Microsoft confirmed on Tuesday that it is working to patch a flaw found in the Duqu malware.
Security researchers discovered a previously unknown Windows kernel vulnerability inside the infamous Duqu malware. CrySyS, the group who originally discovered the malware, warned on Tuesday that the malware contains a dropper file with a Microsoft 0-day kernel exploit inside. The exploit could allow malicious users to remotely execute code on an infected system.
Symantec revealed that Duqu is installable by modified Microsoft Word Documents (.doc). When a malicious file is opened, code executes and installs the main Duqu binaries. Attackers can command Duqu to install and spread to other computers once it has installed itself on a particular machine in an organisation, Symantec warned. However, most security vendor products already detect and block Duqu, preventing the attack from reaching machines. Symantec has confirmed that at least six organisations have been hit by the malware across several countries.
Microsoft confirmed the vulnerability on Tuesday. Microsoft is working on a security advisory for the issue. “We are working to address a vulnerability believed to be connected to the Duqu malware,” said a Microsoft spokesperson. The software giant is expected to issue a full security bulletin shortly.