Duqu exploited at least one zero-day vulnerability: Researchers

02 Nov 2011

1

According to security researchers the Duqu Trojan, discovered two weeks ago, exploited at least one zero-day vulnerability in Microsoft Windows.

A booby-trapped word document triggered the vulnerability, a post by researchers from Hungary's Laboratory of Cryptography and System Security said on 1 November.

Microsoft Trustworthy Computing group's Jerry Bryant said in a statement that Microsoft was working to address the issue and would release a security update. However, no timeline had been suggested for the fix.

"As a result of our investigation, we identified a dropper file with an MS 0-day kernel exploit inside," the CrySyS researchers wrote.

Besides remaining vigilant and not lowering guard, there were no workarounds at present that users could follow to prevent a Duqu attack which included not opening suspicious files attached to emails.

The possibility of Duqu having exploited other vulnerabilities or used other attack vectors to spread is being investigated by researchers.

Business History Videos

History of hovercraft Part 3...

Today I shall talk a bit more about the military plans for ...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of hovercraft Part 2...

In this episode of our history of hovercraft, we shall exam...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of Hovercraft Part 1...

If you’ve been a James Bond movie fan, you may recall seein...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of Trams in India | ...

The video I am presenting to you is based on a script writt...

By Aniket Gupta | Presenter: Sheetal Gaikwad

view more