Microsoft expected to offer hot fix for Duqu soon

[InfoSec News <alerts () infosecnews org>]

http://www.networkworld.com/news/2011/110311-microsoft-duqu-252736.html

By Julie Bort
Network World
November 03, 2011

The big zero-day exploit on everyone's mind is Duqu, or "son of Stuxnet" 
- but researchers don't expect Microsoft to include a patch for it in 
next week's Patch Tuesday. Instead, a manual fix could be out as soon as 
this week.

"While many dispute the threat imposed by this bug, no one disputes the 
risk of the Day Zero Vulnerability in Microsoft software that it takes 
advantage of. The vulnerability is exploited through a malicious Word 
document - when the user opens the document, a Zero Day Kernel 
Vulnerability is taken advantage of to execute malicious code. Microsoft 
did not issue a patch this cycle but an advisory will likely be released 
today or tomorrow with a link to a 'Fix It' hot fix. This means that 
user intervention will be required, as a hot fix cannot be pushed out to 
the entire network," says Paul Henry, security and forensic analyst for 
patch vendor Lumension.

Duqu is worrisome because it installs a keystroke logger and then can 
replicate itself, even across secure networks, using the passwords 
obtained. It communicates with other servers across the Internet, giving 
hackers access. The malware will remove itself after 30 days.

The Microsoft Security team has been mostly mum on Duqu, with the 
exception of acknowledging the threat in a tweet Tuesday that simply 
said, "We are working to address a vulnerability believed to be 
connected to the Duqu malware."

[...]


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn