Microsoft plans to release four security bulletins next week as a part of its monthly patch cycle, but an update designed to fix the critical zero-day vulnerability exploited by the Duqu malware won’t be among them.
Jerry Bryant, group manager, Response Communications Trustworthy Computing Group, confirmed this detail officially, while stressing that the software giant is indeed hard at work on a patch.
Bryant notes that the level of risk to which customers running Windows are exposed because of the Duqu malware attacks is low.
“Our engineering teams determined the root cause of this vulnerability, and we are working to produce a high-quality security update to address it. At this time, we plan to release the security update through our security bulletin process, although it will not be ready for this month’s bulletin release,” Bryant said.
For the time being, attackers are spreading Duqu through social engineering tactics designed to convince unsuspecting users to open malformed Word documents served as email attachments.
As a precaution, customers should never launch attachments in messages from sources they don’t trust.
Once the Word document is opened, Duqu exploits the unpatched vulnerability in the Win32k TrueType font parsing engine allowing an attacker to remotely execute code in kernel mode.
Since the patch for the Duqu related 0-day Windows kernel flaw won’t be included in the security bulletins that Microsoft plans to ship on November 8, 2011, most likely, the company will issue an out-of-band update later this month.
“As we do each month, we're providing advance notification on the release of four security bulletins, one Critical, two Important, and one Moderate, to address four CVEs in Windows. As usual, the bulletin release is scheduled for the second Tuesday of the month, Nov. 8, at approximately 10 a.m. PT,” said Pete Voss, Sr. Response Communications Manager Microsoft Trustworthy Computing.
Customers running Windows 7 SP1 will need to deploy all four security updates, including a Critical patch.
0 comments:
Post a Comment