Symantec documents sophisticated Doqu trojan that utilised previously unknown TrueType vulnerability

Microsoft issues fix for critical Windows flaw

Microsoft issued an advisory for a critical flaw in Windows which is exploited by the Duqu trojan.

The vulnerability lies in Windows’ TrueType font-parsing engine and affects all versions of Windows from XP to Windows 7. Attackers exploiting the flaw can gain complete control over Windows systems.

"We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware," said Microsoft.

The Duqu malware has been described as a Stuxnet-like trojan, originally uncovered by Hungarian security researchers CrySyS. The trojan embeds in Microsoft Word documents and exploits the previously unknown kernel vulnerability which we now know is based in the TrueType engine.

Symantec documented Duqu and provided a diagram which shows the sophisticated manner in which Duqu gains access to a PC system from an infected Word document. Symantec went on to notify Microsoft and work with an ISP in Belgium that hosted one of the command and control servers for Duqu.

Microsoft released an interim ‘Fix It‘ but indicated that the firm will not roll out a patch before the next Patch Tuesday update.

Check Also

Tiger launches Zoom Phone integration with advanced UC analytics and historic data retention features

A Zoom Phone module aimed at the hybrid remote workforce released by Tiger offers an …