ID: IRCNE2011111306
Date: 2011-11-06
According to "zdnet", Microsoft has shipped an advisory to formally confirm the zero-day vulnerability used in the Duqu malware attack and is offering a temporary “fix-it” workaround to help Windows users block future attacks.
The vulnerability affects the Win32k TrueType font parsing engine and allows hackers to run arbitrary code in kernel mode, Microsoft said in its security advisory.
The company also confirmed my earlier report that this vulnerability will NOT be patched as part of this month’s Patch Tuesday bulletins.
The advisory includes a pre-patch workaround that can be applied to any Windows system.
To make it easy for customers to install, Microsoft released a fix-it that will allow one-click installation of the workaround and an easy way for enterprises to deploy. The one-click workaround can be found at the bottom of this KB article.
Microsoft explained that the Duqu malware exploit targets a problem in one of the T2EMBED.DLL, which called by the TrueType font parsing engine in certain circumstances. The workaround effectively denies access to T2EMBED.DLL, causing the exploit to fail.
According to Symantec, the Duqu zero-day vulnerability was exploited via a rigged Word .doc and gave the hackers remote code execution once the file was opened.
- 2