Building your own XP Service Pack 4

Building your own XP Service Pack 4

By Susan Bradley

Starting today, Windows XP users will have 860 more days of official Microsoft support — and on every one of those days, many of those users will continue to run the operating system that just won’t die.

Want to extend the life of your Windows XP Service Pack 3 as long as possible? You can do so by installing Microsoft hotfixes as needed.

It’s ironic that the official Windows XP End of Support Countdown Gadget runs only on Vista and Windows 7. Perhaps Microsoft will offer a paper-based advent calendar for its XP users. Regardless of Microsoft’s schedule, a significant number of people will continue to use XP well past the deadline. Their practical reasons range from line-of-business needs to the economy to “It still fills all my needs.”

According to Microsoft, XP SP3 is the end of the line — there will not be an SP4. But that doesn’t mean you can’t build your own virtual version of SP4. Just use the hotfixes Microsoft develops over the remaining years of official support.

As far as Windows is concerned, hotfixes are essentially the same as the Windows updates you regularly receive from Microsoft. There are, however, some practical differences: for example, hotfixes are not put through the same level of rigorous testing that the standard updates get. (Yes, I can hear you chuckling. As we all know too well, updates have issues — despite that rigorous testing.) Also, some hotfixes are downloads and some are changes you configure manually. Updates are always downloaded patches. (A hotfix isn’t the same as a Microsoft Fix it, which is typically temporary and often limited to Windows Registry or permissions changes.)

Like most updates, hotfixes are designed to repair a specific problem. However, Microsoft warns users that they should install a hotfix only if they know they have the specific problem the hotfix addresses. That said, as long as I’ve backed up my system (or can check the hotfix on a test system), I don’t have any greater concerns about applying a hotfix than I do with an update — as long as the hotfix can be uninstalled. Some (such as KB 954550, listed below) cannot be removed with Windows’ Add and Remove Programs utility.

Picking through the list of Windows XP hotfixes

There are dozens of available hotfixes, and you won’t need — or want — them all. A Microsoft TechNet blog has a comprehensive list for XP SP3 systems. Again, not all of them will apply to your specific system, and you should install only those that fix a specific problem already afflicting your PC. Here’s my short list of potential XP problems — ones you might see yourself — with published hotfixes:

• 948239: Your XP-based computer locks up when you click the Cancel button in a dialog box.
• 951126: When you resume from system hibernation, a multiprocessor computer running Windows XP hangs and displays a black screen.
• 953979: After installing SP3, Windows’ Device Manager does not show devices, and Network Connections does not list any network connections.
• 954550: You’re missing Microsoft XML Paper Specification (XPS) features; this hotfix adds them to Windows XP.
• 961555: Your computer randomly crashes.
• 968967: When an application or service uses MSXML 6.0 to handle XML requests, CPU usage climbs to 100 percent.
• 969744: Underlines are missing on printed documents.
• 970048: You have slow printing performance when using the Line Printer Remote (LPR) print protocol.
• 970922: TIFF documents are corrupted when you rotate them in Windows Picture and Fax Viewer.
• 971455: A Windows XP SP3 machine cannot authenticate a wireless router that uses Wi-Fi Protected Setup (WPS) technology (designed to add devices to a network easily) because the router is configured for Wired Equivalent Privacy (WEP).
• 972828: When you’re copying files from a Windows Server 2008-based remote computer to a local Windows XP SP3 system via Remote Desktop Connection 6.1, the files become corrupted.
• 981669: During installation, a Microsoft Windows Installer package hangs. In this specific case, the Installer package is made up of smaller, chained-together packages and the installer has custom actions.
• 2454533: After installing the security update in MS Security Bulletin MS10-066 (KB 982802), Windows XP SP3 no longer displays the description of a shared folder that is mapped to a network drive.

How to request a hotfix from Microsoft

For many MS Hotfixes, you’ll find a convenient Hotfix Download Available icon and a link (shown in Figure 1) in the upper-left section of their online-support pages. (You won’t find a simple download link — you have to send an e-mail request to Microsoft support. The hotfix will then be sent to you.)

Figure 1. The hotfix-available indicator.

For hotfixes that don’t come with that handy link, here’s a neat trick: grab the URL for a hotfix that does have the icon, paste it into your browser, and then edit the KB number. For example, take

http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=981669&kbln=en-us

and change the 981669 to 2454533 — or 953979, or any other hotfix lacking the download-link icon.

Bottom line: There are still a couple of good years left in Windows XP. Undoubtedly, it’ll be used right up to the end of its official, extended-support phase (April 8, 2014) — and beyond, whether Microsoft likes it or not. (For more on Windows XP lifecycles, check out the operating system’s support lifecycle chart.)

The Patch Watch column reveals problems with patches for Windows and major Windows applications.

Against SPAM: Retaliation considered

By Kathleen Atkins

Even if you sensibly use an excellent spam filter and seldom get junk e-mail, can you make a case for offensive action against spammers?

Lounge member E Pericoloso Sporgersi puts this question to his fellow Loungers, and discussion ensues.

To see positions on the proposal, points made and dismissed, as well as some excellent advice, follow this link. More»

The following links are this week’s most interesting Lounge threads, including several new questions to which you might be able to provide responses:

☼ starred posts — particularly useful

If you’re not already a Lounge member, use the quick registration form to sign up for free. The ability to post comments and take advantage of other Lounge features is available only to registered members.

If you’re already registered, you can jump right into today’s discussions in the Lounge.

The Lounge Life column is a digest of the best of the WS Lounge discussion board. Kathleen Atkins is associate editor of Windows Secrets.

A gift that's unique and challenging!

By Tracey Capen It’s the time of year when many of us are struggling to find those special gifts for friends and family. It’s especially difficult when the gift has to be the latest toy for the guy who’s already got the truck, the boat, the snow machine, the motorbike, etc., etc. We think we might have found just the thing — the water-powered jetpack. This wacky machine will earn top bragging rights at the lake next summer — assuming the lucky recipient figures out how to fly it. Play the video

Different ways to move user folders

By Fred Langa Win7’s symlink technology and folder Location tabs let you put folders where you want. But just because Windows lets you move important folders doesn’t mean you should. Read on for the full story.

Trouble when trying to move user folders

Reader Terry Farrell felt like he’d run into a wall when he tried to move selected folders.

• “I’d really appreciate it if Fred would produce a guide on how to defeat Microsoft and achieve the impossible!

  “On my main PC, I have a small solid-state drive that holds the operating system. To minimize SSD access and make backups easier, I want to move the user and public folders to the regular hard drive.

  “Windows just doesn’t seem to like my attempts to relocate anything in Users!”

It’s not impossible, Terry; I’ll tell you how in a moment. But moving folders isn’t something that I recommend.

As Microsoft made Windows increasingly self-maintaining, it specified where the operating system expects to find certain files and folders. You can certainly move the files — Microsoft still lets you do almost anything you want to Windows — but you may run into unexpected problems as a consequence.

For example, you mentioned backups. If you move your user files, Windows’ automated backups may fail — at least until you adjust the settings to tell the software where the files went. Similarly, using Restore might require manual intervention to make it work correctly. And so on.

I think Windows gives more reliable results when you let the OS put the files where it wants them to be. And it’s certainly simpler to let Windows handle things when it can.

But if you’re OK with potential follow-on problems, Win7 provides a variety of methods for moving folders.

In many cases, moving a folder is just a matter of a few clicks. For example, to move My Music, simply right-click on the folder, select Properties, and then use the Location tab to place the folder where you wish. (See Figure 1.)

Figure 1. It’s often point-and-click easy to move some user folders.

Two articles explain this simple method in more detail and offer some additional follow-on information:

• SevenForums tutorial, “Windows 7 — User folders — Change default location”
• Lifehacker article, “Move the users directory in Windows 7”

In cases where the above, semi-automatic method isn’t available or doesn’t work, you can use symbolic links — or symlinks. This technology lets you put files and folders in one place but have them appear and act as if they were in another. Win7 uses symlinks for its Libraries feature, but you can use it anywhere you want.

Symlinks are extremely powerful but require some care when you’re setting them up. The following articles contain the info you’ll need:

• MSDN Dev Center page, “Creating symbolic links”
• How-To Geek article, “Complete guide to symbolic links (symlinks) on Windows or Linux”

The Location tab and symlinks cover most cases, but if they don’t work for you, there are lots of additional info and discussion in these forums:

• Microsoft Answers discussion, “Move user folders off system drive?”
• Microsoft Answers discussion, “Win7: How do I move user folder to a different drive”

Follow-up to Registry-/system-cleaning article

The Nov. 10 Top Story, “Putting Registry-/system-cleanup apps to the test,” described a series of controlled tests designed to answer the question, “Are Registry- and system-cleanup tools worthwhile?”

After the article ran, many readers sent in notes similar to these:

• “It would have been interesting if Fred had also used iolo Technologies’ System Mechanic Professional 10.5 in his trial.” — Gerald Young
• “I’d like to know what you think of PC Pitstop’s PC Matic optimizer. Is this program worthy?” — Daniel Castellanos

I’d love to be able to answer questions on all the many specific cleaning tools that readers asked about, but I can’t. As stated in the original text, “… my tests were not designed to find the best Registry cleaner — or [to be] a comparative analysis of one cleanup tool versus another. My sole point was to see whether the general principles of system and Registry cleaning deliver quantifiable, measurable improvements to Windows 7.”

In other words, this was a test of system cleaning — not of the cleaners. It was never intended as a product review or comparison, which would have required different methodologies.

Based on the tests I did perform, the answer to the question of whether Win7, like its predecessors, can benefit from cleaning was a clear “yes.”

The article discussed several cleanup programs, selected mostly because I believed they were solid representatives of their respective categories. Start with those tools if you like — or try one or more of the hundreds of other similar apps available online — until you find the one that best fits your needs and preferences.

Just be sure you follow the most important first step: always, always, always make a backup before doing any serious cleanups!

Need to run Win98; will a virtual PC help?

Ron Miller has an old program he’d love to run — and it’s a rather unusual one.

• “Near as I can make out, there is no VM [virtual machine] that will allow me to run Windows 98SE with USB support. My strange desire to do so is connected with some marvelous Altec Lansing speakers of that era that are controlled through USB.

  The trouble is that neither Dell nor Altec Lansing ever wrote a control program that would run under XP or later versions of Windows. It would be worth the disk space to me to install a virtual Win 98SE solely for speaker control. Installing the OS is easily done, but I can’t locate any VM that includes USB functionality for Windows 98. Can you?”

Well, yes, but with caveats. Oracle’s VirtualBox can provide USB support to even older Guest OSes, such as Windows 98. (See Figure 2.)

Figure 2. Old and new: Windows 98SE runs fine in a virtual PC on a Win7 host.

But don’t let nostalgia cloud your vision. Old software can be a royal pain to work with. It may not be worth the hassle of keeping it alive, even if it’s technically possible.

For example, today’s OSes come on optical disks or in downloaded .iso files. Win98 sometimes came on a pile of floppies; or on a CD with a separate, bootable DOS-based setup floppy; or on a basic CD. You can finesse and fudge your way around those kinds of old-school hardware setup issues in a virtual PC, but the multiple layers of hardware redirection can get complicated.

Win98 also resurrects issues that we never have to think about today. For example, all modern operating systems use the HLT (halt) CPU instruction to prevent needless full-speed idling when there’s no work to be done. Win98 has no such internal throttle. Even when it’s just idling, Win98 runs in a full-speed, do-nothing loop.

So when run in a virtual PC, Win98 will happily consume all the CPU cycles your host system can feed it. You’ll almost surely notice a major slowdown of your host system.

Yes, there are ways around problems like that. For example, you can install ancient CPU cooler software such as Rain (site). This type of software allows Win98 to use the HLT function but not consume more CPU time than it really needs.

Even if you solve those and other OS-specific problems, you’ll likely face driver issues. USB first arrived in 1996, and it was still a new, barely standardized, rapidly evolving technology when Win98 launched in 1998. Assuming you still have good, installable copies of your device’s original Win98 USB drivers, you’ll just have to hope that those ancient drivers were written well enough (and that they adhered closely enough to the then-shaky standard) to interoperate with the current USB tech in your PC and VPC.

I could go on, but the point is: by today’s standards, Win98 is a pretty primitive piece of work.

Be aware that when you choose to run an obsolete operating system such as Win98, you’re also choosing to reintroduce all the problems that caused that OS to go obsolete in the first place. Even virtualized in a modern VPC, Win98 will still be a very old, very outmoded, somewhat fussy piece of software.

All that said, if you want to give it a try, you’ll find a group of like-minded people on the VirtualBox site. For example, see the unofficial tutorial, “Windows 95/98 guest OSes.”

Windows 7’s built-in screen-capture tool

BD Kaufman has become a fan of Win7’s Snipping Tool. So have I.

• “Shalom! Greetings from Israel!

  “I’d like to bring your attention to a really great, little-known tool in Windows 7 — Snipping Tool (snippingtool.exe).

  “It’s a very functional screen-capture tool:

  • Convenient capturing options
  • Saves in common formats (.png, .gif, .jpeg, .mht)
  • Sends clips directly to e-mail
  • Built-in annotation to mark up in colors or highlight parts of the capture

  “To use it, simply start typing its name into the Windows Start Search programs and files box — snippingtool.exe. It should show up long before you finish typing its name.”

Thanks, BD. I like Snipping Tool enough that I’ve pinned it at the top of my Start menu.

Snipping Tool is very handy for quickly grabbing all or part of a screen. You can capture the entire screen, a window, or rectangular and free-form areas. Whatever you snip is automatically copied to the Windows clipboard and to Snipping Tool’s own editing window — where you can modify, save, or share it. (See Figure 3.)

Figure 3. In this illustration, I’ve used Snipping Tool to grab a copy of the Windows Secrets logo from a browser window. I can now modify, save or share the captured image.

Snipping Tool’s annotation options are limited to highlighting and simple line drawings. When I need to do bit more, such as adding simple text to a snip, I’ll use another built-in Win7 tool — Paint. (See more on Snipping Tool in this week’s Best Practices story.)

I find that these two always-available tools handle at least 80 percent of my screen grab-and-annotate needs.

It’s nice when you don’t have to fire up a third-party tool to get something done, isn’t it?

Menu opens doors to little-known Windows tools

By Michael Lasky Some of the more useful apps in Windows 7 are hidden in plain sight — in the Accessories folder. For example, the Ease of Access tools found at the bottom of the Accessories list has a treasure trove of helpful utilities originally designed for sensory-impaired users.

Find your way to the Ease of Access Center

From the how-did-I-ever-live-without-it, screen-capture Snipping Tool to Sticky Notes to the surprisingly robust speech-recognition and text-to-speech app Narrator, Windows 7 has a worthy cache of utilities that can make everyday computing tasks easier and more useful.

Most of these utilities reside in Win7’s Ease of Access Center (EOAC), and Windows provides many routes to the EOAC. You can type the letters access into the Start button’s Search programs and files box, press the Windows+U keys, find it under Accessories in the All Programs menu, or look for it in Win7’s control panel.

Although Microsoft obviously made it easy to launch the EOAC, I’ll bet many Win7 users have never ventured there — possibly assuming it was meant for people with visual or audio impairments.

Taking a cue from its name, the EOAC offers a Quick access menu at the top of the window for instantly launching common tools (shown in Figure 1). It’s followed by a list of usability settings that can make the mouse and keyboard easier to use, make the display easier to see, and more.

Figure 1. Windows 7’s Ease of Access Center

Basic tools for making a Win7 PC easier to use

Almost all of the tools listed below have been in earlier versions of Windows. However, many have been enhanced in Windows 7. Here’s a quick summary of what they do:

• Magnifier enlarges portions of the screen or, on Aero-enabled systems, creates full-screen blow-ups. Originally engineered for people with impaired or limited vision, Magnifier comes in handy for the rest of us when reading extra-tiny type or when manipulating minute pixels in graphics and photo applications. Its choice of Views — Full Screen, Lens, or Docked — gives it added versatility.

  In Lens mode (shown in Figure 2), Magnifier creates a box of enlarged text that follows the mouse pointer. Default magnification is 200 percent, but you can shrink or expand this easily with these key combos: Windows – (minus) or Windows = (equal).

  
  Figure 2. Windows 7’s Magnifier offers various magnification views, including the Lens mode shown here.

• On-Screen Keyboard offers an alternative way to enter text via a mouse, graphics tablet, or other input device. When my Bluetooth keyboard connection suddenly failed, On-Screen Keyboard saved the day, allowing me to use my mouse to enter password and other data into a Web form I was filling out.

  The default keyboard opens without the numeric keypad; to turn it on, simply click the Options key in the lower-right section of the keyboard. (See Figure 3.) You see a menu that gives you other options such as entering text by clicking keys or hovering over them. Function keys and Ctrl, Alt, and Windows keys all function as you’d expect. You can launch key combinations by tapping each key, one at a time. (Entering Ctrl+Alt+Del directed me to the Start menu.) Text Prediction, turned on by default, saves steps by reducing the number of clicks you need to spell words and insert spaces.

  
  Figure 3. Win7’s on-screen keyboard and keyboard options menu

• Mouse Keys are helpful to users whose PCs do not have screen-navigation arrow keys on their keyboards or whose navigation keys are positioned inconveniently. Look for the Turn on Mouse Keys option under Make the keyboard easier to use in the EOAC’s Explore all settings list.

  With Mouse Keys turned on, the 2, 4, 6, and 8 keys on the physical keyboard’s numerical keypad will move the mouse’s cursor around the screen. Note: The keypad’s standard 2-4-6-8 navigational functions and numeric input are disabled. Also, by default, the cursor movement may be painfully slow. You can adjust that through the Set up Mouse Keys menu.

• Sticky Keys, also located in the Make the keyboard easier to use options menu, is great for folks who have difficulty performing multiple-key combinations such as Ctrl+Alt+Del or Windows+U. This feature lets you press one key at a time. In Windows 7, the Set up Sticky Keys menu offers several custom-configuration options.
• Toggle Keys comes in handy when you’re not sure the Cap Lock, Num Lock, or Scroll Lock key is pressed. When it’s turned on, you’ll hear one of two different tones each time you press any of those keys — one for on and another for off.
• Filter Keys is a good option if you are the type of typist with a deliberate stroke — one that results in unintended repeat of the input. This control lets you set the length of time for single or repeated keystrokes. Filter Keys refines Windows keyboard settings, which also determine keystroke speed. (Type keyboard settings in the Start search box to adjust these settings.)

Giving Windows 7 enhanced powers of speech

Some people might consider Windows 7 the ideal companion — either it can do all the talking with Narrator, or you can do the talking with Speech Recognition.

Narrator is Win7’s text-to-speech app that reads literally everything — menu selections, buttons, icons, text — displayed on the screen. The robotic voice is Microsoft Anna. (I am not making this up.) She can be programmed to read keystrokes as they are entered or to read entire menus, commands, dialog boxes, what-have-you.

Anna has a stubborn, completist urge and will finish reading what she started, even after you exit Narrator. This can be annoying, but it also can be alleviated somewhat by making adjustments in the Preferences menu (shown in Figure 4). You can also adjust the volume, speed, and pitch of Anna’s voice — from a low, sultry Kathleen Turner to a high-pitched Miss Piggy — by clicking the Voice Settings button.

Figure 4. Narrator offers a slew of custom-configuration options.

Speech Recognition might just be the star of the EOAC. In the past, you had to pay big bucks and have a massive amount of RAM and CPU power to effectively use a speech-recognition package. Now Microsoft has integrated its own speech-recognition application right into Windows 7. And it actually works fairly well. Its features let you say commands you’d otherwise select with a menu option or by executing numerous mouse clicks. If you have a good microphone and a quiet environment, the built-in Speech Recognition lets you perform dictation in Word or WordPad with reasonable accuracy.

As with all speech-recognition software, the first time you use Microsoft’s version you’ll have to go through a one-time setup process. To start, make sure you’ve set up a microphone. Just about any mic will do — on a stand, in a headset, or built into your PC.

Under Speech Recognition in the Control Panel/Ease of Access window, click the Set up a microphone link and follow the simple configuration steps. You’ll see three choices of mic input (shown in Figure 5); select your type and follow the testing instructions.

Figure 5. Selecting your microphone for speech recognition

Now start the Speech Recognition app that you find on the EOAC menu and follow the interactive instructions so the program can learn your voice. After you complete it, you can dictate actual text as well as keyboard or mouse commands such as Open Word, Start, Control Panel, or even Ease of Access — and the PC will obey.

Windows Speech Recognition works only with apps supported by Microsoft Text Services Framework — for example, Word, Outlook, Internet Explorer, and most of the apps built into Windows 7. Dictation in Word is for the most part surprisingly accurate, but you have to enunciate clearly and some words that sound alike might be misinterpreted.

A misspelled word can be corrected by saying correct and either pronouncing it again or saying spell and entering the word letter by letter. You must also dictate punctuation such as periods, commas, and question marks — as well as the command new paragraph for a line return. (See Figure 6.)

Figure 6. Windows Speech Recognition requires dictating punctuation.

Although it certainly isn’t perfect, Windows Speech Recognition is a valuable, little-known part of the Windows 7 OS that’s worth checking out.

Cut to the chase: Snipping Tool and Sticky Notes

To capture a screen in Windows, most users resort to the venerable Prt Scrn (or some variation of that spelling) button on the keyboard. Alas, this produces an image of the entire screen that must be pasted immediately, via the Windows clipboard, into Paint or some other graphics app. If you wanted more flexibility, you previously had to rely on third-party software. No longer.

Snipping Tool (see Figure 7) is built into Windows 7 and gives users several handy screen-capture options — including a full-screen, active Window and a selected rectangular area. Snipping Tool also supports sundry file formats and provides a simple image-editing mode. Copying and pasting snips to documents takes a few clicks, but you can send snips directly to e-mail via its Send Snip command. There’s even a resizable pen to mark up areas of the capture in your choice of colors.

Snipping Tool is easily accessed by typing the first few letters of its name in the Start search bar. (If you use it frequently, right-click its name and pin it to the Taskbar.)

Figure 7. Win7’s Snipping Tool is far superior to the simple Windows print-screen command.

Finally, Sticky Notes has the familiar look of yellow “Post-it” notes, and it’s an excellent way to save and organize random bits of information on your desktop. It’s not new, but Windows users often forget it comes with Windows 7. The easiest way to find Sticky Notes is through the Start search bar; if you get hooked using it, pin it to the Taskbar.

The notes you create stay on the desktop until you delete them by clicking the X on the upper-right corner of the note. They won’t disappear when you log off or shut down. If you want another note, click the plus sign on the left. Sticky Notes is a quick way to copy and paste frequently used information to and from documents, e-mails, or other apps.

It’s easy to forget all of the many enhanced tools in Windows 7. Take some time to look around for them.

Should you apply the new Duqu workaround?

By Robert Vamosi A new Microsoft Fix it addresses the underlying vulnerability exploited by a new virus — but the fix also causes problems. Although we’d ordinarily jump on a needed malware remedy, in this case we’re probably better off waiting for the full patch, expected soon.

The double nature of the Stuxnet infection

In the summer of 2010, Windows systems in Iran and other countries were infected by zero-day malware. The infection took advantage of a flaw in the Windows icon used to represent a remote or removable drive, such as a USB flash drive. The virus had two purposes: to infest Windows-based machines and to infect Siemens Systems 7 Program Logic Controllers (Ars Technica story) — used in the centrifuges that make up a key element of Iran’s nuclear program.

The design and execution of the Stuxnet virus were targeted to affect a very specific type of industrial control system equipment (detailed in a Symantec Executive Summary PDF document). And many people within the antivirus community thought it was unique — the first time a Windows vulnerablity was used to bootstrap a vulnerability in a PCL. Then, just as everyone was completing their forensic analysis of Stuxnet, came word of Duqu.

Duqu: All in the family or a copycat?

In October 2011, the Laboratory of Cryptography and System Security (CrySyS, a Hungarian security company) reported a new computer virus that was strikingly similar to Stuxnet. Duqu (so named for the letters DQ, which it adds to files it creates) shares some of the original source code used in Stuxnet. Which raises the question: Was Duqu built by the same people who built Stuxnet? Or was it a successful copy?

Duqu seems to have a different purpose than Stuxnet. Instead of having a malicious payload targeting PCL systems, Duqu collects information and then broadcasts it to remote sites. (Some were located in India and have been shut down.) Like Stuxnet, Duqu also seemed to target the industrial control systems sector. Duqu is prevalent mostly in Europe, the Middle East, and Asia. To see whether your system is vulnerable to Duqu, you can obtain a free Duqu detector from CrySyS.

TrueType zero-day exploit travels via Word

Like Stuxnet, Duqu uses a newly discovered (zero-day) vulnerability — CVE-2011-3402 — in the Windows Win32k TrueType font-parsing engine. The flaw, located in the t2embed.dll file, affects Windows XP, Windows 7, Windows Vista, and Windows Server 2003 and 2008. (Windows Server 2008 R2 for Itanium-based systems and Itanium-based Systems Service Pack 1 Server Core installation are not affected.)

On Nov. 3, Microsoft released Security Advisory 2639658, stating that an attacker could “run arbitrary code in kernel mode” if it exploited this TrueType vulnerability. Duqu spreads through a compromised Word file sent to targeted individuals. Microsoft said the attacker who exploited this could “install programs; view, change, or delete data; or create new accounts with full user rights.” In other words, a typical elevation-of-privileges attack. The company went on to say that it sees “low customer impact at this time” because of the targeted nature of Duqu (although some security experts believe Duqu to be potentially very dangerous).

No Microsoft patch is available (yet)

Microsoft has yet to issue a patch for this zero-day vulnerability. Instead, it provided a Fix it (download page), a temporary workaround designed to protect the user until a more permanent solution can be found. The workaround denies access to t2embed.dll, causing the Duqu exploit to fail. But the Duqu Fix it also has an odd characteristic: it prompts Windows XP users to download two older Microsoft patches, MS10-001 (KB 972270) and MS10-076 (KB 982132) — patches most XP users have presumably already installed.

If you’re tired of being prompted for KB 972270 and KB 982132, Microsoft recommends you undo the Fix it. The company told Krebsonsecurity.com “Applications that rely on embedded font technology will fail to display properly. Also, after applying this workaround, users of Windows XP and Windows Server 2003 may be reoffered the KB982132 and KB972270 security updates. These reoffered updates will fail to install. The reoffering is a detection logic issue and users who have successfully applied both the KB982132 and KB972270 security updates previously can ignore the reoffer.”

Best plan: Wait if you can to patch Duqu

Given the problems with the Fix it, it’s probably best if you don’t rush out and apply it. Microsoft will eventually fix the Duqu vulnerability, if not in the December patch cycle, then in a future Patch Tuesday or perhaps an out-of-cycle release.

In the meantime, old advice still works best: save your e-mail file attachments to your hard drive rather than executing them directly. Why? When you execute the file from the hard drive, your antivirus program should now have the Duqu signature file installed and should stop the compromised Word document.