Microsoft issues short-term fix against Duqu's zero-day kernel attack
- By 1105 Media Staff
- Nov 07, 2011
Microsoft has released a temporary fix for the Duqu malware that prevents it from enterijng a system via the Windows kernel. The workaround is documented in the company's Security Advisory 2639658.
Although Microsoft has yet to release a proper patch for this issue, it has outlined that users can deny the malware access to the t2embed.dll library file by deploying the workaround. According to Microsoft, this temporary measure should stop an attacker from remotely accessing a computer through a recently discovered zero-day Windows kernel exploit.
Microsoft has packaged the workaround in a one-click fix that will automatically update the Windows kernel with a few lines of code to stop unauthorized access.
Finally, the advisory stated that Microsoft has released relevant information about the vulnerability to various security software firms.
"To further protect customers, we provided our partners in the Microsoft Active Protections Program (MAPP) detailed information on how to build detection for their security products," wrote Jerry Bryant, group manager for Microsoft's Trustworthy Computing Group, in a blog post. "This means that within hours, anti-malware firms will roll out new signatures that detect and block attempts to exploit this vulnerability. Therefore we encourage customers to ensure their antivirus software is up-to-date."
Microsoft acknowledged the zero-day issue on Tuesday, but Bryant said that a permanent fix will not be available in time for this week's Patch Tuesday. Left unaddressed, the flaw could lead to unauthorized remote access to a system.
"The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," Microsoft explained.