Microsoft Released Emergency Patch Fix To Block Duqu Zero-Day exploit
Microsoft released emergency patch to fix the newly found zero-day exploit in windows kernel. The attack, discovered by Hungarian researchers, exploits a vulnerability in Windows' TrueType font engine. A full fix for the problem is still pending, and will not be part of Microsoft's "Patch Tuesday" fixes for November. In the company's security advisory Microsoft said that attackers exploiting the TrueType vulnerability—which Duqu exploited through a Microsoft Word document—could gain access to the Windows kernel and run shell code. "The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," Microsoft's statement said.
As a temporary workaround, Microsoft recommends shutting off access to T2EMBED.DLL, the dynamic link library that allows applications to display TrueType fonts. While the fix will prevent attacks, it also means that fonts won't display properly in applications. But Microsoft's security team sees the threat from Duqu as limited, stating that "overall, we see low customer impact at this time."
As a temporary workaround, Microsoft recommends shutting off access to T2EMBED.DLL, the dynamic link library that allows applications to display TrueType fonts. While the fix will prevent attacks, it also means that fonts won't display properly in applications. But Microsoft's security team sees the threat from Duqu as limited, stating that "overall, we see low customer impact at this time."
- To know about the Microsoft Security Bulletin Advance Notification for November 2011 click Here
- To download the emergency patch released by Microsoft click Here