Microsoft has shipped an advisory to formally confirm the zero-day vulnerability used in the Duqu malware attack and is offering a temporary “fix-it” workaround to help Windows users block future attacks.
The vulnerability affects the Win32k TrueType font parsing engine and allows hackers to run arbitrary code in kernel mode, Microsoft said in its
security advisory.
The company also confirmed
my earlier report that this vulnerability will NOT be patched as part of this month’s Patch Tuesday bulletins.
The advisory includes a pre-patch workaround that can be applied to any Windows system.
To make it easy for customers to install, Microsoft released a fix-it that will allow one-click installation of the workaround and an easy way for enterprises to deploy. The one-click workaround can be found
at the bottom of this KB article.
Microsoft explained that the Duqu malware exploit targets a problem in one of the T2EMBED.DLL, which called by the TrueType font parsing engine in certain circumstances. The workaround effectively denies access to T2EMBED.DLL, causing the exploit to fail.