Microsoft issued a temporary fix this evening for a previously unknown critical Windows vulnerability being exploited by the Duqu Trojan to infect systems.
The software giant said in an advisory issued late tonight that a flaw in the Win32k TrueType font-parsing engine affected every version of Windows from XP through Windows 7. The vulnerability is related to the spread of the Duqu malware, a Stuxnet-like Trojan infecting computers via a Word document.
“An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode,” the advisory warned. “The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Detailed information on how to build detection into security software has been shared with partner companies, which will soon issue software updates to combat the issue, Jerry Bryant, group manager of Microsoft’s Response Communications and Trustworthy Computing groups,said in a blog post .
“This means that within hours, anti-malware firms will roll out new signatures that detect and block attempts to exploit this vulnerability,” he wrote. “Therefore, we encourage customers to ensure their antivirus software is up-to-date.”
The Word document containing the Duqu installer was created to target a specific organization and to only install during an eight-day window in August, Symantec said. It’s unclear how widespread Duqu is. Symantec has traced infections within six organizations in eight countries: France, Netherlands, Switzerland, Ukraine, India, Iran, Sudan and Vietnam.