Posted by Solutions Center on Fri, Nov 04, 2011
Microsoft announced a release to fix an issue surrounding the recently discovered malware vulnerability in the wild. This fix is a temporary release to address the problem while Microsoft has time to create a patch and release during a patch cycle. The next patch release is Tuesday and they will probably not have enough time to build a patch for this release. The advisory can be found here, which also lists where to go to apply the fix until a patch is released.
The vulnerability affects the Win32k TrueTypefont parsing agent, which when passed a specially crafted document can allow an attacker kernel level access to an affected computer. This also affects all versions of Windows from XP through Windows 7. Microsoft has release information to security firms on how to detect attempts to exploit the security flaw. The first malware discovered to be using this flaw was the Duqu virus.
The Duqu virus is a very specific program that appears to have been targeted at a single company and the installer was said to have had an 8 day install window. This program was distributed via a word document and is said to affect a small amount of companies in about 8 countries. While this specific instance should not be a concern to most users the fact that this exploit is in the wild and proven is something to be concerned with.
Again the most important thing to remember with all reports such as this, make sure you Anti-Virus programs and operating systems are always up to date. I can’t stress enough the importance of making sure updates are done regularly. This shows that within hours of confirming the exploit Microsoft had released information not only on how to close the hole temporarily but had also released to the makers of security software the means to identify valid infections that use this exploit.
