Microsoft releases Duqu malware vulnerability workaround, patch status unknown

Microsoft has released a temporary fix to protect Windows users from the recently discovered Duqu malware, though it’s keeping mum on the timeline for a permanent solution. Thought to be based on the same source code as last year’s Stuxnet worm, Duqu preys on a previously unknown vulnerability in the Win32k TrueType font engine that allows malicious individuals to run code on a user’s machine in kernel mode. Installing programs, backdoors, deleting data, and creating entirely new user profiles with full rights are all possible, and simply opening an infected Word document from an email could launch an attack. Symantec claims Duqu infections have already been discovered in eight countries, and Microsoft confirms the exploit is present in Windows 7, Vista, XP, and several of its server products.

Fortunately, the workaround is relatively simple — just a few lines entered at the command prompt, with a downloadable version also available — but it’s most certainly not a long-term fix, as it removes the ability for applications to use embedded fonts altogether. Microsoft’s playing coy with the status of a formal patch, though, only saying that it will “take the appropriate action to help protect our customers,” and that such steps may included a more formal security update at some point down the line. With such an embarrassing exploit leaving so many users open to attack, we expect Microsoft will roll out a formal security update as soon as possible. Check out the source links below to implement Microsoft’s stop-gap solution.