Microsoft on Friday released a temporary fix for a Microsoft Word vulnerability that allows the Duqu worm to attack PCs. The flaw, in TrueType font parsing, could let an attacker run arbitrary code in kernel mode, installing programs; view, change or delete data; or create new accounts with full user rights, Microsoft said. The vendor stated that it’s aware of targeted attacks that try to use the vulnerability, but there hasn’t been much impact on Windows users so far. “It’s important to note that the associated risk is minimal for the public,” Microsoft’s Jerry Bryant said.
Microsoft Issues Fix to Keep Duqu at Bay
Posted by: Richard Adhikari November 7, 2011 06:00 AMMicrosoft on Friday released a temporary fix for a Microsoft Word vulnerability that allows the Duqu worm to attack PCs. The flaw, in TrueType font parsing, could let an attacker run arbitrary code in kernel mode, installing programs; view, change or delete data; or create new accounts with full user rights, Microsoft said. The vendor stated that it’s aware of targeted attacks that try to use the vulnerability, but there hasn’t been much impact on Windows users so far. “It’s important to note that the associated risk is minimal for the public,” Microsoft’s Jerry Bryant said.