Microsoft have released a security advisory against ¬a vulnerability that was discovered last week which deployed the Duqu malware through an infected Word document.
The infected Word document was discovered by security researchers in Hungary who were able to show that a zero-day exploit was used to install the software with elevated user privileges. Since the discovery, Microsoft have confirmed that the bug affects the Win32k TrueType font parser, which is present on every version of Windows since Windows XP Service Pack 3. It had previously been thought the issue did not affect Windows 7 systems, but both standard Windows 7 and Service Pack 1 installations are vulnerable, along with all variants except Server Core installations of Windows Server 2008 R2, according to Microsoft’s security bulletin.
Windows users and deployment managers concerned about the vulnerability can deploy a one-click fix it file which patches the vulnerability until a security update release is made, which will likely be the cycle after next according to Microsoft’s Security Response Center.
“Our engineering teams determined the root cause of this vulnerability, and we are working to produce a high-quality security update to address it” wrote Jerry Bryant, the Center’s Group Manager. “At this time, we plan to release the security update through our security bulletin process, although it will not be ready for this month’s bulletin release.”
“We are able to closely monitor the threat landscape and will notify customers if we see any indication of increased risk”