Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Microsoft issues workaround for Duqu attack

Temporary fix may affect some applications using embedded fonts, Microsoft said

Article comments

Microsoft has published code to temporarily blunt attacks against a software vulnerability exploited by Duqu, an advanced piece of malicious software still being closely analysed by security researchers.

Microsoft is working on a patch for the vulnerability in the Win32k TrueType font parsing engine, a component of various Windows operating systems. An attacker could exploit it to load malicious code on a computer in kernel mode.

The exploit can be delivered by a malicious Microsoft Word document, researchers found. The document could be sent to a target via an email attachment; opening the document would launch the attack.

Researchers from the Laboratory of Cryptography and System Security (CrySyS) in Hungary located an installer file for Duqu and discovered it used the previously unknown Windows vulnerability.

Microsoft's workarounds are a few lines of code that run at an administrative command prompt. Microsoft warned that installing the workarounds may mean that some applications that rely on embedded font technology may not display properly. The workarounds apply to Microsoft's XP, Vista and 7 operating systems as well as to various Windows Server products. The company has also published a quick fix that can be downloaded and applied.

Microsoft is due to release its monthly patches tomorrow, but it doesn't appear the company will fix the Duqu vulnerability in time. Microsoft also occasionally releases "out-of-cycle" patches for major vulnerabilities, but it typically does not forecast if it will do so.

Microsoft could take weeks to engineer a patch, said Costin G Raiu, director of the global research and analysis team for Kaspersky Lab.

"Fixing the vulnerability will require modifying the kernel code, which is something very delicate and risky," Rau said. "Testing the modification and patches will take a lot of time."

Creating an out-of-cyle patch could take at least two weeks, Raiu said. It is more likely the patch will be ready next month, unless the bug is reverse-engineered and more malware starts using it, he said.

Duqu has been likened to Stuxnet, although reports have differed over whether the two pieces of malware are related.

Stuxnet demonstrated a certain level of sophistication on the part of its creators, as it installed itself in Windows by exploiting four zero-day vulnerabilities - ones that are exploited before the vendor is aware of it and able to develop a patch.

Duqu is also viewed as advanced, since exploitation of a kernel-level problem would enable it to better evade antivirus software. Duqu is believed to have been created for targeted attacks against organisations.

"We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time," Microsoft said in an advisory posted late Thursday.

Despite Microsoft's downplaying of the risk, infections have been detected worldwide, including France, the Netherlands, Switzerland, Ukraine, India, Iran, Sudan and Vietnam, according to security vendor Symantec. Other incidents have occurred in Austria, Hungary, Indonesia and the UK.

Chester Wisniewski, a senior security advisor at security vendor Sophos in Canada, wrote on a company blog that it's "pretty serious bug."

"I expect Microsoft won't waste too much time getting a fix out for this one," he wrote.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *