Critical Infrastructure Security, Threat Management, Malware, Network Security, Threat Management

Microsoft issues workaround for Duqu malware

Microsoft on Thursday confirmed the Windows kernel flaw used to spread Duqu, the so-called "son of Stuxnet" trojan, and issued a temporary fix to block attacks attempting to exploit the flaw.  

The vulnerability, which affects the Win32k TrueType font parsing engine, a component of Windows, could be exploited by an attacker to run arbitrary code on an affected machine in kernel mode at the core of the operating system, according to Microsoft's advisory.

The Redmond, Wash.-based computing giant is working to develop a permanent fix, which it expects to release as part of its regular security update cycle, though it will not be ready for this month's bulletin release.

In the meantime, Microsoft released a “Fix it” solution that allows for the one-click installation of a workaround that can be applied to any Windows system. Additionally, Microsoft provided security software companies with detailed information on how to equip their products with detection for attacks that aim to exploit the vulnerability.

“It's important to note that the associated risk is minimal for the public,” Jerry Bryant, group manager of response communications at Microsoft Trustworthy Computing, told SCMagazineUS.com in an email Thursday night EST. “Microsoft and our industry partners encourage customers to ensure their anti-virus software is up to date, as we continue to work toward a solution for this issue.”

The flaw came to light earlier this week following additional analysis of Duqu, an information-stealing trojan that, according to experts, shares much of its code with the notorious Stuxnet worm.

The trojan, which contains a dropper program that exploits the Windows kernel bug, likely was created to conduct reconnaissance of targeted industrial control systems, and may be a precursor to another Stuxnet-like attack, experts have warned.

There is some debate, however, over whether Duqu should be considered as worrisome as Stuxnet. Some researchers have said that none of Duqu's code is written specifically for industrial control systems, unlike Stuxnet.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.