to the user.

Microsoft recently announced that it would not support WebGL, for example, because the requirements for supporting that approach to accelerated streaming video would compromise its kernel security. Certain other browsers – Firefox, Chrome and to some extent, Safari support WebGL and OpenGL. The biggest danger at the moment is that Firefox and Chrome come with support for this service turned on by default. Other browers that support the graphics acceleration come with the support, but it must be turned on by users. WebGL increases the speed and quality of video playback, but in accommodating the time-sensitive need for video data transfer, allowing access to the kernel can also open up serious vulnerabilities.

In short, the best way to protect yourself from kernel-mode hacks is to keep your system updated. Apply any critical security patches as soon as they come out. Part of the reason for this, as I discussed last week, is that malefactors tend to reverse engineer patches to discover vulnerabilities that they did not previously recognize. Patched systems aren’t vulnerable, but many users simply don’t patch their system in a timely way. By releasing hacks based on newly discovered vulnerabilities, hackers can gain access to systems that have not yet been patched.

Photo Credit: Jez, via Flickr