Patch for Vulnerability Used by the Duqu Delay

Microsoft released 4 patches in its security bulletin, but they weren’t able to repair the Windows kernel vulnerability (CVE-2011-3402) that is being exploited by Duqu. MS has recommended some security software which can defend against Duqu. Altogether 22 vendors, including Antiy Labs, were recommended. It is the first time that Microsoft recommended security software to defend against a virus.

It is reported that MS released an alert on CVE-2011-3402 last week, and informed its MAPP partners of the need to update their security software for vulnerability protection. Moreover, Microsoft released a temporary patch. It can disable certain system functions to shield against the vulnerability. Users can download it from Microsoft’s official website.

It is worth noting that Microsoft launched the “Pilot of the MAPP Initiative”, i.e. recommending security products on its official website. There are 2 types of products, those “responding in 48 hours” and those “responding in 96 hours”, while Antiy Labs is among those who can respond within 48 hours.

It is said that Duqu (also named Stuxnet variant II) exploits office documents such as Word documents as the carrier. If users open the documents, Duqu is able to exploit the kernel vulnerability and execute with the highest privilege. It can then install spyware on the system and steal private data.

The Microsoft security bulletin claimed that the 4 patches released in February could repair several Windows system and software vulnerabilities. When Windows users install these patches, those vulnerabilities won’t be exploited. Microsoft’s Security Response Center started the repair progress for the Windows kernel vulnerabilities last week, but a precise release time for the official patch was not given.

Since office documents are widely used and the Duqu vulnerability hasn’t been completely repaired, security experts recommend users download vulnerability-protection security software to prevent Duqu or other Trojans from spreading via office documents.

Appendix

The list of security vendors recommended by MS

http://technet.microsoft.com/en-us/security/advisorymapp