SOFTWARE HOUSE Microsoft has reacted to reports of the Duqu trojan virus, admitted that it doesn't have patch yet, but said it has a workaround to mitigate the vulnerability in Windows.
The firm was pinned down over the Duqu attacks earlier this week after Symantec confirmed that a zero-day exploit in Windows was exposing users to the attacks.
"The installer file is a Microsoft Word document (.doc) that exploits a previously unknown kernel vulnerability that allows code execution. When the file is opened, malicious code executes and installs the main Duqu binaries," wrote Symantec on its security blog.
"The Word document was crafted in such a way as to definitively target the intended receiving organisation... Unfortunately, no robust workarounds exist at this time other than following best practices, such as avoiding documents from unknown parties and utilising alternative software."
Microsoft said that it was looking at the problem, and has now reacted. It has released Security Advisory 2639658 that addresses what Microsoft concedes could let someone take admin rights over an attacked system.
"Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode," said the firm in a post made last night.
"The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware."
The security advisory offers a temporary workaround that requires issuing some commands using an account that has system administration privileges. The workaround reportedly is reversible.
Microsoft said that as soon as it completes its investigations it will release a security update. µ
Sign up for INQbot – a weekly roundup of the best from the INQ