Registered in the newspaper as a post office
|
|
|
Microsoft acknowledges Duqu virus vulnerability
SOFTWARE HOUSE Microsoft has reacted to reports of the Duqu trojan virus, admitted that it doesn't have patch yet, but said it has a workaround to mitigate the vulnerability in Windows.
The firm was pinned down over the Duqu attacks earlier this week after Symantec confirmed that a zero-day exploit in Windows was exposing users to the attacks.
"The installer file is a Microsoft Word document (.doc) that exploits a previously unknown kernel vulnerability that allows code execution. When the file is opened, malicious code executes and installs the main Duqu binaries," wrote Symantec on its security blog.
"The Word document was crafted in such a way as to definitively target the intended receiving organisation... Unfortunately, no robust workarounds exist at this time other than following best practices, such as avoiding documents from unknown parties and utilising alternative software."
Microsoft said that it was looking at the problem, and has now reacted. It has released Security Advisory 2639658 that addresses what Microsoft concedes could let someone take admin rights over an attacked system.
"Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode," said the firm in a post made last night.
"The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware."
The security advisory offers a temporary workaround that requires issuing some commands using an account that has system administration privileges. The workaround reportedly is reversible.
Microsoft said that as soon as it completes its investigations it will release a security update. µ
Tags: SecuritySoftwareMicrosoft
Share this:
Share
As is stated, this is a kernel mode exploit. It has zero to do with the application itself, or what rights it runs with.
Much like the many kernel exploits that make Linux is such an insecure OS, and such a bad idea for anything internet facing.
http://www.zone-h.org/news/id/4737
FYI, compared to an enterprise Linux distribution of the same age, Windows Server has roughly a tenth of the security vulnerabilities (See Secunia.org).
This - a Word doc corrupting the kernel - is simply a side-effect of the power of the Micr0$uck$ LoseDoze Operating System (O/S) that allows any application kernel access. This kind of power comes at a price like this vulnerability, but without it, you wouldn't have the vast capabilities of pretty pictures and fancy plots.
And don't forget all of the other INNOVATIVE features - installing the internet onto the machine, browsing the web, point and click, cut and paste, multitasking - basically all of the things that so DIFFICULT if not outright IMPOSSIBLE to do with any other O/S.
Good god, people, wake up to what used to be common sense! Problem is this weenie notion of mingling code and data. No way in hell should a "document" be able to take over a computer.
IF, 30 years, this -- and hundreds of other needless flaws due to stupid ideas that should never be implemented -- had been known would be the result of M$ incompetence, Bill Gates would have been hanged. M$ doesn't even learn from its mistakes, just covers them with /new/ and bigger ones. Now we're stuck forever at the mercy of greedy idiots. This is how civilization ends, not with a bang but with a kernel exploit.
Windows should really prioritize it's security infrastructure.