Microsoft working to patch 0-day Windows vulnerability discovered in Duqu malware

By Tom Warren, on 1st Nov 11 6:44 pm with 4 Comments

Microsoft confirmed on Tuesday that it is working to patch a flaw found in the Duqu malware.

Security researchers discovered a previously unknown Windows kernel vulnerability inside the infamous Duqu malware. CrySyS, the group who originally discovered the malware, warned on Tuesday that the malware contains a dropper file with a Microsoft 0-day kernel exploit inside. The exploit could allow malicious users to remotely execute code on an infected system.

Symantec revealed that Duqu is installable by modified Microsoft Word Documents (.doc). When a malicious file is opened, code executes and installs the main Duqu binaries. Attackers can command Duqu to install and spread to other computers once it has installed itself on a particular machine in an organisation, Symantec warned. However, most security vendor products already detect and block Duqu, preventing the attack from reaching machines. Symantec has confirmed that at least six organisations have been hit by the malware across several countries.

Microsoft confirmed the vulnerability on Tuesday. Microsoft is working on a security advisory for the issue. “We are working to address a vulnerability believed to be connected to the Duqu malware,” said a Microsoft spokesperson. The software giant is expected to issue a full security bulletin shortly.

  • Anonymous

    gone are the days of real viruses. its all about stealing and infiltration now. coders had more honour back then 

    • Anonymous

      Yeah sure! They were always criminals fit for the gallows.

  • Anonymous

    Does that only affect .doc or does it also affect docx?  And is it all versions of Microsoft Office?

  • Damon

    DUQU in all MS Officce Worked