Windows Zero-Day Exploit Linked to Duqu Worm

A zero-day vulnerability discovered on Tuesday by Microsoft is being targeted by attackers as an open door to spread the Duqu malware.

While Microsoft has given little in the way of information, it sent the following Twitter message on Tuesday morning: "We are working to address a vulnerability believed to be connected to the Duqu malware."

The vulnerability appears to be a hole associated with the Windows shell code that is exploited by the Duqu malware, which installs itself by using files stored in a Microsoft Word document, according to Symantec's description (PDF). The Word document is sent to system users, who unintentionally initiate the malware dispersal after opening an attached document.

Little is known about the motivation of the attackers using Duqu, except that Duqu appears to target industrial control systems for information stealing. Symantec disclosed the malware newcomer last month and said it was a close relative to the Stuxnet worm due to the way it operates.

"The threat was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered," wrote Symantec in a blog post. "Duqu's purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party."

Duqu's goal appears to be data gathering, whereas Stuxnet was actually used to disrupt  process control systems, specifically those used in Iran's nuclear reactor program. This difference appears to be why Symantec calls Duqu a "precursor" to Stuxnet.

While Symantec sounded the warning call about the new Trojan, Microsoft remained mum about it publicly until this week's tweet. Microsoft said it is working on a fix for the zero-day exploit but didn't give any indication on whether it would be ready for next week's Patch Tuesday release.

Microsoft may not think there's a huge amount of urgency to rush out a fix. A report last month by Microsoft downplayed the threat of zero-day exploits in general. In that report, Microsoft documented that only 0.12 percent of all software exploits in the first half of the year were due to zero-day holes. It's also thought that that Duqu doesn't self-replicate and that the number of infected systems has been small so far.


About the Author

Chris Paoli is the site producer for and


  • RAMBleed Side-Channel Attack Method Disclosed by Researchers

    Academic researchers this week published information about another side-channel attack method, called "RAMBleed," that can expose information from memory chips, including encryption key information.

  • Penguin

    Windows 10 Preview Build 18917 Shows Off New Linux Integration

    Microsoft's latest Windows 10 "fast-ring" preview release is showcasing a coming Delivery Optimization enhancement, along with the ability to try the newly emerged Windows Subsystem for Linux version 2.

  • Customizing Microsoft Office 365

    While the overall look and feel of Office 365 is pretty standard across organizations, there are several ways to personalize it and make it fit better with your company's specific needs.

  • Microsoft 365 Business Tenants Getting Conditional Access and Trouble-Ticket Features

    Microsoft added its conditional access security service to Microsoft 365 Business subscriptions, according to a Wednesday announcement, and it also added new trouble-ticket features for Microsoft 365 administrators.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.