Microsoft Issues Workaround for Duqu Attack While It Prepares a Patch

Microsoft has publicized code to temporarily blunt attacks against a software vulnerability exploited by Duqu, an front piece of malicious package still being closely analyzed by security measures researchers.

Microsoft is working on a patch for the exposure in the Win32k TrueType font parsing engine, a component of various Windows operating systems. An attacker could exploit information technology to load malevolent code on a computer in kernel mode.

The exploit can be delivered away a vindictive Microsoft Word document, researchers found. The document could be sent to a place via an e-ring armor attachment; opening the document would set in motion the attack.

Researchers from the Testing ground of Cryptography and System Security (CrySyS) in Magyarorszag located an installer filing cabinet for Duqu and discovered it used the previously unknown Windows vulnerability.

Microsoft's workarounds are a few lines of code that run at an body command prompt. Microsoft warned that installing the workarounds may mean that some applications that rely connected embedded font technology Crataegus oxycantha non exhibit decent. The workarounds put on to Microsoft's XP, Vista and 7 operating systems as well as to various Windows Server products. The company has also publicized a immediate fix that lavatory be downloaded and applied.

Monthly Patches on Tuesday

Microsoft is due to release its monthly patches on Tuesday, but it doesn't appear the company testament fix the Duqu exposure in time. Microsoft likewise occasionally releases "out-of-cycle" patches for major vulnerabilities, just information technology typically does not forecast if it will do then.

Microsoft could claim weeks to direct a patch, aforementioned Costin G. RAIU, theater director of the global research and analysis team for Kaspersky Lab.

"Fixing the vulnerability will require modifying the gist code, which is something identical delicate and risky," Rau said. "Testing the modification and patches will take a set of prison term."

Creating an out-of-cyle patch could take out at to the lowest degree two weeks, Raiu said. It is more likely the patch will exist prepare adjacent month, unless the bug is reverse-engineered and more malware starts using it, atomic number 2 said.

Duqu has been likened to Stuxnet, although reports have differed over whether the two pieces of malware are related.

Stuxnet demonstrated a certain level off of sophistication on the part of its creators, as it installed itself in Windows past exploiting four zero-day vulnerabilities — ones that are exploited before the vendor is aware of it and able to develop a patch.

Duqu is also viewed as advanced, since development of a kernel-level problem would enable it to better fudge antivirus software. Duqu is believed to have been created for targeted attacks against organizations.

"We are aware of targeted attacks that try to use the reportable vulnerability; overall, we find out low customer impact at this time," Microsoft aforementioned in an advisory posted late Thursday.

Despite Microsoft's downplaying of the lay on the line, infections have been detected worldwide, including France, the Netherlands, Switzerland, Ukrayina, Republic of India, Iran, Sudan and Vietnam, according to security seller Symantec. Another incidents birth occurred in Austria, Hungary, Indonesia and the U.K.

Chester Wisniewski, a senior security consultant at security vendor Sophos in Canada, wrote on a company blog that it's "pretty serious bug."

"I expect Microsoft won't waste likewise much time acquiring a fix out for this one," he wrote.

(IDG News program Service newswriter Lucian Constantin contributed to this story.)

Send news tips and comments to jeremy_kirk@idg.com

Source: https://www.pcworld.com/article/477970/microsoft_issues_workaround_for_duqu_attack_while_it_prepares_a_patch.html

Posted by: jacksoncomusn.blogspot.com

Share this post