Microsoft Releases Temporary Workaround for Duqu Zero-Day Kernel Issue
Microsoft today released a workaround, documented in Security Advisory 2639658, that will prevent the Duqu malware from entering a targeted system through a Windows kernel issue.
While Microsoft has yet to release a proper patch for this issue, it has outlined that users can deny the malware access to the t2embed.dll library file by deploying the workaround. According to Microsoft, this temporary measure should stop an attacker from remotely accessing a computer through a recently discovered zero-day Windows kernel exploit.
Microsoft has packaged the workaround in a one-click fix that will automatically update the Windows kernel with a few lines of code to stop unauthorized access.
Finally, the advisory stated that Microsoft has released relevant information about the vulnerability to various security software firms.
"To further protect customers, we provided our partners in the Microsoft Active Protections Program (MAPP) detailed information on how to build detection for their security products," wrote Jerry Bryant, group manager for Microsoft's Trustworthy Computing Group, in a blog post. "This means that within hours, anti-malware firms will roll out new signatures that detect and block attempts to exploit this vulnerability. Therefore we encourage customers to ensure their antivirus software is up-to-date."
Microsoft acknowledged the zero-day issue on Tuesday, but Bryant said that a permanent fix will not be available in time for next week's Patch Tuesday. Left unaddressed, the flaw could lead to unauthorized remote access to a system.
"The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," Microsoft explained.