http://www.networkworld.com/news/2011/110311-microsoft-duqu-252736.html By Julie Bort Network World November 03, 2011 The big zero-day exploit on everyone's mind is Duqu, or "son of Stuxnet" - but researchers don't expect Microsoft to include a patch for it in next week's Patch Tuesday. Instead, a manual fix could be out as soon as this week. "While many dispute the threat imposed by this bug, no one disputes the risk of the Day Zero Vulnerability in Microsoft software that it takes advantage of. The vulnerability is exploited through a malicious Word document - when the user opens the document, a Zero Day Kernel Vulnerability is taken advantage of to execute malicious code. Microsoft did not issue a patch this cycle but an advisory will likely be released today or tomorrow with a link to a 'Fix It' hot fix. This means that user intervention will be required, as a hot fix cannot be pushed out to the entire network," says Paul Henry, security and forensic analyst for patch vendor Lumension. Duqu is worrisome because it installs a keystroke logger and then can replicate itself, even across secure networks, using the passwords obtained. It communicates with other servers across the Internet, giving hackers access. The malware will remove itself after 30 days. The Microsoft Security team has been mostly mum on Duqu, with the exception of acknowledging the threat in a tweet Tuesday that simply said, "We are working to address a vulnerability believed to be connected to the Duqu malware." [...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Thu Nov 03 2011 - 23:43:58 PDT
This archive was generated by hypermail 2.2.0 : Thu Nov 03 2011 - 23:46:55 PDT