No Patch for Critical Duqu 0-Day Vulnerability in Windows Next Week

[jamescv7]

Microsoft plans to release four security bulletins next week as a part of its monthly patch cycle, but an update designed to fix the critical zero-day vulnerability exploited by the Duqu malware won’t be among them.

Jerry Bryant, group manager, Response Communications Trustworthy Computing Group, confirmed this detail officially, while stressing that the software giant is indeed hard at work on a patch.

Bryant notes that the level of risk to which customers running Windows are exposed because of the Duqu malware attacks is low.

“Our engineering teams determined the root cause of this vulnerability, and we are working to produce a high-quality security update to address it. At this time, we plan to release the security update through our security bulletin process, although it will not be ready for this month’s bulletin release,” Bryant said.

For the time being, attackers are spreading Duqu through social engineering tactics designed to convince unsuspecting users to open malformed Word documents served as email attachments.

Read More

 

[WinAndLinuxTutorials]

I think we have to punch Bill Gates so he will cry and release the fix

 

[McLovin]

Maybe not punch him, but we might have to write him a very juicy email to release it.

 

[Deleted member 178]

he dont want release a fix because he created the evil (Count) Duqu you must relies on the Jedis

 

[WinAndLinuxTutorials]

Or let's get a program that controls him and we will use that program to make him release the fix

 

[moonshine]

That's just disappointing. Although I have expected from the start that this is gonna happen sooner.

 

[Ink]

1. Don't open unknown email attachments.
2. Your AV should detect it. (?)

 

[moonshine]

Thumbs up to that Earth.

 

[Hungry Man]

Patches are nice but not a big deal. We live in a world where we can't rely on them nor should we try.

 

[moonshine]

Patches usually comes in too late enough that most users are already compromised.

 

[jamescv7]

Well since there is no patch for next week, then they must take precautionary measures and likely said by Earth that's exactly needed.

 

[WinAndLinuxTutorials]

Patches usually comes in too late enough that most users are already compromised.

I 100% agree with you.

 

[PenTester]

Duqu is spotted as "Stars" spyware that attacked Iran's Nuclear programs in april 2011. Kaspersky updated software that will detect Duqu Trojan.

Malware Report

 

[Deleted member 178]

i thought it was stuxnet, btw they are almost same.

 

[PenTester]

Crysys Lab developed Duqu detection tool.

Download it from here:
http://www.crysys.hu/duqudetector-files/files/duqudetector-v1_01.zip

Manual:
http://www.crysys.hu/duqudetector-files/files/manual-v1_01.txt

 

[moonshine]

Might take a look at this, Thanks PenTester.