Nov 15, 2011

Revenge of the Stuxnet: Microsoft isn’t ready to face off with Duqu

Yes folks, this time last week it was Microsoft’s Patch Tuesday, unfortunately this new patch won’t fully solve the latest of troublesome trojans, Duqu (not to be confused an evil Jedi master).

Duqu is a recent meddling malware that many suspect may have been created by the same person, or persons, who created Stuxnet, arguably the most important malware in history. However, where Stuxnet primarily targeted automation and PLC gear, Duqu acts as a recon drone for future attacks, collecting various information from infected systems. I dare say that I am not alone in assuming that a bigger threat might be out there, lying dormant, awaiting this information only to wreak havoc on PCs worldwide.

In effect, Duqu exploits a vulnerable Windows kernel, allowing hackers to view, change, install or delete data, even create new accounts with full privileges. Security experts were hopping that this latest patch would resolve this vulnerability. Instead, Microsoft issued a “workaround”, a form of “first aid” that enables the patient to return to their day-to-day activities until a proper cure can be discovered and administered. The workaround shuts off access to the DLL file that allows applications to display TrueType fonts. In the meantime, Microsoft is busy working on a permanent means to dealing with Duqu, but so far there is no news when or how we will receive this fix.

On the brighter side, the patch did include four security updates. One of which is only relevant to the more recent versions of Windows (Vista SP2, Win 7) and resolves a vulnerability that, according to Microsoft, “could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system”.

The other updates are rated important (as opposed to ‘critical’), of which one does deserve a mention, as it patches a vulnerability in the Active Directory. This is relevant to almost everyone as it applies to Windows XP SP 3 and up. Microsoft explain that the problem in Active Directory can potentially provide parasites with privileges if “an attacker acquires a revoked certificate that is associated with a valid domain account and then uses that revoked (Active Directory domain) certificate to authenticate to the Active Directory domain.”

Needless to say, all and any Microsoft security updates and patches are instantly implemented in Reimage’s repository and software.

Be aware, this update will require a reboot, and if you’re still working with XP you could do with a cup of coffee.

Read more about the latest Microsoft security patch.

Leave a comment