News

Microsoft Releases Temporary Workaround for Duqu Zero-Day Kernel Issue

Microsoft today released a workaround, documented in Security Advisory 2639658, that will prevent the Duqu malware from entering a targeted system through a Windows kernel issue.

While Microsoft has yet to release a proper patch for this issue, it has outlined that users can deny the malware access to the t2embed.dll library file by deploying the workaround. According to Microsoft, this temporary measure should stop an attacker from remotely accessing a computer through a recently discovered zero-day Windows kernel exploit.

Microsoft has packaged the workaround in a one-click fix that will automatically update the Windows kernel with a few lines of code to stop unauthorized access.

Finally, the advisory stated that Microsoft has released relevant information about the vulnerability to various security software firms.

"To further protect customers, we provided our partners in the Microsoft Active Protections Program (MAPP) detailed information on how to build detection for their security products," wrote Jerry Bryant, group manager for Microsoft's Trustworthy Computing Group, in a blog post. "This means that within hours, anti-malware firms will roll out new signatures that detect and block attempts to exploit this vulnerability. Therefore we encourage customers to ensure their antivirus software is up-to-date."

Microsoft acknowledged the zero-day issue on Tuesday, but Bryant said that a permanent fix will not be available in time for next week's Patch Tuesday. Left unaddressed, the flaw could lead to unauthorized remote access to a system.

"The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," Microsoft explained.

 

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Nabs IoT Platform Provider Express Logic

    As part of its plan to invest $5 billion in IoT technologies, Microsoft this week acquired Express Logic, which provides real-time operating systems for industrial embedded and IoT devices.

  • Dealing with Broken Dependencies in SCVMM

    Brien shows you how to resolve some broken, template-related dependencies in Microsoft's System Center Virtual Machine Manager.

  • AzCopy Preview Adds AWS S3 Data Transfer Improvements

    Microsoft announced this week that it has improved the preview version of its AzCopy tool to better handle Amazon Web Services (AWS) S3 data.

  • Microsoft Adding Google G Suite Migration in Exchange Admin Center

    Microsoft's Exchange Admin Center will be getting the ability to move Google G Suite calendar, contacts and e-mail data over to the Office 365 service "in the coming weeks."

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.