Microsoft Issues Workaround for Duqu Malware

According to an article in ComputerWorld (www.computerworld.com), Microsoft has released a workaround as well as a quick fix to temporarily blunt attacks against a software vulnerability exploited by Duqu, an advanced piece of malicious software (malware).

Duqu is being watched by security researchers closely, as it could exploit a machine in kernel mode through an infected Word document. The document could be sent to a target via an email attachment; opening the document would launch the attack. Duqu is believed to have been created for targeted attacks against organizations.

Microsoft’s workaround for this zero-day flaw involves a few lines of code that run at an administrative command prompt. Installing the workarounds may mean some applications that rely on embedded font technology may not display properly. The workaround is considered by some to be a bit sloppy.

As an alternative, computer users can avoid the malware by not clicking on email attachments or opening them. It is best practice to treat all email attachments as dangerous, especially if the sender is unknown or if you were not expecting an attachment.

Also note that this quick fix is not a security update. Whether or not a patch for this vulnerability will be included in Tuesday’s Security Updates for November is not yet known.

See the advisory and workaround here and the quick fix here.

Advertisements

About MIT
IT Security Awareness Consultant and Communications Specialist at MIT

Comments are closed.

%d bloggers like this: