Microsoft issues workaround for Duqu attack while it prepares a patch

The temporary fix may affect some applications using embedded fonts, Microsoft said

Microsoft has published code to temporarily blunt attacks against a software vulnerability exploited by Duqu, an advanced piece of malicious software still being closely analyzed by security researchers.

Microsoft is working on a patch for the vulnerability in the Win32k TrueType font parsing engine, a component of various Windows operating systems. An attacker could exploit it to load malicious code on a computer in kernel mode.

The exploit can be delivered by a malicious Microsoft Word document, researchers found. The document could be sent to a target via an e-mail attachment; opening the document would launch the attack.

Researchers from the Laboratory of Cryptography and System Security (CrySyS) in Hungary located an installer file for Duqu and discovered it used the previously unknown Windows vulnerability.

Microsoft's workarounds are a few lines of code that run at an administrative command prompt. Microsoft warned that installing the workarounds may mean that some applications that rely on embedded font technology may not display properly. The workarounds apply to Microsoft's XP, Vista and 7 operating systems as well as to various Windows Server products. The company has also published a quick fix that can be downloaded and applied.

Microsoft is due to release its monthly patches on Tuesday, but it doesn't appear the company will fix the Duqu vulnerability in time. Microsoft also occasionally releases "out-of-cycle" patches for major vulnerabilities, but it typically does not forecast if it will do so.

Microsoft could take weeks to engineer a patch, said Costin G. Raiu, director of the global research and analysis team for Kaspersky Lab.

"Fixing the vulnerability will require modifying the kernel code, which is something very delicate and risky," Rau said. "Testing the modification and patches will take a lot of time."

Creating an out-of-cyle patch could take at least two weeks, Raiu said. It is more likely the patch will be ready next month, unless the bug is reverse-engineered and more malware starts using it, he said.

Duqu has been likened to Stuxnet, although reports have differed over whether the two pieces of malware are related.

Stuxnet demonstrated a certain level of sophistication on the part of its creators, as it installed itself in Windows by exploiting four zero-day vulnerabilities -- ones that are exploited before the vendor is aware of it and able to develop a patch.

Duqu is also viewed as advanced, since exploitation of a kernel-level problem would enable it to better evade antivirus software. Duqu is believed to have been created for targeted attacks against organizations.

"We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time," Microsoft said in an advisory posted late Thursday.

Despite Microsoft's downplaying of the risk, infections have been detected worldwide, including France, the Netherlands, Switzerland, Ukraine, India, Iran, Sudan and Vietnam, according to security vendor Symantec. Other incidents have occurred in Austria, Hungary, Indonesia and the U.K.

Chester Wisniewski, a senior security advisor at security vendor Sophos in Canada, wrote on a company blog that it's "pretty serious bug."

"I expect Microsoft won't waste too much time getting a fix out for this one," he wrote.

(IDG News Service correspondent Lucian Constantin contributed to this story.)

Send news tips and comments to jeremy_kirk@idg.com

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags patchesMicrosoftsecurityExploits / vulnerabilities

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?