Microsoft said that its looking into a reported zero day vulnerability in Windows that was used by the Duqu malware to spread, but isn’t committing to a patch for the problem in time for this months scheduled update.
“Microsoft is collaborating with our partners to provide protections for a vulnerability used in targeted attempts to infect computers with the Duqu malware,” the company said in a statement attributed to Jerry Bryant of the company’s Trustworthy Computing effort. “We are working diligently to address this issue and will release a security update for customers through our security bulletin process.”
Anti malware firms have been tracking Duqu – an apparent variant of the Stuxnet worm – since mid October, after it was discovered by the CrySyS Lab at the Budapest University of Technology and Economics. However, it wasn’t until last week that researchers analyzing the malware discovered that an installer program for the Trojan horse malware includes an exploit for a previously unknown vulnerability in the Windows kernel. The vulnerability allows remote code execution on vulnerable systems.
Symantec researchers found that the installer uses the zero day to gain a foothold in an organization. The attackers then command it to spread to other computers on the infected network.
Analysis by Kaspersky Lab researchers has found that the malware has shown up on servers in Iran and Sudan, as well as India, where authorities confiscated Duqu-infected systems last week.