updated 04:45 pm EDT, Fri November 4, 2011
Exploit could wreck files or alter permissions
Microsoft has confirmed a vulnerability in the Windows kernel that was being used in the Duqu exploit. If used, an attacker could install apps, change data, or create new accounts with full user rights. Microsoft is working on a full fix, and in the meantime, is offering a workaround for download (free, Fix it tool).
The threat takes advantage of a vulnerability in Microsoft Windows' Win32k TrueType font parsing engine, and lets a hacker run arbitrary code in kernel mode, the deepest level of access.
The workaround does have possible negative side effects. It could prevent apps that rely on embedded True Type fonts, such as Office documents, browsers and document viewers, from rendering text properly.
Although the threat is real, and there have been instances of computers being exploited, Microsoft said there was "low customer impact at this time." The malware is usually spread through e-mail attachments, but cannot be exploited automatically through the e-mail itself. For an attack to be successful, a user has to open an infected attachment.
Microsoft has not said when a full fix would be available. It could come as soon as next Tuesday with its regular update schedule. It could wait until next month, or it could make it available sooner through a special update. The Windows developer often puts out updates if it believes there's a major threat from a zero-day exploit. [via Sophos]