News

Microsoft Releases Temporary Workaround for Duqu Zero-Day Kernel Issue

Microsoft today released a workaround, documented in Security Advisory 2639658, that will prevent the Duqu malware from entering a targeted system through a Windows kernel issue.

While Microsoft has yet to release a proper patch for this issue, it has outlined that users can deny the malware access to the t2embed.dll library file by deploying the workaround. According to Microsoft, this temporary measure should stop an attacker from remotely accessing a computer through a recently discovered zero-day Windows kernel exploit.

Microsoft has packaged the workaround in a one-click fix that will automatically update the Windows kernel with a few lines of code to stop unauthorized access.

Finally, the advisory stated that Microsoft has released relevant information about the vulnerability to various security software firms.

"To further protect customers, we provided our partners in the Microsoft Active Protections Program (MAPP) detailed information on how to build detection for their security products," wrote Jerry Bryant, group manager for Microsoft's Trustworthy Computing Group, in a blog post. "This means that within hours, anti-malware firms will roll out new signatures that detect and block attempts to exploit this vulnerability. Therefore we encourage customers to ensure their antivirus software is up-to-date."

Microsoft acknowledged the zero-day issue on Tuesday, but Bryant said that a permanent fix will not be available in time for next week's Patch Tuesday. Left unaddressed, the flaw could lead to unauthorized remote access to a system.

"The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," Microsoft explained.

 

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Issues Windows Server HTTP/2 Attack Advisory

    Microsoft issued Security Advisory ADV190005 on Wednesday concerning a potential HTTP/2 settings issue for users of Internet Information Services (IIS) on Windows Server.

  • Performing a Storage Refresh on Windows Server 2016, Part 2

    Earlier, Brien walked through the steps of preparing a physical Windows Server 2016 machine for a storage refresh. Now, he shows how to complete the process, all the way to OS restoration.

  • New Office App Coming to Windows 10 Users

    Microsoft is delivering a new Office app for Windows 10 consumer and business users over the new few weeks, according to a Wednesday announcement.

  • Microsoft Warns .NET Core 1.0 and 1.1 Losing Support in June

    Microsoft gave notice this week that .NET Core 1.0 and 1.1 will fall out of support on June 27, 2019.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.