Microsoft announces workaround for the Duqu exploit

Microsoft has posted a security advisory 2639658 to address the recently disclosed Windows kernel vulnerability (CVE-2011-3402) exploited by the Duqu malware.

Microsoft has determined the flaw is in the processing of embedded True Type Fonts (TTFs). According to Microsoft:
“The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

That’s a pretty serious bug. In the terms security professionals use, that means it has the ability for remote code execution (RCE) and elevation of privilege (EoP).

Microsoft is working diligently to provide a patch and has offered a FixIt download tool that will disable support for embedded TTFs to provide protection against the flaw.

The problem with that is it will prevent any applications that rely on embedded TTFs from rendering properly. This is a common practice in Microsoft Office documents, browsers and document viewers.

We suggest that users apply this patch if they find any traces of Duqu malware infection. Quick Heal detects it as Trojan.Duqu.

Vishal Dodke

Vishal Dodke

No Comments, Be The First!

Your email address will not be published.