News

Windows Zero-Day Exploit Linked to Duqu Worm

A zero-day vulnerability discovered on Tuesday by Microsoft is being targeted by attackers as an open door to spread the Duqu malware.

While Microsoft has given little in the way of information, it sent the following Twitter message on Tuesday morning: "We are working to address a vulnerability believed to be connected to the Duqu malware."

The vulnerability appears to be a hole associated with the Windows shell code that is exploited by the Duqu malware, which installs itself by using files stored in a Microsoft Word document, according to Symantec's description (PDF). The Word document is sent to system users, who unintentionally initiate the malware dispersal after opening an attached document.

Little is known about the motivation of the attackers using Duqu, except that Duqu appears to target industrial control systems for information stealing. Symantec disclosed the malware newcomer last month and said it was a close relative to the Stuxnet worm due to the way it operates.

"The threat was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered," wrote Symantec in a blog post. "Duqu's purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party."

Duqu's goal appears to be data gathering, whereas Stuxnet was actually used to disrupt  process control systems, specifically those used in Iran's nuclear reactor program. This difference appears to be why Symantec calls Duqu a "precursor" to Stuxnet.

While Symantec sounded the warning call about the new Trojan, Microsoft remained mum about it publicly until this week's tweet. Microsoft said it is working on a fix for the zero-day exploit but didn't give any indication on whether it would be ready for next week's Patch Tuesday release.

Microsoft may not think there's a huge amount of urgency to rush out a fix. A report last month by Microsoft downplayed the threat of zero-day exploits in general. In that report, Microsoft documented that only 0.12 percent of all software exploits in the first half of the year were due to zero-day holes. It's also thought that that Duqu doesn't self-replicate and that the number of infected systems has been small so far.

 

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Old Stone Wall Graphic

    Microsoft Addressing 36 Vulnerabilities in December Security Patch Release

    Microsoft on Tuesday delivered its December bundle of security patches, which affect Windows, Internet Explorer, Office, Skype for Business, SQL Server and Visual Studio.

  • Microsoft Nudging Out Classic SharePoint Blogs

    So-called "classic" blogs used by SharePoint Online subscribers are on their way toward "retirement," according to Dec. 4 Microsoft Message Center post.

  • Datacenters in Space: OrbitsEdge Partners with HPE

    A Florida-based startup is partnering with Hewlett Packard Enterprise in a deal that gives new meaning to the "edge" in edge computing.

  • Windows 10 Hyper-V vs. Windows Server Hyper-V: Which Platform for Which Workloads?

    The differences between these two Hyper-V versions are pretty significant, depending on what you plan to use them for. Here's a quick rundown of each platform, from their features to licensing quirks to intended use cases.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.