Microsoft issued an advisory for a critical flaw in Windows which is exploited by the Duqu trojan.
The vulnerability lies in Windows' TrueType font-parsing engine and affects all versions of Windows from XP to Windows 7. Attackers exploiting the flaw can gain complete control over Windows systems.
"We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware," said Microsoft.
The Duqu malware has been described as a Stuxnet-like trojan, originally uncovered by Hungarian security researchers CrySyS. The trojan embeds in Microsoft Word documents and exploits the previously unknown kernel vulnerability which we now know is based in the TrueType engine.
Symantec documented Duqu and provided a diagram which shows the sophisticated manner in which Duqu gains access to a PC system from an infected Word document. Symantec went on to notify Microsoft and work with an ISP in Belgium that hosted one of the command and control servers for Duqu.
Microsoft released an interim 'Fix It' but indicated that the firm will not roll out a patch before the next Patch Tuesday update.
Advertisement
Related Stories
- The Pope loves Microsoft. Fact. May 25th 2012 at 4:13PM
- Daily deals websites get the Apprentice treatment May 23rd 2012 at 9:58PM
- Google Chrome takes most popular browser crown from IE May 22nd 2012 at 1:33PM
- Have your say: Does your business listen to complaints on Twitter? May 21st 2012 at 10:56AM
- Google introduces Knowledge Graph for more intelligent search May 17th 2012 at 10:55AM
- Twitter reaches 10-million user milestone in the UK May 16th 2012 at 2:33PM
- Windows 8 RT draws antitrust attention May 14th 2012 at 10:59PM
- Windows 8 Pro upgrade may cost $14.99 May 14th 2012 at 10:46PM
- Microsoft to charge for Windows 8 upgrades? May 13th 2012 at 11:01PM
- Mozilla, Google blast Windows RT browser restrictions May 11th 2012 at 3:47AM
