updated 05:15 pm EDT, Tue November 1, 2011
Microsoft confirms Duqu exploit in Word files
Microsoft on Tuesday confirmed that a Windows kernel vulnerability does indeed exist in Duqu malware and is working to patch it. The zero-day kernel exploit could allow hackers to remotely execute code in an infected system, CrySys and Symantec found. Duqu can be installed by modified Word documents and can potentially slip by.
Once opened, the malicious code is executed and installs the main Duqu program. The hackers can then spread Duqu to other computers on the network. Most security programs can detect and block Duqu, although Symantec revealed at least six unnamed organizations in several countries have already received the malware.
A full security bulletin from Microsoft that addresses the issue is expected to come very soon, although it's unclear how soon a patch will follow. [via WinRumors]