Microsoft fends off Duqu worm with temporary fix
SUBNET Solutions Inc | Tuesday, November 08, 2011
In an effort to protect against the Duqu worm, a recently discovered malware that has properties resemblant of those seen in the extremely harmful Stuxnet worm, Microsoft has successfully issued a temporary fix that is holding strong, Tech News World reports.
According to the news source, the fix was issued on Friday, November 4, and decreases the vulnerability of Microsoft Word to the virus. The flaw was discovered in TrueType font parsing, and allowed a hacker to run arbitrary code in kernel mode enabling them to install programs, change or delete data or create new accounts.
Microsoft stated that it has identified the attacks that have attempted to take advantage of the vulnerability, but there has not been a significant impact on Microsoft users.
"It's important to note that the associated risk is minimal for the public," Jerry Bryant, group manager of response communications at Microsoft Trustworthy Computing, told the media outlet.
The distributed patch effectively controls the vulnerability found in Microsoft Word, but the Duqu worm can still attack a user's system until their security software has been updated.
"The zero-day vulnerability being discussed in connection to Duqu is not actually in the Duqu malware; it's part of an installer application that was used to install the malware in at least one instance that Symantec is aware of," Kevin Haley, director of Symantec Security Response, told Tech News World.
According to Daily Tech, the malware rides in ostensibly real Microsoft Word documents, infecting a user's address book and sending infected documents to all contacts. The threat has been listed as "severe" by Microsoft.
The company's QuickFix tool has allowed users to stave off Word-driven infections, and can be downloaded easily from the Microsoft website. Working closely with Symentec, the largest security firm in the world, the threat's variants have been identified by the company, which has published a report on the Stuxnet-like virus.
Stuxnet is regarded as the first and only cybersuperweapon ever used, and demonstrated the absolute necessity for cybersecurity. According to National Public Radio, the worm was secretly launched in 2009, with the hopes of damaging centrifuges in an Iranian uranium enrichment plant. The weapon had the capability to render such a structure as ineffective as the effects of a physical bomb.
The danger of malware highlights the importance of cybersecurity in America's critical infrastructure, including the electric grid, and has given rise to a number of new regulations and standards to ensure a safe cyber network.
Substation Cyber Security