As reported previously, last month saw Symantec reporting the discovery of malware threat that has strong similarities to the Stuxnet malware that hit the headlines this time last year. As with the original Stuxnet code, the vendor published an in-depth report on the malware, which bears a strong similarity to the original and may have been developed using the Stuxnet source code.
In the aftermath of a flurry of reports, some sources had noted that Duqu exploited a new vulnerability in Windows, something that Microsoft has now acknowledged, and released a stopgap fix for.
According to security researcher Brian Krebs, the critical vulnerability resides in most supported versions of Windows, including Windows XP, Vista and Windows 7. The problem, he asserts, stems from the way Windows parses certain font types.
“Microsoft says it is aware of targeted attacks exploiting this flaw, but that it believes few users have been affected”, he says in his latest security posting, adding that the flaw is a potentially dangerous one, as Microsoft says that an attacker who successfully exploited this vulnerability could run arbitrary code, install programs; view, change, or delete data; or create new accounts with full user rights.
The most likely vehicle for the exploit is a poisoned email attachment, he notes in his latest security posting.
Microsoft, says the Krebs on Security newswire researcher, is working on developing an official security update to fix the flaw – and for now, has released a point-and-click Fixit tool that allows Windows users to disable the vulnerable component.
“Enabling this tweak may cause fonts in some applications to display improperly. If you experience problems after applying the Fixit solution, you can always undo it by clicking `disable' image in the Microsoft advisory and following the prompts”, he adds.