TechTarget

Microsoft issues temporary fix for Windows flaw exploited by Duqu Trojan

Microsoft has issued a temporary fix for a Windows vulnerability being exploited by the Duqu Trojan.

Microsoft has issued a temporary fix for a Windows vulnerability being exploited by the Duqu Trojan.

A flaw in the Win32k TrueType font-parsing engine affected every version of Windows from XP through Windows 7, Microsoft said in a security advisory.

The vulnerability is related to the spread of the Duqu malware, a Stuxnet-like Trojan infecting computers through a Word document. "An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," the advisory warns.

Microsoft said it is aware of targeted attacks that try to use the reported vulnerability, but that overall customer impact is currently low.

Microsoft has shared detailed information on how to build detection into security software with partner companies, which will soon issue software updates to combat the issue, Jerry Bryant, group manager of Microsoft's Response Communications and Trustworthy Computing groups, said in a blog post.

"This means that within hours, anti-malware firms will roll out new signatures that detect and block attempts to exploit this vulnerability," Bryant wrote. "Therefore, we encourage customers to ensure their antivirus software is up-to-date."

The security advisory said that on completion of the investigation into the vulnerability, Microsoft may provide a security update through the monthly release process or provide an out-of-cycle security update, depending on customer needs.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close