14 DAY TRIAL // Microsoft is hard at work to patch a zero-day security vulnerability that was confirmed to play a key role in recent attacks involving the Duqu malicious code.
Believed to be related to Stuxnet, Duqu infects machines by exploiting a previously unknown vulnerability in the Windows kernel.
The new piece of malware was initially discovered by security researchers with the Laboratory of Cryptography and System Security from the Budapest University of Technology and Economics.
CrySyS’ analysis of Duqu also revealed that the malicious code was exploiting a Windows kernel 0-day to compromise machines, although attackers use a combination of techniques, including social engineering, to spread their malware.
A typical attack involves users receiving a malformed Microsoft Office Word document which when opened leads to the exploit of the 0-day Windows kernel hole and the infecting of the PC.
The Redmond company has already been informed of the new 0-day threat affecting Windows users.
In fact, the software giant already confirmed that a patch is in the works. “We are working to address a vulnerability believed to be connected to the Duqu malware,” Microsoft revealed.
No additional details were offered, at least not for the time being. Most importantly, Microsoft has yet to reveal when it plans to ship a security update to patch the new Windows kernel 0-day.
This could be as soon as the next Patch Tuesday, which is scheduled for November 8, 2011, but of course, it all depends on whether the patch will reach a level of quality recommending it for release.
When it comes to 0-day vulnerabilities exploited in attacks in the wild, Microsoft is known to react fast in order to provide an update to users.
It’s not uncommon for out of band patches to be released by the Redmond company if its security researchers come to the conclusion that resolving a security issue is urgent, which generally happens for attacks leveraging 0-day vulnerabilities.