New Poll: In the coming 12 months, what is your deployment plan or status with IPv6?

Duqu Mitigation

Published: 2011-11-04
Last Updated: 2011-11-04 09:48:14 UTC
by Guy Bruneau (Version: 1)
9 comment(s)

There has been a lot of information published on Duqu over the past few days and it is likely exploiting a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. Until a patch as been release to fix this vulnerability, the vulnerability cannot be exploited automatically via email unless the user open an attachment sent in an email message. The Microsoft advisory is posted here. US-CERT also posted a critical alert here and Symantec a whitepaper on the subject here.

[1] http://technet.microsoft.com/en-us/security/advisory/2639658
[2] http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf
[3] http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Keywords: Duqu Malware TrueType
9 comment(s)
ISC StormCast for Friday, November 4th 2011 http://isc.sans.edu/podcastdetail.html?id=2110

Comments


Diary Archives