New zero-day Windows kernel vulnerability associated with Duqu Trojan

Status
Not open for further replies.
I

illumination

Thread author
Another component of the Duqu malware was acquired by CrySyS and shared with security researchers. This newest component exploits a zero-day vulnerability in the Microsoft Windows kernel...
Read More
 
imsoadude

imsoadude

Level 3
Verified
Feb 21, 2011
838
Not good for Microsoft, i wonder if they are going to release some kind of security fix for this.
 
AyeAyeCaptain

AyeAyeCaptain

Level 1
Feb 24, 2011
585
Microsoft will fix this as soon as possible, as far as I'm aware they've not left anything that has been exposed/ found out in the open long enough (unless someone can link me to the source of such thing). It really is a never ending battle when it comes to this kind of thing it's like Star Wars with the battle of Jedi VS Sith. :p
 
Hungry Man

Hungry Man

New Member
Jul 21, 2011
669
Yes it is a never ending battle. I won't be surprised when this gets patched and a new Duqu comes out with a new vuln.
 
moonshine

moonshine

Level 7
Verified
Apr 19, 2011
1,264
The Never Ending Battle of Vulnerabilities vs. Security Updates. I love it! :p
 
bogdan

bogdan

Level 1
Jan 7, 2011
1,362
There is a Microsoft Security Advisory describing the vulnerability used by DUQU (LINK) and a Fix, in the form of a Fix-It button (LINK). When you run the Enable fix it solution, the workaround denies the system access to the T2embed.dll. One thing to consider is that other malware authors might try to use this vulnerability in the near future hoping that Windows users failed to apply the fix.
 
I

illumination

Thread author
bogdan said:
There is a Microsoft Security Advisory describing the vulnerability used by DUQU (LINK) and a Fix, in the form of a Fix-It button (LINK). When you run the Enable fix it solution, the workaround denies the system access to the T2embed.dll. One thing to consider is that other malware authors might try to use this vulnerability in the near future hoping that Windows users failed to apply the fix.
Click to expand...

Thank you for posting this Bogdan! I had just read about the fix earlier, and was going to post it in here, but you were already on it! :D The last sentence in your post, is very accurate, and very well advised!
 
moonshine

moonshine

Level 7
Verified
Apr 19, 2011
1,264
I'm just hoping that Microsoft will release a security update for this vulnerability this month. I'd rather use Windows Update than run Fix-It.
 
Status
Not open for further replies.

Similar threads

Gandalf_The_Grey
    • Like
    • Wow
    • +Reputation
Security News Windows driver zero-day exploited by Lazarus hackers to install rootkit (patched August 2024)
Replies
0
Views
1,580
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
Security News New Windows Themes zero-day gets free, unofficial patches
Replies
0
Views
799
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
    • Applause
New Update Google fixed two actively exploited Android zero-day flaws as part of its November security updates
Replies
0
Views
123
Android & WearOS
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top