Blog
Vishal Dodke

Microsoft announces workaround for the Duqu exploit

November 5, 2011
0
Estimated reading time: 1 minute
Microsoft has posted a security advisory 2639658 to address the recently disclosed Windows kernel vulnerability (CVE-2011-3402) exploited by the Duqu malware.

Microsoft has determined the flaw is in the processing of embedded True Type Fonts (TTFs). According to Microsoft:
“The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

That’s a pretty serious bug. In the terms security professionals use, that means it has the ability for remote code execution (RCE) and elevation of privilege (EoP).

Microsoft is working diligently to provide a patch and has offered a FixIt download tool that will disable support for embedded TTFs to provide protection against the flaw.

The problem with that is it will prevent any applications that rely on embedded TTFs from rendering properly. This is a common practice in Microsoft Office documents, browsers and document viewers.

We suggest that users apply this patch if they find any traces of Duqu malware infection. Quick Heal detects it as Trojan.Duqu.

Have something to add to this story? Share it in the comments.

No Comments, Be The First!

Your email address will not be published.

CAPTCHA Image