Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Duqu Mitigation

Published: 2011-11-04
Last Updated: 2011-11-04 09:48:14 UTC
by Guy Bruneau (Version: 1)
9 comment(s)

There has been a lot of information published on Duqu over the past few days and it is likely exploiting a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. Until a patch as been release to fix this vulnerability, the vulnerability cannot be exploited automatically via email unless the user open an attachment sent in an email message. The Microsoft advisory is posted here. US-CERT also posted a critical alert here and Symantec a whitepaper on the subject here.



Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Keywords: Duqu Malware TrueType
9 comment(s)
Diary Archives