Microsoft issues temporary fix for critical Windows hole

Workaround targets vulnerability being exploited by the Stuxnet-like Duqu Trojan infecting computers via a Word document.

Countries with reported Duqu infections. Red represents confirmed infections, orange represents unconfirmed reports.
Countries with reported Duqu infections. Red represents confirmed infections, orange represents unconfirmed reports. Symantec

Microsoft issued a temporary fix this evening for a previously unknown critical Windows vulnerability being exploited by the Duqu Trojan to infect systems.

The software giant said in an advisory issued late tonight that a flaw in the Win32k TrueType font-parsing engine affected every version of Windows from XP through Windows 7. The vulnerability is related to the spread of the Duqu malware , a Stuxnet-like Trojan infecting computers via a Word document.

"An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode," the advisory warned. "The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

Detailed information on how to build detection into security software has been shared with partner companies, which will soon issue software updates to combat the issue, Jerry Bryant, group manager of Microsoft's Response Communications and Trustworthy Computing groups, said in a blog post .

"This means that within hours, anti-malware firms will roll out new signatures that detect and block attempts to exploit this vulnerability," he wrote. "Therefore, we encourage customers to ensure their antivirus software is up-to-date."

The Word document containing the Duqu installer was created to target a specific organization and to only install during an eight-day window in August, Symantec said. It's unclear how widespread Duqu is. Symantec has traced infections within six organizations in eight countries: France, Netherlands, Switzerland, Ukraine, India, Iran, Sudan and Vietnam.

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

HOT ON CNET

Point-and-shoot quality with your phone?

Upgrade your camera photo game with these great additions.