Microsoft Releases Duqu Workaround, Keeps Mum on Patch Release Timeline
Microsoft has released a temporary workaround for the Duqu Trojan. The Redmond software giant has confirmed that the Trojan affects Windows 7, Vista, XP, and a number of its server operating systems, namely Windows Server 2003 and 2008.
Duqu affliction can occur via an infected Word document that may have been delivered as an email attachment. On an unprotected system, Duqu installs itself and allows the attacker to run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
The stop-gap measure currently provided by Microsoft is simple and it prevents access of programs to the T2embed.dll file. In other words, programs will be denied access to embedded fonts after application of the fix. Microsoft has not committed to the timeline of the release of a formal patch for this vulnerability, however, given the gravity of the situation as a large number of its user base is affected by this vulnerability, the company will be expected to release an official patch soon.
The Duqu Trojan is thought to be the successor of Stuxnet which was used in a cyberattack that targeted nuclear plants in Iran early this year. Security researchers have uncovered Duqu's DNA and found it to be very similar to Stuxnet. Just last month, the installer of Duqu was uncovered by researchers at CrySyS and security companies like Norton and Sophos released security advisories on Duqu as it was reported to have surfaced in more than eight countries worldwide.