Microsoft Releases Temporary Fix for Duqu Windows Exploit
Microsoft has issued a workaround to help keep Windows users safe from the Duqu Trojan, a nasty and sophisticated piece of malware spreading in the wild via Word documents.
Released Thursday (Nov. 3), the fix, Microsoft explained in a security advisory, addresses a vulnerability found in Windows' TrueType font parsing engine, a component of the Windows kernel responsible for processing certain fonts.
Microsoft said an attacker can exploit the flaw, found in every version of Windows from XP through Windows 7, to run arbitrary code and install programs on an infected machine, as well as to, "view, change or delete data; or create new accounts with full user rights."
This means that a hacker deploying the Duqu Trojan against a Windows machine that hasn't yet downloaded the temporary fix could gain nearly total access to a person's computer.
To facilitate customers implementing the workaround, Microsoft released a Fix it tool that allows for one-click installation of the security measure.
The Duqu Trojan, a new piece of Stuxnet-like malware thought to be targeting either industrial control facilities such as power plants and oil refineries or certificate authorities, was discovered in early October, but just recently, researchers found that it contains a zero-day exploit and hides in Microsoft Word documents.
It's unclear how far Duqu has spread, but to date it has been spotted in eight countries: France, Netherlands, Sudan, India, Iran, Vietnam, Switzerland and Ukraine.
Though the workaround is only temporary, Microsoft said it is working to issue a full security update to fix the problem, although it will not be included in next Tuesday's (Nov. 8) monthly Patch Tuesday.
Microsoft added that it has shared information with security firms on how to build detection for this flaw into security software, and is encouraging customers to update their anti-virus programs to make sure the software spots the Duqu Trojan.