Microsoft issues Duqu workaround for critical Windows vulnerability

By Tom Warren, on 4th Nov 11 7:32 am with 3 Comments

Microsoft revealed a workaround on Thursday to temporarily fix a Windows kernel issue related to the Duqu malware.

The software giant revealed on Tuesday that it was working on a patch for a flaw found in the Duqu malware. Security researchers discovered a previously unknown Windows kernel vulnerability inside the infamous Duqu malware. The malware contains a dropper file with a Microsoft 0-day kernel exploit inside. The exploit could allow malicious users to remotely execute code on an infected system.

Symantec revealed that Duqu is installable by modified Microsoft Word Documents (.doc). When a malicious file is opened, code executes and installs the main Duqu binaries. Attackers can command Duqu to install and spread to other computers once it has installed itself on a particular machine in an organization, Symantec warned. However, most security vendor products already detect and block Duqu, preventing the attack from reaching machines. Symantec has confirmed that at least six organizations have been hit by the malware across several countries.

Microsoft’s temporary workaround can be applied to any Windows system. The company has provided a Fix it that allows end users and enterprise customers to quickly deploy the fix.”Our engineering teams determined the root cause of this vulnerability,” revealed Microsoft’s Jerry Bryant in a blog post on Thursday. “We are working to produce a high-quality security update to address it,” he added. Microsoft is working to release a full security update via its security bulletin process but the patch will not be ready in time for this month’s Patch Tuesday.

You can find details of Microsoft’s Duqu workaround in security advisory 2639658.

  • sushovande

    Yes, but what does the FixIt do? Does it disable TTF parsing / embedding / webfonts entirely?