Microsoft Releases Duqu Workaround, Keeps Mum on Patch Release Timeline


Microsoft Releases Duqu Workaround, Keeps Mum on Patch Release Timeline

Microsoft has released a temporary workaround for the Duqu Trojan. The Redmond software giant has confirmed that the Trojan affects Windows 7, Vista, XP, and a number of its server operating systems, namely Windows Server 2003 and 2008.

Duqu affliction can occur via an infected Word document that may have been delivered as an email attachment. On an unprotected system, Duqu installs itself and allows the attacker to run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

The stop-gap measure currently provided by Microsoft is simple and it prevents access of programs to the T2embed.dll file. In other words, programs will be denied access to embedded fonts after application of the fix. Microsoft has not committed to the timeline of the release of a formal patch for this vulnerability, however, given the gravity of the situation as a large number of its user base is affected by this vulnerability, the company will be expected to release an official patch soon.

The Duqu Trojan is thought to be the successor of Stuxnet which was used in a cyberattack that targeted nuclear plants in Iran early this year. Security researchers have uncovered Duqu's DNA and found it to be very similar to Stuxnet. Just last month, the installer of Duqu was uncovered by researchers at CrySyS and security companies like Norton and Sophos released security advisories on Duqu as it was reported to have surfaced in more than eight countries worldwide.

Source: The Verge, Microsoft

All News Categories

News for Past 12 Months

Subscribe to HWZ Here!

Subscribe now to receive latest tech news, articles and promotions straight to your inbox!
 
 
By signing up, you indicate that you have read and agreed to the and .