Exploit could wreck files or alter permissions
Microsoft has confirmed a vulnerability in the Windows kernel that was being used in the Duqu exploit. If used, an attacker could install apps, change data, or create new accounts with full user rights. Microsoft is working on a full fix, and in the meantime, is offering a workaround for download (free, Fix it tool).
Microsoft confirms Duqu exploit in Word files
Microsoft on Tuesday confirmed that a Windows kernel vulnerability does indeed exist in Duqu malware and is working to patch it. The zero-day kernel exploit could allow hackers to remotely execute code in an infected system, CrySys and Symantec found. Duqu can be installed by modified Word documents and can potentially slip by.