Microsoft Details Duqu Workaround

  /     /     /  
Publicated : 22/11/2024   Category : security


Microsoft Details Duqu Workaround


Patch Tuesday next week wont have a fix for the newly discovered zero-day vulnerability, but Microsoft says it will deliver one as soon as it can.



(click image for larger view)
Slideshow: 10 Massive Security Breaches
Microsoft on Thursday confirmed the existence of a new Windows zero-day vulnerability and said its investigating the flaw and will patch it as soon as possible.
Existence of the previously unknown vulnerability surfaced after researchers began studying the recently discovered
Duqu malware
, which appears to have been designed to
steal industrial control design documents
. By exploiting the zero-day vulnerability, the industrial espionage malware would have the ability to infect Windows PCs without being detected.
Microsoft said the zero-day vulnerability exploited by Duqu involves a font parsing flaw in the TrueType engine in 32-bit versions of Windows. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights, according to Microsofts
security advisory
.
[ Learn more. Read
What Is Duqu Up To?
]
Thats a pretty serious bug, said Chester Wisniewski, a senior security advisor at Sophos Canada, in a
blog post
. In the terms security professionals usually use that means it has the ability for remote code execution and elevation of privilege.
One piece of good news is that the vulnerability cant be automatically exploited--for example, simply by receiving a malicious email--but would require some user interaction. For an attack to be successful, a user must open an attachment that is sent in an email message, said Microsoft. At that point, however, the malware could be detected, blocked, and eliminated by antivirus engines.
In lieu of an outright fix, Microsoft has detailed a workaround, which involves disabling support for embedded TrueType fonts. Microsofts advisory includes a link to a fix it tool, which will disable system access to the vulnerable operating system component, which is the T2embed.dll file. We recommend applying the workaround, but organizations should explore the impact that the diminished rendering capacity will have on normal document processing and Web browsing, said Wolfgang Kandek, CTO of Qualys, in a
blog post
.
As that suggests, the workaround may cause Microsoft Office applications to incorrectly render documents with embedded TrueType fonts. Microsoft said that it will release a patch as soon as it can develop one, meaning it could come packaged as part of its December set of patch releases, or even sooner via an out-of-band patch.
A fix for the flaw wont, however, be part of next weeks monthly set of patch releases. On Thursday, Microsoft announced that it will release
patches for four bugs
involving Vista, Windows 7, Windows XP, Server 2003 SP2, and 2008 Server R2. Only one of the patches is rated as critical, meaning that it could be remotely exploited without user intervention. Per normal practice, Microsoft wont detail the exact products to be patched, or the flaws in question, until it releases the actual patches.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft Details Duqu Workaround