Duqu Installer Contained Microsoft Word Zero-Day Exploit

Thursday, November 03, 2011




Earlier this week Symantec released an update on Duqu. Apparently an installer was found for Duqu (dubbed Stuxnet II) that used a Microsoft Zero-day:

“The installer file is a Microsoft Word document (.doc) that exploits a previously unknown kernel vulnerability that allows code execution. We contacted Microsoft regarding the vulnerability and they’re working diligently towards issuing a patch and advisory. When the file is opened, malicious code executes and installs the main Duqu binaries.”


So far Duqu infections have been confirmed in six organizations in eight countries. The locations include France, India, Iran and Sudan.

In a short release on Tuesday, Microsoft stated that they know of the threat and are working on getting it patched, “We are working diligently to address this issue and will release a security update for customers.”

Source:  http://cyberarms.wordpress.com/2011/11/03/duqu-installer-contained-microsoft-word-zero-day-exploit/

Possibly Related Articles:
Viruses & Malware
Microsoft Zero Day malware Windows Stuxnet Exploits Headlines DUQU
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.