November 03, 2011, 4:31 PM — The big zero-day exploit on everyone's mind is Duqu, or "son of Stuxnet" - but researchers don't expect Microsoft to include a patch for it in next week's Patch Tuesday. Instead, a manual fix could be out as soon as this week.
CHART: Duqu Malware Exploits Windows Zero-Day Kernel Bug, Attacks Via Word Document
"While many dispute the threat imposed by this bug, no one disputes the risk of the Day Zero Vulnerability in Microsoft software that it takes advantage of. The vulnerability is exploited through a malicious Word document - when the user opens the document, a Zero Day Kernel Vulnerability is taken advantage of to execute malicious code. Microsoft did not issue a patch this cycle but an advisory will likely be released today or tomorrow with a link to a 'Fix It' hot fix. This means that user intervention will be required, as a hot fix cannot be pushed out to the entire network," says Paul Henry, security and forensic analyst for patch vendor Lumension.
Duqu is worrisome because it installs a keystroke logger and then can replicate itself, even across secure networks, using the passwords obtained. It communicates with other servers across the Internet, giving hackers access. The malware will remove itself after 30 days.
The Microsoft Security team has been mostly mum on Duqu, with the exception of acknowledging the threat in a tweet Tuesday that simply said, "We are working to address a vulnerability believed to be connected to the Duqu malware."
So far it has issued no advisory. At least some of the security team have been aware of the threat for a while. On Oct. 18, Terry Zink, a program manager for Microsoft Forefront Online Security, blogged about Duqu and its possible relationship to Stuxnet.
If not Duqu, Microsoft will be fixing other issues with Windows in Tuesday's crop of fixes, with four patches total, one critical, two important and one moderate. The critical patch affects all versions of Windows, client and server, including Windows Server (even Server Core).
Read more about wide area network in Network World's Wide Area Network section.
