Microsoft releases Duqu bot workaround
Microsoft has released further information on a recently disclosed hole in the Windows kernel that is being exploited by the Duqu worm. The company says that the hole is contained in the Win32k TrueType font parsing engine. Attackers can exploit this security vulnerability to execute arbitrary code in kernel mode.
In a security advisory, Microsoft describes a workaround that allows users to protect themselves. To make it easy for customers to install, the company has also set up a Fix-it support page that offers a one-click tool for the workaround. Both solutions prevent the system from accessing the vulnerable T2embed.dll file.
Microsoft is currently still working on a security update. However, the company said that the update will not be ready in time for its upcoming monthly patch day, known as Patch Tuesday, next week. On the Microsoft Security Response Center's official blog, company spokesperson Jerry Bryant said that this is because the risk for users is low.
Microsoft has also announced that it will release four security bulletins, one of which is rated as critical, on this month's Patch Tuesday, 8 November. The updates will address remote code execution, privilege escalation and denial-of-service (DoS) vulnerabilities in Windows, and will require users to restart their systems.
- Microsoft Security Bulletin Advance Notification for November 2011, security advisory from Microsoft.