Duqu Installer Contained Microsoft Word Zero-Day Exploit

Thursday, November 03, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

 

Earlier this week Symantec released an update on Duqu. Apparently an installer was found for Duqu (dubbed Stuxnet II) that used a Microsoft Zero-day:

“The installer file is a Microsoft Word document (.doc) that exploits a previously unknown kernel vulnerability that allows code execution. We contacted Microsoft regarding the vulnerability and they’re working diligently towards issuing a patch and advisory. When the file is opened, malicious code executes and installs the main Duqu binaries.”

/uploads/remoteimg/939cd42fa985752c37452200d17f7a36.jpg

So far Duqu infections have been confirmed in six organizations in eight countries. The locations include France, India, Iran and Sudan.

In a short release on Tuesday, Microsoft stated that they know of the threat and are working on getting it patched, “We are working diligently to address this issue and will release a security update for customers.”

Source:  http://cyberarms.wordpress.com/2011/11/03/duqu-installer-contained-microsoft-word-zero-day-exploit/

Possibly Related Articles:
15199
Viruses & Malware
Microsoft Zero Day malware Windows Stuxnet Exploits Headlines DUQU
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.