For the last several weeks, the Duqu virus has been alive in the wild. While there had been some speculation as to how it infects systems, Microsoft has now admitted that a zero day flaw in Windows is partially to blame.
In a security advisory issued late Thursday, Microsoft disclosed a previously un-reported Windows flaw. The flaw attacks the TrueType font parsing engine Win32k component.
“An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode,” Microsoft warned. “The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
To fix the flaw, Microsoft has provided a ‘Fix it’ tool as an immediate workaround to help mitigate the risk of the TrueType font parsing engine. Microsoft has also indicated that they may be providing a security patch update to all of their customers.
Additionally, Microsoft has provide detailed information to participants in the Microsoft Active Protections Program (MAPP). MAPP partners include antivirus and network security firms that can now provide their respective customers with rules and signature updates to protect against the flaw.