toggle

AAPL Stock: 109.27 ( -1.1 )

Printed from http://www.macnn.com

Microsoft puts out Duqu malware workaround, vows a fix

updated 04:45 pm EDT, Fri November 4, 2011

Exploit could wreck files or alter permissions

Microsoft has confirmed a vulnerability in the Windows kernel that was being used in the Duqu exploit. If used, an attacker could install apps, change data, or create new accounts with full user rights. Microsoft is working on a full fix, and in the meantime, is offering a workaround for download (free, Fix it tool).

The threat takes advantage of a vulnerability in Microsoft Windows' Win32k TrueType font parsing engine, and lets a hacker run arbitrary code in kernel mode, the deepest level of access.

The workaround does have possible negative side effects. It could prevent apps that rely on embedded True Type fonts, such as Office documents, browsers and document viewers, from rendering text properly.

Although the threat is real, and there have been instances of computers being exploited, Microsoft said there was "low customer impact at this time." The malware is usually spread through e-mail attachments, but cannot be exploited automatically through the e-mail itself. For an attack to be successful, a user has to open an infected attachment.

Microsoft has not said when a full fix would be available. It could come as soon as next Tuesday with its regular update schedule. It could wait until next month, or it could make it available sooner through a special update. The Windows developer often puts out updates if it believes there's a major threat from a zero-day exploit. [via Sophos]




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

Follow us on Facebook

toggle

Most Popular

Advertisement

Recent Reviews

Blue Yeti Studio

Despite being very familiar with Blue Microphones' lower-end products -- we've long recommended the company's Snowball line of mics ...

ZTE Spro 2 Smart Projector

Home theaters are becoming more and more accessible these days, but maybe you've been a bit wary about buying a home projector. And h ...

MSI Geforce GTX 970 100ME

When Nvidia announced a new line of video cards in September 2014, many people thought things would continue to be business as usual i ...

toggle

Most Commented