Microsoft unlikely to patch Duqu kernel bug next week
Expect a security advisory today on Windows zero-day, but no patch Nov. 8, says expert
Computerworld - The odds are that Microsoft won't patch the Windows kernel bug next week that the Duqu remote-access Trojan exploits to plant itself on targeted PCs, a researcher said today.
"Probably not," said Andrew Storms, director of security operations at nCircle Security, when asked what chance he gave Microsoft fixing the flaw Nov. 8, this month's regular Patch Tuesday.
"I think we'll see an advisory today or tomorrow, but patching next week would really be pushing it for Microsoft," said Storms.
He based his assumption on Microsoft's apparently reactive move to news today from Symantec, which said that additional analysis showed the Duqu malware is installed after a Windows kernel bug is exploited.
"If Microsoft had information [about the vulnerability] before this, it would have been faster either patching or with an advisory," said Storms. "They're in reaction mode now, and probably working up an advisory."
Storms took a stab at what the advisory will contain.
"They'll likely recommend filtering Word documents, and using tools to change older documents to the newer file format," said Storms.
According to Symantec, the Duqu samples it's acquired rely on a malformed Word document to launch the kernel exploit.
Duqu, which Symantec first publicized last month, was characterized by the security firm as a possible precursor to the next Stuxnet, the ultra-sophisticated worm that last year was pegged as an attack tool aimed at Iran's nuclear program.
Some analysts, however, have disagreed, and have dismissed the idea that Duqu can be reliably linked to Stuxnet.
Today, Storms said that the hackers' exploit of the Windows kernel vulnerability reinforces the latter view.
"They're using [the kernel bug] to deploy the Trojan," said Storms, pointing to Symantec's explanation and accompanying diagram of Duqu's infection process. "That tells me Duqu may not be a very sophisticated attack."
Leveraging kernel vulnerabilities -- which typically let attacks gain the rights necessary on the targeted PC to install further malware -- is "pretty common," noted Storms.
Microsoft has patched scores of kernel vulnerabilities this year, including a whopping 30 in April 2011 alone.
Today, Microsoft said it's on the case.
"Microsoft is collaborating with our partners to provide protections for a vulnerability used in targeted attempts to infect computers with the Duqu malware," said Jerry Bryant of the Microsoft Trustworthy Computing group, in an email. "We are working diligently to address this issue and will release a security update for customers through our security bulletin process."
A Microsoft spokeswoman later declined to comment on when the company would patch the kernel vulnerability.
Microsoft's next scheduled security updates will be released at approximately 1 p.m. ET, Nov. 8.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts