You probably remember the Stuxnet worm which infected tens of thousands IP addresses in Iran last year. It also infected other countries such as Pakistan, India and Indonesia, but the state of Iran has suffered the most because the countries nuclear capabilities were damaged.
Well, several weeks ago the multi-vector network attack called Duku drawn the attention because it was very similar to the Stuxnet worm. Because the code of Duqu resembled so much with the one of Stuxnet a lot of security software classified it as being Stuxnet. Stuxnet used four zero-day exploits which made it very powerful at that time, though they became old and inoffensive now. The problem was that Duqu had its own zero-day exploit. Duqu can be very powerful to Windows-based systems because even if it progressed a lot in the past few years, it still has its flaws.
Fortunately, Microsoft announced a temporary fix in all versions of Windows keep Duqu from infected the computer like Stuxnet did. The Microsoft officials stated that this fix is very important and needed to be done in time because if the problem went unfixed, the affected computers will be attacked. In other words, those who are using Duku could get inside and take control of any computer (that uses Windows) that is not protected.
The researchers from CrySyS identified an installer of the computer worm and they were surprised to find out that it exploited a Windows vulnerability that was unknown to them until now. The problem was found in the Win32k TrueType font parsing engine, which is a component of all Windows versions including Windows 7 and Windows Server 2008. The researchers discovered that the exploit can be distributed by a vicious MS Word document. The attacker choose his target sends the document using the email service and when the receiver opens the doc the attack is launched.
Microsoft has found a quick fix which is available for download and can be applied. But this is just a temporarily solution as a permanent one will be found in the patches that the software giant is releasing on a regular basis. Duqu is a critical Windows flaw that appeared at the beginning of September for the first time. Symantec, one of the most important computer security developer, explained that even Duqu is meant for a distinct purpose, it is very similar to Stuxnet.
While Stuxnet was meant for narrower targets like those designed to manage critical infrastructure in establishments such as the nuclear reactor in Iran, it seems that Duqu has been created to attack the whole population that has computers with Windows as the operating system and that connects to the internet.
The workarounds of Microsoft consist of several lines of code that can be run at an administrative command prompt. Microsoft stated that the users who install the workarounds might have problems with some programs which rely on embedded font technology. Further, the workarounds can be applied to Windows XP, Windows Vista and Windows 7 as to other Windows Server products.
The Microsoft advisory warned the Windows-based computers owners that an attacker that exploits the present vulnerability has the possibility to run arbitrary code in kernel mode. Also, the same attacker could mess with your system by installing various programs, view and delete your files, or create brand new accounts on which he would have full user rights.
Even if Microsoft promises to fix the problem related to the Duku multi-vector network attack, it seems like they can’t do it in time. Some say that it could take weeks. Costin Raiu who is director at the Kaspersky Lab company said that in order to fix the problem the guys at Microsoft have to modify the kernel code which is nothing easy. Also, testing the patches after they’ve been modified could take a while.
0 comments:
Post a Comment