Microsoft released a workaround to block a Windows kernel vulnerability recently found to be exploited by the installer for the Duqu virus, a Stuxnet-like worm discovered in October. The attack,discovered by Hungarian researchers, exploits a vulnerability in Windows’ TrueType font engine. A full fix for the problem is still pending, and will not be part of Microsoft’s “Patch Tuesday” fixes for November.
In the company’s security advisory Microsoft said that attackers exploiting the TrueType vulnerability—which Duqu exploited through a Microsoft Word document—could gain access to the Windows kernel and run shell code. “The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft’s statement said.
As a temporary workaround, Microsoft recommends shutting off access to T2EMBED.DLL, the dynamic link library that allows applications to display TrueType fonts. While the fix will prevent attacks, it also means that fonts won’t display properly in applications. But Microsoft’s security team sees the threat from Duqu as limited, stating that “overall, we see low customer impact at this time.” Microsoft Support has posted a “quick fix” app here.
The fix comes ahead of next week’s Patch Tuesday security fixes, for which Microsoft announced some of the details yesterday. Microsoft will ship four security fixes, only one of which is rated as “critical.” While Microsoft’s security team did not give details on the vulnerabilities addressed, the critical fix applies only the company’s more recent operating systems—Windows Vista, Windows 7, and Windows Server 2008.