Windows Zero-Day Exploit Linked to Duqu Worm

A zero-day vulnerability discovered on Tuesday by Microsoft is being targeted by attackers as an open door to spread the Duqu malware.

While Microsoft has given little in the way of information, it sent the following Twitter message on Tuesday morning: "We are working to address a vulnerability believed to be connected to the Duqu malware."

The vulnerability appears to be a hole associated with the Windows shell code that is exploited by the Duqu malware, which installs itself by using files stored in a Microsoft Word document, according to Symantec's description (PDF). The Word document is sent to system users, who unintentionally initiate the malware dispersal after opening an attached document.

Little is known about the motivation of the attackers using Duqu, except that Duqu appears to target industrial control systems for information stealing. Symantec disclosed the malware newcomer last month and said it was a close relative to the Stuxnet worm due to the way it operates.

"The threat was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered," wrote Symantec in a blog post. "Duqu's purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party."

Duqu's goal appears to be data gathering, whereas Stuxnet was actually used to disrupt  process control systems, specifically those used in Iran's nuclear reactor program. This difference appears to be why Symantec calls Duqu a "precursor" to Stuxnet.

While Symantec sounded the warning call about the new Trojan, Microsoft remained mum about it publicly until this week's tweet. Microsoft said it is working on a fix for the zero-day exploit but didn't give any indication on whether it would be ready for next week's Patch Tuesday release.

Microsoft may not think there's a huge amount of urgency to rush out a fix. A report last month by Microsoft downplayed the threat of zero-day exploits in general. In that report, Microsoft documented that only 0.12 percent of all software exploits in the first half of the year were due to zero-day holes. It's also thought that that Duqu doesn't self-replicate and that the number of infected systems has been small so far.


About the Author

Chris Paoli is the site producer for and


  • Surface and ARM: Why Microsoft Shouldn't Follow Apple's Lead and Dump Intel

    Microsoft's current Surface flagship, the Surface Pro X, already runs on ARM. But as the ill-fated Surface RT showed, going all-in on ARM never did Microsoft many favors.

  • IT Security Isn't Supposed To Be Easy

    Joey explains why it's worth it to endure a little inconvenience for the long-term benefits of a password manager and multifactor authentication.

  • Microsoft Makes It Easier To Self-Provision PCs via Windows Autopilot When VPNs Are Used

    Microsoft announced this week that the Windows Autopilot service used with Microsoft Intune now supports enrolling devices, even in cases where virtual private networks (VPNs) might get in the way.

  • Most Microsoft Retail Locations To Shut Down

    Microsoft is pivoting its retail operations to focus more on online sales, a plan that would mean the closing of most physical Microsoft Store locations.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.