Duqu-linked privilege flaw discovered in Windows

The Redmond software giant says that an attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode, allowing them to “install programs; view, change, or delete data; or create new accounts with full user rights.”

“We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware”, said Microsoft in its advisory, adding that it may include an update in its monthly Patch Tuesday process.

Ziv Mador, a security researcher with M86 Security's Israel operation, has picked up on the security issue and, while he said that only a handful of targeted attacks have been found, the issue affects most Windows versions, including Windows 7.

“An attack involves a file which has a maliciously crafted TrueType font file (TTF) embedded in it. There are several file formats that use TrueType fonts, for example, file formats of Microsoft Office and Adobe Acrobat Reader. In the currently known targeted attacks, a Microsoft Word document was used”, he wrote in his latest security posting.

Once rendered on a vulnerable system, Mador reports that parsing the TTF file may end up with execution of malicious code. The good news, he noted, is that Microsoft has issued a FixIt tool as a workaround.

The tool, he said, disables access to the system file T2embed.dll in order to avoid TrueType font processing, although he adds that applications that use these fonts may break after the workaround is deployed.

“In the known attacks, the installed malware is known as Duqu. The Laboratory of Cryptography and System Security (CrySyS) at Budapest University first reported these attacks and they were thoroughly investigated by that team”, he concluded.

What’s hot on Infosecurity Magazine?