We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Microsoft Leaves Duqu Worm Exploit Unpatched

The main concern is that the zero day flaw exploited by the Duqu worm is not addressed by any of them.

Today is Microsoft’s Patch Tuesday for the month of November--the eleventh Patch Tuesday of 2011. It is a light month from Microsoft, with only four security bulletins. The big news, though, is that a zero day flaw being exploited by the Duqu worm is not among the vulnerabilities fixed by Microsoft today.

The addition of four security bulletins this month brings the total for the year so far to 86. Of the four security bulletins, one is rated as Critical, two are Important, and one is ranked as a Moderate threat.

The biggest concern this month--aside from the unpatched Duqu zero day--is MS11-083. It is rated as Critical because a successful exploit could allow an attacker to assume complete control of the vulnerable system. The immediate threat, though, is reduced by the level of technical difficulty in successfully exploiting the flaw.

Joshua Talbot, Security Intelligence Manager for Symantec Security Response, explains, "We estimate an attack attempting to leverage it would take a considerable amount of time; perhaps 4 to 5 hours to complete a single attack. However, if an attacker can pull it off the result would be a complete system crash or compromise if the attacker develops a reliable means of exploitation."

Andrew Storms, Director of Security Operations for nCircle, has a slightly different take on Microsoft's Patch Tuesday. Storms feels that the most interesting of the security bulletins is MS11-084--the one rated merely Moderate.

Storms says, "The interesting thing about this bulletin is that it appears to have a lot in common with the Duqu advisory Microsoft released last week. I wonder if we are seeing the beginning of a new malware trend focused on kernel and font parsing bugs."

Then, there's the Duqu worm itself. Microsoft's most recent Security Intelligence Report illustrates that zero day flaws are more hype than threat in the real world. But, when a zero day flaw is exploited by malware there is obviously cause for concern.

Symantec's Talbot stresses that the Duqu zero day is still a concern. "Microsoft recently published a security advisory as well as a temporary fix and is currently investigating the vulnerability."

Most antimalware products are capable of detecting and blocking Duqu at this point, so keeping your security software updated should suffice. Security experts reiterate, however, that users should always exercise cautions when opening any email file attachments, or clicking on any unknown URLs in emails.

Microsoft is working diligently to resolve the issue. Expect an out-of-band patch in the next couple weeks to address the zero day flaw targeted by the Duqu worm.

IDG UK Sites

Best January sales 2015 UK tech deals LIVE: Best New Year bargains and savings on phones, tablets,...

IDG UK Sites

Chromebooks: ready for the prime time (but not for everybody)

IDG UK Sites

Best Photoshop Tutorials 2014: 10 inspiring step-by-step guides to creating amazing art,...

IDG UK Sites

Apple TV expert tips: get US Apple TV content, watch Google Play, use multiple Apple IDs and more